Do you use a password manager?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
User avatar
crinkles2
Posts: 244
Joined: Fri Nov 28, 2014 7:18 pm

Re: Do you use a password manager?

Post by crinkles2 »

Dave55 wrote: Wed Jul 20, 2022 8:24 am
AnnetteLouisan wrote: Tue Jul 19, 2022 4:16 pm I just write the passwords down. No, not on the back of my hand (that’s for phone numbers and grocery lists), I use a sheet of paper called “Passwords.” It’s old school, but it works.
Annette, may I suggest 1Password. You can read the reviews of it online. I have used to for many years once I graduated from the sheet of paper technique.

Dave
Seconded. We use it and very happy with it. Going on 10 years now.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

SnowBog wrote: Sat Aug 13, 2022 11:35 pm For LastPass, IIRC they can send a recovery email, which I think can only work on a computer that already has the master database. In other words a "local" recovery.
LastPass has some sort of recovery mechanism. I'm assuming I'll figure it out or remember if needed.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
AnEngineer
Posts: 2414
Joined: Sat Jun 27, 2020 4:05 pm

Re: Do you use a password manager?

Post by AnEngineer »

enad wrote: Sat Aug 13, 2022 10:04 pm what happens when you forget the password to the password manager?
You can reset your passwords and start over.
gavinsiu
Posts: 4536
Joined: Sun Nov 14, 2021 11:42 am

Re: Do you use a password manager?

Post by gavinsiu »

I think there are several ways to recover.
1. The account manager may offer a method of doing so. Keep in mind that if they offer such an option, you should look into how it's implemented since this mean the company has some way of accessing your vault content. Last pass seems to offer some sort of account recovery. Bitwarden pay offers an emergency access. I think the intention is if something happens to you, your designed person can access your account, but you can probably use that for recovery.

2. Store a copy of your master password in the vault. This seems like a odd thing to do, but let's say your memory fails you and you can get your master password, you may have biometric login on some of your other devices and can get into the vault and look up the master password.

3. Backup your vault. Most password manager allow you to export your vault for backup. The last time I suggested this on another forum, several people got really hostile becaues the export process may leave temp files. In my opinion, this is acceptible risk. In my opinion, the risk is that the vault may get corrupted, the vendor may suddenly go out of business without notice. You will want to double-check that you can restore. I tested the Bitwarden backup and noticed that encrypted export will fail because you can only import an encrypted export on the same account. I end up exporting it as a unencrypted JSON and then sticking it into a encrypted drive. You make the decision on what you want to do.
User avatar
Doom&Gloom
Posts: 5417
Joined: Thu May 08, 2014 3:36 pm

Re: Do you use a password manager?

Post by Doom&Gloom »

I have two master passphrases I must remember: one for a database that contains the passwords to my investment accounts, the other for a database that contains all my other passwords.

I have been typing the passphrase to my "general" database on average more than once/day for 15 years or more. Due to that and the way I created that passphrase, I consider it practically unforgettable. But if I do forget it, I am merely inconvenienced by trying to recover my passwords to various websites or establish new login credentials to them. Not that I would be likely to accomplish much at that point.

The passphrase for the database to my investment accounts is less "unforgettable" to me, it was created less than a decade ago, and I probably only type it about twice a month. I am much more likely to forget it than the other passphrase. If I forget the one to my investment accounts, it is probably best that I am unable to access those accounts.
User avatar
fetch5482
Posts: 1722
Joined: Fri Aug 15, 2014 4:55 pm

Re: Do you use a password manager?

Post by fetch5482 »

I don't take it lightly when I say this - if you are not using a password manager today, you MUST start using one ASAP.

The specifics of _which_ password manager to use is not as important as using one. Even built-in password managers in your browser will be miles better than you using the same password (or a variation of the same password) on multiple sites.

Personally I am a fan of Bitwarden and the fact that their code is open source on GitHub for experts to look at an vet. It meets my bar, but like I said, any password manager will be a significant improvement in security over not having one.
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
Peter G
Posts: 100
Joined: Sat Apr 30, 2016 8:14 pm

Re: Do you use a password manager?

