mmse wrote: ↑Tue Jul 19, 2022 5:55 pmHow did you arrive at trusting KeePassXC? My imperfect solution was to restrict its access to Internet. With Windows Firewall on Windows and with a custom Apparmor profile on Linux. This still leaves a hole around its the browser extension, which is admittedly very, very convenient. Any thoughts?
It's open source. Anyone can inspect the code to see what it does, including the plugin:
tuningfork wrote: ↑Tue Jul 19, 2022 6:00 pm
I have been using password managers for about 15 years. I currently use Bitwarden but have also used Lastpass, Keepass, and a couple of other early ones that I don't recall.
Any of the password managers people recommend here should be acceptable from a security standpoint. You should choose one based on features you need or want. Consider things like sharing passwords with family members, availability across all the devices and browsers you use, local vs cloud storage, desire for 2FA on the password manager itself, etc. Most are free, some are subscription based or require a subscription for some features.
Pretty much all of them support exporting/importing from/to a CSV file. It only takes a few minutes to move all your passwords from one password manager to another, so you can try several to see which you like best.
I've been using Bitwarden a couple of years and very happy with it. It's the only one I've ever used and I put it off for years because I was concerned about having all my passwords "out there" in one place that could be compromised.
Now I can't imagine not having it. It's so fast and easy to use, and is better than my old Word doc I kept hidden in my PC, with a long list of less-secure passwords than the auto-generated ones I now use.
My question is, do you recommend making a CVS backup file and saving it somewhere safe like in an obscure folder in my PC, or maybe better in an encrypted folder?
"We keep you alive to serve this ship. Row well...and live." Ben Hur...and The Taxman! hahaha (a George Harrison song)
tuningfork wrote: ↑Tue Jul 19, 2022 6:00 pm
I have been using password managers for about 15 years. I currently use Bitwarden but have also used Lastpass, Keepass, and a couple of other early ones that I don't recall.
Any of the password managers people recommend here should be acceptable from a security standpoint. You should choose one based on features you need or want. Consider things like sharing passwords with family members, availability across all the devices and browsers you use, local vs cloud storage, desire for 2FA on the password manager itself, etc. Most are free, some are subscription based or require a subscription for some features.
Pretty much all of them support exporting/importing from/to a CSV file. It only takes a few minutes to move all your passwords from one password manager to another, so you can try several to see which you like best.
I've been using Bitwarden a couple of years and very happy with it. It's the only one I've ever used and I put it off for years because I was concerned about having all my passwords "out there" in one place that could be compromised.
Now I can't imagine not having it. It's so fast and easy to use, and is better than my old Word doc I kept hidden in my PC, with a long list of less-secure passwords than the auto-generated ones I now use.
My question is, do you recommend making a CVS backup file and saving it somewhere safe like in an obscure folder in my PC, or maybe better in an encrypted folder?
Use Veracrypt to make an encrypted password protected file.
tuningfork wrote: ↑Tue Jul 19, 2022 6:00 pm
I have been using password managers for about 15 years. I currently use Bitwarden but have also used Lastpass, Keepass, and a couple of other early ones that I don't recall.
Any of the password managers people recommend here should be acceptable from a security standpoint. You should choose one based on features you need or want. Consider things like sharing passwords with family members, availability across all the devices and browsers you use, local vs cloud storage, desire for 2FA on the password manager itself, etc. Most are free, some are subscription based or require a subscription for some features.
Pretty much all of them support exporting/importing from/to a CSV file. It only takes a few minutes to move all your passwords from one password manager to another, so you can try several to see which you like best.
I've been using Bitwarden a couple of years and very happy with it. It's the only one I've ever used and I put it off for years because I was concerned about having all my passwords "out there" in one place that could be compromised.
Now I can't imagine not having it. It's so fast and easy to use, and is better than my old Word doc I kept hidden in my PC, with a long list of less-secure passwords than the auto-generated ones I now use.