Post by Peter G »

what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: Do you use a password manager?

Post by enad »

Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
It is precisely for this reason that I won't bother with a password manager, and secondly I don't trust 3rd party sites with my sensitive information either passwords, keys or financial data. Too many chances to be hacked and you may never know how many times they have been hacked. I got letters from one of the 3 big credit reporting agencies saying they were hacked and after working with the FBI they eventually sent letters out 6-12 months after the fact. For me they said they would pay for a credit monitoring service for a year and we had to get all new credit cards. All I had to do was agree not to sue them. What? Home Depot was hacked and we had to get a new credit card from a major company even though they were not supposed to store our credit card information but did anyway. Amazon AWS was most recently hacked in May 2022 (it just happens way too often). If you want to protect yourself, stay away from places that can be hacked including password managers. Just my $0.02 but if it's beyond my control, it's beyond my control and I have to trust others to do their security properly but if they get hacked, no skin loss for them, just those who entrusted them to protect their stuff. They could lose customers left and right and as many who leave will join them. People are too trusting in this information age, but if they are burned once or twice, they will re-think it.

What happens if your forget this special email address?
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
squirrel1963
Posts: 1253
Joined: Wed Jun 21, 2017 10:12 am
Location: Portland OR area

Re: Do you use a password manager?

Post by squirrel1963 »

GumSprings wrote: Sat Aug 13, 2022 11:13 am All the opinions from tech savvy people is confusing. Every time I consider using a 3rd party product such as LastPass, I come back to the same conclusion. For better or worse, I’m fully imbedded in Apple’s ecosystem so KeyChain seems to make the most since for me. My MacBook is encrypted and protected with a strong password. The finger print biometric is super convenient. My iPhone would be difficult for someone to break into. It’s not a perfect plan but it keeps things very simple. It also minimizes the number of companies that I have to worry about getting hacked.
I agree it can be confusing. It's because many of us who had direct professional exposure to cryptography and security software / products know a lot of technical details and can debate the fine points and tradeoffs, like when BH argue over bond funds vs individual bond ladders.

There is no perfection, and security is certainly not exempt from this.
All in all there are a lot of good solutions for password managers.
Professionally I used both LastPass and 1 Password and prefer them by far to offline managers like PasswordSafe, but password safe is good.
What is really important is to follow best practices always. The whole point about security is not to have the best security (which is also difficult to manage and expensive) but to have security above and beyond average users so that criminals will look somewhere else because they just don't want to spend too much time and money in hacking you.
Most hacking comes from phishing, downloading of dangerous software and several other social engineering techniques, and very rarely from flaws in well known reputable security software.

Same thing about hard tokens (eg yubikey usb/Bluetooth token) vs soft token (eg Auth app on the smartphone).
In theory hardware tokens are better, in practices they found several flaws in early versions. So again, it's all about making it difficult enough.
Personally I'm sufficiently happy with soft tokens, if I get hacked it won't be because soft token are slightly less secure than hard tokens.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
toddthebod
Posts: 5735
Joined: Wed May 18, 2022 12:42 pm

Re: Do you use a password manager?

Post by toddthebod »

Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
User avatar
squirrel1963
Posts: 1253
Joined: Wed Jun 21, 2017 10:12 am
Location: Portland OR area

Re: Do you use a password manager?

Post by squirrel1963 »

toddthebod wrote: Fri Aug 19, 2022 1:46 am
Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
Peter G
Posts: 100
Joined: Sat Apr 30, 2016 8:14 pm

Re: Do you use a password manager?

Post by Peter G »

enad wrote: Thu Aug 18, 2022 7:34 pm
Peter G wrote: Thu Aug 18, 2022 7:12 pm
You don’t tell anyone about this email address.
What happens if your forget this special email address?
In one of your better protected email accounts, eg needs a PIN to open each time, you compose an innocent looking email addressed to this unrevealed email address, and you save it as a draft. Would that work? I'm making this up as I go, clearly.
toddthebod
Posts: 5735
Joined: Wed May 18, 2022 12:42 pm

Re: Do you use a password manager?

Post by toddthebod »

squirrel1963 wrote: Fri Aug 19, 2022 2:49 am
toddthebod wrote: Fri Aug 19, 2022 1:46 am
Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
Well, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.
User avatar
fetch5482
Posts: 1722
Joined: Fri Aug 15, 2014 4:55 pm

Re: Do you use a password manager?

Post by fetch5482 »

toddthebod wrote: Fri Aug 19, 2022 8:03 am
squirrel1963 wrote: Fri Aug 19, 2022 2:49 am
toddthebod wrote: Fri Aug 19, 2022 1:46 am
Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
Well, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.
I use a sentence to remember my password. Example "Jimmy and Alice married in Hawaii in summer of 1969" = "J&AmiHiso69"

I find it's quite hard to forget it if the phrase is based on a personal incident. Say "My first speeding ticket was for driving at 80 in a 60 zone" = "Mfstwfd@80ia60z".
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: Do you use a password manager?

Post by enad »

gas_balloon wrote: Fri Aug 19, 2022 10:48 am
I use a sentence to remember my password. Example "Jimmy and Alice married in Hawaii in summer of 1969" = "J&AmiHiso69"

I find it's quite hard to forget it if the phrase is based on a personal incident. Say "My first speeding ticket was for driving at 80 in a 60 zone" = "Mfstwfd@80ia60z".
[/quote]

when it would ask me for a password I would type: mftwf80ia60 or 80ia60 or mtw480n60 etc ...
then I'd be thinking "what made me think I could remember the exact phrase in the place? Doesn't it understand 80 in a 60?

I've used jingles in the past like "ilwydfmt" care to guess that one? I can't ever get it out of my head and it's been over 25 years, but today it would look like this: 1Lwydfm| to meet the special case character
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
fetch5482
Posts: 1722
Joined: Fri Aug 15, 2014 4:55 pm

Re: Do you use a password manager?

Post by fetch5482 »

enad wrote: Fri Aug 19, 2022 11:17 am I've used jingles in the past like "ilwydfmt" care to guess that one? I can't ever get it out of my head and it's been over 25 years, but today it would look like this: 1Lwydfm| to meet the special case character
Right, whatever works for you. The point is, it's not that hard to remember one or two strong passwords. Event, jingle, song, nursery rhymes - whatever works for you to remember the password.
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
User avatar
squirrel1963
Posts: 1253
Joined: Wed Jun 21, 2017 10:12 am
Location: Portland OR area

Re: Do you use a password manager?

Post by squirrel1963 »

toddthebod wrote: Fri Aug 19, 2022 8:03 am
squirrel1963 wrote: Fri Aug 19, 2022 2:49 am
toddthebod wrote: Fri Aug 19, 2022 1:46 am
Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
Well, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.
OK, got it :-) I love XKCD btw
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
AnEngineer
Posts: 2414
Joined: Sat Jun 27, 2020 4:05 pm

Re: Do you use a password manager?

Post by AnEngineer »

toddthebod wrote: Fri Aug 19, 2022 8:03 am
squirrel1963 wrote: Fri Aug 19, 2022 2:49 am
toddthebod wrote: Fri Aug 19, 2022 1:46 am
Peter G wrote: Thu Aug 18, 2022 7:12 pm
what happens when you forget the password to the password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Why don't you just use this secret email address as your password?

petergsecretemail@gmail.com is a perfectly acceptable passphrase.
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
Well, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.
I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

AnEngineer wrote: Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
It will not be easy setting a new password if you don't know the old one. Often there are hoops you can go through, but it may involve (re)establishing your identity through other means.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
AnEngineer
Posts: 2414
Joined: Sat Jun 27, 2020 4:05 pm

Re: Do you use a password manager?