My question is, do you recommend making a CVS backup file and saving it somewhere safe like in an obscure folder in my PC, or maybe better in an encrypted folder?
Use Veracrypt to make an encrypted password protected file.
Thanks, I've never heard of it but just looked it up.
Looks good, will use it!
"We keep you alive to serve this ship. Row well...and live." Ben Hur...and The Taxman! hahaha (a George Harrison song)
Vulcan wrote: ↑Tue Jul 19, 2022 6:23 pm
Password autofill protects you from falling victim to sophisticated phishing attacks.
And if your computer is pwned, you're SOL regardless of what password manager you use.
But if you use keepass, how what could the bad guys do without your master password?
I assume "pwned" means root access to your PC. In that case a keylogger could easily be set up to capture your master password the next time you enter it.
Vulcan wrote: ↑Tue Jul 19, 2022 6:23 pm
Password autofill protects you from falling victim to sophisticated phishing attacks.
And if your computer is pwned, you're SOL regardless of what password manager you use.
But if you use keepass, how what could the bad guys do without your master password?
I assume "pwned" means root access to your PC. In that case a keylogger could easily be set up to capture your master password the next time you enter it.
Would an onscreen keyboard like treasury direct help? I think you can have keepass use a Yubikey.
afan wrote: ↑Tue Jul 19, 2022 6:19 pm
I do not integrate my password manager with the browser. I always need to cut and paste to enter username and password. I would not want a manager that would autofill. There have been hacks of systems like that.
Password autofill protects you from falling victim to sophisticated phishing attacks.
If you are not letting your password manager fill in your credentials, you are missing out on this very important anti-phishing feature.
What if you go to vangaurd.com and copy/paste your password? Congratulations, you've been phished! A password manager would not fill in the password because it does not recognize vangaurd.com (it's misspelled).
The term "autofill" is a bit of a misnomer. I have Bitwarden configured to not *automatically* autofill my credentials. The username and password fields remain blank when I visit a site and I have to tell Bitwarden to "autofill" the credentials. It's an extra step over having the browser automatically fill them in when it sees username and password fields. Similar to copy/paste except that Bitwarden will refuse to do it if I'm on a site it doesn't know about. All the anti-phishing protection with the peace of mind that the password manager won't reveal usernames and passwords without me telling it to.
Vulcan wrote: ↑Tue Jul 19, 2022 6:23 pm
Password autofill protects you from falling victim to sophisticated phishing attacks.
And if your computer is pwned, you're SOL regardless of what password manager you use.
But if you use keepass, how what could the bad guys do without your master password?
I assume "pwned" means root access to your PC. In that case a keylogger could easily be set up to capture your master password the next time you enter it.
Would an onscreen keyboard like treasury direct help? I think you can have keepass use a Yubikey.
Onscreen keyboards are security theater. In addition to logging keystrokes, keyloggers these days can capture mouse position, mouse clicks, and sometimes screen captures. And onscreen keyboards allow for shoulder surfing. Someone standing behind you can watch over your shoulder as you mouseclick your password.
I used a password protected Excel spreadsheet on a password protected USB drive for a while. Then when traveling in the UK my backpack with my USB drive in it was stolen.
I used Lastpass for a very long time. I actually like its overall look and feel and still do. But they changed their business model to only have the free version available only on one device-type.
I switched to Bitwarden and have been using it for a little over a year. I like it OK and have it on all of our computers and phones. I wish the interface was a bit more graphical, but it does the job and it's free.
Last edited by dcabler on Tue Jul 19, 2022 7:50 pm, edited 1 time in total.
tuningfork wrote: ↑Tue Jul 19, 2022 6:00 pm
I have been using password managers for about 15 years. I currently use Bitwarden but have also used Lastpass, Keepass, and a couple of other early ones that I don't recall.
Any of the password managers people recommend here should be acceptable from a security standpoint. You should choose one based on features you need or want. Consider things like sharing passwords with family members, availability across all the devices and browsers you use, local vs cloud storage, desire for 2FA on the password manager itself, etc. Most are free, some are subscription based or require a subscription for some features.