Post by AnEngineer »

bertilak wrote: Fri Aug 19, 2022 7:57 pm
AnEngineer wrote: Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
It will not be easy setting a new password if you don't know the old one. Often there are hoops you can go through, but it may involve (re)establishing your identity through other means.
Really? What kind of accounts? In my experience, it's pretty easy to reset a password. In many cases, I just get an email to compete the process. In other cases they want an account number or a SSN. Honestly, it was easier to reset than remember some less common passwords in my days before using a manager.
basskleff
Posts: 13
Joined: Wed Aug 17, 2022 4:40 pm

Re: Do you use a password manager?

Post by basskleff »

Password Safe
www.pwsafe.org

I've been using it on Windows for years.
I like that it requires a master passphrase to open the store, and even if you idle the gui store full of your sites, usernames and passwords for a little while it goes non-volatile, and you must open it with your passphrase again.

It's very UNIX-Y, open-sourcey, kind of clunky GUI, but I think it's strong. I haven't seen later versions, but what I've seen it does not lend itself to replication, duplication, backup-restore of its database through the Cloud over the internet.
If you want to update your database and sync across 2+ devices, you have to make a backup to local disk, and then you transport the backup via usb key, shared network drive on private network, ftp, sftp etc, to the target 2nd device.

One thing everybody has to be careful about is of-course your lexical, Human-readable password(s) getting pilfered, but also the cryptogram, hashed version of your passwords. Hackers are more likely to see the latter. Then they "beat" on the gibberish hash to crack the password that is likely unchanged. It takes a ton of computing resources, but some of these people have farms of machines with high-power GPU graphics cards that do the cracking.
So, it's good to have a password manager, in my opinion, that has nothng to do with moving hashes of passwords anywhere to the Cloud or across the internet. The programs are still likely strong, like the tunnel to the cloud is encrypted, and the Cloud database of hashes is itself hashed in a tough algorithm. But why take the chance. Be under physical control like DOD DISA.
User avatar
tuningfork
Posts: 885
Joined: Wed Oct 30, 2013 8:30 pm

Re: Do you use a password manager?

Post by tuningfork »

AnEngineer wrote: Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
Many people store additional information in the password manager, such as answers to security questions, 2fa backup codes, etc. Some sites may require you to know the answers to those security questions in order to reset your password. And we all know we should never answer those questions truthfully, right?
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Do you use a password manager?

Post by ThereAreNoGurus »

ThereAreNoGurus wrote: Sun Aug 28, 2022 12:31 am
techrover wrote: Sat Aug 27, 2022 11:58 pm


I use keepass. If somebody walks off with my laptop, they still won't have access to my keepass data. I store it on an encrypted flash-drive. And the password database is encrypted. If somebody obtains my flash-drive... good luck getting my passwords. One could do the same on one's own computer as well.. Simply encrypt the keepass database. There are other ways of protecting the keepass database as well, but I'll stop here.
Can you share some details on your setup for encrypting flash-drive? Especially it would be good to know how the keys are managed for KeePass and Flash-drive encryption. And if you have faced any issues?
I have used truecrypt in pass for such storage encryption, but faced couple issues and lost some data(could very well be due to some issue at my end:)). Have not setup again due to time crunch on my end, but would like to try a setup that works reliably.
I used to use Veracrypt which you can obtain here: https://www.veracrypt.fr/en/Downloads.html
I switched to Cryptomator: https://cryptomator.org/

Both products are free. Veracrypt works fine, but it's a bit slower to decrypt and I don't need all of the features it offers. I find the Cryptomator interface easier to use. (I donate a small amount of money annually to Cryptomator.)

I've had zero issues with either software... Never lost any encrypted data and have been doing it this way for several years. Of course I back-up my flash-drives.... (As an aside, I purposely have put a couple of flash drives in the washing machine and have not lost any data)

I will correct something I said on the previous post... I do not encrypt the keepass database... I encrypt a portion of the flash-drive that contains the keepass database (so of course it will be encrypted, also). And the keepass database is password protected... I only use a password... One can use other methods as well to protect it but I feel encryption is safe enough for me.

I like having all of my important data on a flash-drive. I have one on my keychain when I travel. It's convenient for me.

Using the cloud is probably easier, and I'm sure it's safe, but I'll stick with keepass.
Trade the news and you will lose.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Do you use a password manager?

Post by mptfan »

AnEngineer wrote: Fri Aug 19, 2022 8:00 pmIn my experience, it's pretty easy to reset a password. In many cases, I just get an email to compete the process. In other cases they want an account number or a SSN. Honestly, it was easier to reset than remember some less common passwords in my days before using a manager.
It depends on the account, but in some cases this is true. So many people (rightfully) spend so much time and effort to create strong random passwords and debate the various ways to save them in various forms while ignoring how easy it can be for someone to simply reset your password if they have access to your email.
TN_Boy
Posts: 4134
Joined: Sat Jan 17, 2009 11:51 am

Re: Do you use a password manager?

Post by TN_Boy »

tuningfork wrote: Fri Aug 19, 2022 9:09 pm
AnEngineer wrote: Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
Many people store additional information in the password manager, such as answers to security questions, 2fa backup codes, etc. Some sites may require you to know the answers to those security questions in order to reset your password. And we all know we should never answer those questions truthfully, right?
Absolutely, in some ways the most useful bits of information in my password manager are the security question answers (I enjoy making up interesting answers), maybe some information about the account, etc.
techrover
Posts: 196
Joined: Tue Jun 12, 2012 2:23 pm

Re: Do you use a password manager?

Post by techrover »

ThereAreNoGurus wrote: Sun Aug 28, 2022 12:55 am
ThereAreNoGurus wrote: Sun Aug 28, 2022 12:31 am
techrover wrote: Sat Aug 27, 2022 11:58 pm


I use keepass. If somebody walks off with my laptop, they still won't have access to my keepass data. I store it on an encrypted flash-drive. And the password database is encrypted. If somebody obtains my flash-drive... good luck getting my passwords. One could do the same on one's own computer as well.. Simply encrypt the keepass database. There are other ways of protecting the keepass database as well, but I'll stop here.
Can you share some details on your setup for encrypting flash-drive? Especially it would be good to know how the keys are managed for KeePass and Flash-drive encryption. And if you have faced any issues?
I have used truecrypt in pass for such storage encryption, but faced couple issues and lost some data(could very well be due to some issue at my end:)). Have not setup again due to time crunch on my end, but would like to try a setup that works reliably.
I used to use Veracrypt which you can obtain here: https://www.veracrypt.fr/en/Downloads.html
I switched to Cryptomator: https://cryptomator.org/

Both products are free. Veracrypt works fine, but it's a bit slower to decrypt and I don't need all of the features it offers. I find the Cryptomator interface easier to use. (I donate a small amount of money annually to Cryptomator.)

I've had zero issues with either software... Never lost any encrypted data and have been doing it this way for several years. Of course I back-up my flash-drives.... (As an aside, I purposely have put a couple of flash drives in the washing machine and have not lost any data)

I will correct something I said on the previous post... I do not encrypt the keepass database... I encrypt a portion of the flash-drive that contains the keepass database (so of course it will be encrypted, also). And the keepass database is password protected... I only use a password... One can use other methods as well to protect it but I feel encryption is safe enough for me.

I like having all of my important data on a flash-drive. I have one on my keychain when I travel. It's convenient for me.

Using the cloud is probably easier, and I'm sure it's safe, but I'll stick with keepass.
Thanks for sharing disk encryption tools.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Do you use a password manager?

Post by ThereAreNoGurus »

techrover wrote: Mon Aug 29, 2022 1:51 am
Thanks for sharing disk encryption tools.
You're welcome!
Trade the news and you will lose.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

This has definitely been an area I have been lagging. I have used an excel spreadsheet up to now (password protected), simple passwords that I made myself and I have saved it on Google drive. This is convenient but I realize not very secure, although the password on the spreadsheet certainly helped. I think I'm ready to use a password manager. Read through some of this thread. I have used Google's password manager to save my simple passwords and non-financial accounts. I started to play with Google's password manager using strong passwords and picked another one at random - 1password. Certainly 1password offers some extra goodies for it's $2.99/month price (for example, 1GB of storage). Purely from a security standpoint, is it really better than Google? In both cases I need to remember one master password. In both cases they are generating strong passwords and auto-filling them when needed across multiple devices. I did see on 1password that a 1Password Emergency Kit.pdf gets generated I think in case you forget your main password. Wasn't even sure where I was supposed to keep this file. I guess it offers some extra protection in that if someone stole my identity, they may be able to reset my Google main password.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Do you use a password manager?

Post by mptfan »

For those not comfortable storing their passwords in the cloud, there is always "PasswordsFast"...

https://youtu.be/VNtZcYjsPbE
User avatar
CardinalRule
Posts: 1204
Joined: Sun Jan 15, 2017 10:01 am
Location: United States

Re: Do you use a password manager?

Post by CardinalRule »

privateID wrote: Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
I'm a a big 1Password fan, and the Google ecosystem isn't that useful on our iPhones and iPads, but it seems like the fairly recent on-device encryption improvement is a good thing for the Google Password Manager.

https://support.google.com/accounts/answer/11350823

(Sorry if this has been mentioned earlier in the multi-page thread.)
Last edited by CardinalRule on Sun Sep 18, 2022 2:15 pm, edited 1 time in total.
mongstradamus
Posts: 399
Joined: Mon Nov 04, 2013 10:46 pm

Re: Do you use a password manager?

Post by mongstradamus »

I recently migrated over to a password manager with hardware hardware key , who knows if it’s over kill or not. Was using password manager with 2fa via Google authenticate before.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Do you use a password manager?

Post by anon_investor »

mptfan wrote: Sun Sep 18, 2022 10:53 am For those not comfortable storing their passwords in the cloud, there is always "PasswordsFast"...

https://youtu.be/VNtZcYjsPbE
Reminds me of those electronic dictionaries.
stefan_lec
Posts: 88
Joined: Fri Mar 08, 2019 10:43 pm

Re: Do you use a password manager?

Post by stefan_lec »

privateID wrote: Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
Does the password manager built into Chrome allow you to save additional secure notes along with the password? Being able to make up random answers to security questions and save them alongside your password improves security quite a bit.

Another thing to consider is phone apps - a standalone password manager can autofill passwords in your phone apps, which is pretty handy. The manager built into Chrome can only autofill logins on websites inside chrome.

Finally, definitely take a look at BitWarden (it's free, and very secure). 1Password works fine, but unless there's some feature you need that 1Password has but that BitWarden doesn't, it doesn't make a lot of sense to pay more for 1Password.
Portfolio: 75% VT, 25% BNDW/I-bonds/HYSA
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

stefan_lec wrote: Sun Sep 18, 2022 2:10 pm
privateID wrote: Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
Does the password manager built into Chrome allow you to save additional secure notes along with the password? Being able to make up random answers to security questions and save them alongside your password improves security quite a bit.

Another thing to consider is phone apps - a standalone password manager can autofill passwords in your phone apps, which is pretty handy. The manager built into Chrome can only autofill logins on websites inside chrome.

Finally, definitely take a look at BitWarden (it's free, and very secure). 1Password works fine, but unless there's some feature you need that 1Password has but that BitWarden doesn't, it doesn't make a lot of sense to pay more for 1Password.
Pretty sure I haven't seen any secure notes option on Google.

I use Google Chrome for everything on my computer and phone. I have a Google Pixel phone. So, I am all in on Google. On my phone, I didn't think it would autofill passwords using the password manager, but it did ask me when I opened an app if I want to use the password saved by the password manager, so there is at least some support for apps. To be honest, I don't use a ton of apps and it is easy enough to go into the password manager and copy the password if I need to.

I may want these features one day, but for now I think my only priorities are convenience of autofill in Chrome and generating a secure password. If there were other security benefits elsewhere that could sway me to something else.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: Do you use a password manager?

Post by enad »

meadowrue wrote: Tue Jul 19, 2022 2:10 pm If so, which one would you recommend? I have always used 3-4 different passwords and easily remember them (though they are not “easy” passwords per se) but I handle all the finances in our house and fear that my mental recall of passwords would leave DH in quite a bind were something to happen to me. Not to mention the hacking/security risk of using the same password for more than one site (I know, this is not smart!) How safe are password managers, and how exactly do they work? Thank you!
If any of you use Synology NAS at home, they have a password manager as well. The "cloud" in this case is at your home and you can access it on all your devices. I haven't tried it but given that it's a free package if you have the NAS it may be something to look into
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
aawc
Posts: 19
Joined: Thu Jul 30, 2015 7:01 pm

Re: Do you use a password manager?

Post by aawc »

privateID wrote: Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Both work. I use this setup.

Desktop: What you said.
Android: Settings > Passwords.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

aawc wrote: Tue Sep 20, 2022 1:13 am
privateID wrote: Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Both work. I use this setup.

Desktop: What you said.
Android: Settings > Passwords.
Thanks. I assumed so, but saw all these warnings about not able to see the passwords by going to passwords.google.com, that it made it sound like a big deal. If I can get to settings on the desktop and phone, then I'm not sure why it's such a big deal.

This whole concept of a passphrase vs a password is a bit confusing. My Google password is already a very long password comprised of multiple words. Here's what Google says about the passphrase:
When you have a sync passphrase:

You'll need your passphrase whenever you turn on sync somewhere new.
You'll need to enter your new passphrase on your devices where you have already turned on sync.
Your feed won’t show suggestions based on sites you browse in Chrome.
You can't view your saved passwords on passwords.google.com or use Smart Lock for Passwords.
All your history won't sync on all devices. Only web addresses that you type in Chrome's address bar will sync.
I don't understand why my password can't just be the same as my passphrase? Do you need to remember two things - Google password and Google passphrase? Or maybe you use a strong password generated by Google for the password and you make the Passphrase the one unique thing you remember?
mongstradamus
Posts: 399
Joined: Mon Nov 04, 2013 10:46 pm

Re: Do you use a password manager?

Post by mongstradamus »

aawc wrote: Tue Sep 20, 2022 1:13 am
privateID wrote: Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Both work. I use this setup.

Desktop: What you said.
Android: Settings > Passwords.
I have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

mongstradamus wrote: Tue Sep 20, 2022 8:07 am
aawc wrote: Tue Sep 20, 2022 1:13 am
privateID wrote: Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Both work. I use this setup.

Desktop: What you said.
Android: Settings > Passwords.
I have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?
My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
mongstradamus
Posts: 399
Joined: Mon Nov 04, 2013 10:46 pm

Re: Do you use a password manager?

Post by mongstradamus »

privateID wrote: Tue Sep 20, 2022 12:58 pm
mongstradamus wrote: Tue Sep 20, 2022 8:07 am
aawc wrote: Tue Sep 20, 2022 1:13 am
privateID wrote: Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?

I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Both work. I use this setup.

Desktop: What you said.
Android: Settings > Passwords.
I have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?
My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
Makes sense sometimes am lazy and use iCloud for passwords , was just wondering how they all compare with each other. I do use Bitwarden with hardware key/authenticator app as well. Never knew how safe they are in comparison with each other.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Do you use a password manager?

Post by mptfan »

privateID wrote: Tue Sep 20, 2022 12:58 pm My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
"Safe" is a relative word and a matter of perspective. I agree that the built in Chrome password manager is "safe" in the sense that it protects your passwords from attack from an unknown hacker, i.e. someone who does not have access to your computer or your Google account. But, I don't agree it is just as "safe" as a stand alone password manager in the sense that if someone where to gain access to your computer or your Google account, possibly somone close to you, they would then have access to all of the passwords that are conveniently available to them in Chrome, so you have a single point of failure. But if you use a stand alone password manager, then that same person would have to also access the separate password manager, and if it is configured properly, they will be unsuccesful.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

mptfan wrote: Tue Sep 20, 2022 3:30 pm
privateID wrote: Tue Sep 20, 2022 12:58 pm My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
"Safe" is a relative word and a matter of perspective. I agree that the built in Chrome password manager is "safe" in the sense that it protects your passwords from attack from an unknown hacker, i.e. someone who does not have access to your computer or your Google account. But, I don't agree it is just as "safe" as a stand alone password manager in the sense that if someone where to gain access to your computer or your Google account, possibly somone close to you, they would then have access to all of the passwords that are conveniently available to them in Chrome, so you have a single point of failure. But if you use a stand alone password manager, then that same person would have to also access the separate password manager, and if it is configured properly, they will be unsuccesful.
In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)? I'm sure there are fancier ways to do it that are more secure, but just trying to compare vanilla google password manager+google passphrase encryption to vanilla stand alone password manager.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Do you use a password manager?

Post by mptfan »

privateID wrote: Tue Sep 20, 2022 4:50 pm In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.

The same is true for a hacker who was able to hack into my Google account.
chezhead
Posts: 1
Joined: Tue Sep 20, 2022 5:55 pm

Re: Do you use a password manager?

Post by chezhead »

I am a software engineer where someone getting my password could mean accessing confidential information or costing lots of money for a business. Here's what works for me:

Bitwarden the password manager I trust with my data. I trust the team behind it and they recently got a lot of financing while still sticking to their commitments. I use their chrome extension to fill in passwords and generate passwords, and use the app on ios to fill in passwords on mobile.

My master password (which you will enter relatively frequently) is a string of five words that I randomly generated but is easy to remember (something like "gush-froggy-chrome-task-oink") so it's easy for me to type in.

The magic happens with 2FA. I bought three yubikeys and associated all three with every service I could -- bitwarden, google, AWS, facebook, paypal, among others. It's much much much more secure than getting a text message since there have been instances of phone numbers getting hijacking. I keep one key on my keychain, one in my desk at home, and the third at a trusted third party's house. Sometimes I will need to assign the third key but it's easy enough to bring my laptop over there.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Do you use a password manager?

Post by anon_investor »

mptfan wrote: Tue Sep 20, 2022 5:52 pm
privateID wrote: Tue Sep 20, 2022 4:50 pm In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.

The same is true for a hacker who was able to hack into my Google account.
This is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.
mongstradamus
Posts: 399
Joined: Mon Nov 04, 2013 10:46 pm

Re: Do you use a password manager?

Post by mongstradamus »

anon_investor wrote: Tue Sep 20, 2022 7:01 pm
mptfan wrote: Tue Sep 20, 2022 5:52 pm
privateID wrote: Tue Sep 20, 2022 4:50 pm In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.

The same is true for a hacker who was able to hack into my Google account.
This is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.
Is that chrome only feature or is that available on all browsers that have remember password function ?
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Do you use a password manager?

Post by anon_investor »

mongstradamus wrote: Tue Sep 20, 2022 7:04 pm
anon_investor wrote: Tue Sep 20, 2022 7:01 pm
mptfan wrote: Tue Sep 20, 2022 5:52 pm
privateID wrote: Tue Sep 20, 2022 4:50 pm In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.

The same is true for a hacker who was able to hack into my Google account.
This is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.
Is that chrome only feature or is that available on all browsers that have remember password function ?
Chrome has it, dunno about others.
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: Do you use a password manager?

Post by privateID »

anon_investor wrote: Tue Sep 20, 2022 7:01 pm
mptfan wrote: Tue Sep 20, 2022 5:52 pm
privateID wrote: Tue Sep 20, 2022 4:50 pm In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.

The same is true for a hacker who was able to hack into my Google account.
This is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.
Even without passphrase encryption, you would have to enter your Google password to actually see a password in the Password Manager. In other words, my browser is open, I am logged into Google and Google still does not let me see the saved passwords unless I enter the password even though I am logged in. Google is not stupid. They understand what the competition is doing and I expect them to make things as secure as their competitors.

I am not familiar with what the other browsers do, but Google is really good at syncing data among devices.
Post Reply