Pretty much all of them support exporting/importing from/to a CSV file. It only takes a few minutes to move all your passwords from one password manager to another, so you can try several to see which you like best.
I've been using Bitwarden a couple of years and very happy with it. It's the only one I've ever used and I put it off for years because I was concerned about having all my passwords "out there" in one place that could be compromised.
Now I can't imagine not having it. It's so fast and easy to use, and is better than my old Word doc I kept hidden in my PC, with a long list of less-secure passwords than the auto-generated ones I now use.
My question is, do you recommend making a CVS backup file and saving it somewhere safe like in an obscure folder in my PC, or maybe better in an encrypted folder?
Paper backup in the safety deposit box and an encrypted USB drive hidden in a safe place in the house...
For me, I only trust paper for my finance passwords and store it In a folder where my family knows to look if I have an unexpected early departure.
My thinking is the chance of a bad guy breaking into my house and searching for a folder to find that specific piece of paper seems less risky than the storing my data in a location where it’s exposed to millions of hackers and professional bad actors who work continuously to exploit zero days and may get lucky with the some vulnerability with the platform I’m using to access my key store.
I do use 2FA for all the accounts and change passwords annually. No perfect solution, but defense in depth helps.
mmse wrote: ↑Tue Jul 19, 2022 5:55 pmHow did you arrive at trusting KeePassXC? My imperfect solution was to restrict its access to Internet. With Windows Firewall on Windows and with a custom Apparmor profile on Linux. This still leaves a hole around its the browser extension, which is admittedly very, very convenient. Any thoughts?
Well... Good point, but...
Did you or anyone you trust review all the code?
Do you review it again after each update?
Do you build your binaries from the code you just reviewed or you use the pre-built ones? Why do you think nothing changed in-between?
Do you think I am unreasonably paranoid?
The only sub-optimal solution I found is to trust it as little as I practically can -- never run it in privileged mode, restrict all access to Internet, restrict it accessing other/irrelevant files (Linux/apparmor only). Still looking for a better way...
Vulcan wrote: ↑Tue Jul 19, 2022 6:23 pm
Password autofill protects you from falling victim to sophisticated phishing attacks.
And if your computer is pwned, you're SOL regardless of what password manager you use.
But if you use keepass, how what could the bad guys do without your master password?
I assume "pwned" means root access to your PC. In that case a keylogger could easily be set up to capture your master password the next time you enter it.
This is correct. If a bad guy gets root/admin access to your device then it's game over. Since Keepass was the example mentioned, the developers specifically call this out on their website multiple times:
Neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment. Users still are responsible for the security of their PC. Do use anti-virus software, keep security-critical software up-to-date, use a proper firewall, only run software from trusted sources, do not open unknown e-mail attachments, etc.
For many years I wrote my passwords on index cards and kept them in a box on the shelf. For my bank account and 401k, I would not write down the last 4 digits of the password. I memorized these 4 digits. They call it "peppering" your password.
Now that I am approaching retirement, I plan on doing some travel, so I don't want to carry my index cards around with me. So I began experimenting with password managers. I started with Google Password Manager. I liked it, but I was disappointed. When you log out of your google account, your e-mail is also logged out. That's good. If someone gets access to your computer, they can't access your e-mails. But I learned that the google password manager is still active even after logging out of google. So even if you log out of google, and someone gets access to your computer, they can use google password manager to autofill your passwords. I don't understand that.
So I tried 1 Password. I am able to log out of it when I leave my computer, and I like that. But I still use my peppers on important sites.
bertilak wrote: ↑Tue Jul 19, 2022 4:38 pm
I used KeePass fora long time but heard so much about LastPass I gave it a try. Now I us it instead of KeePass. It is simply more convenient. ID/PW are memorized automatically as you use them, and they get filled in automatically the next time you go to the web page from which they were memorized. With KeePass I had to look things up then cut-n-paste. I see there is an add-on to KeePass to autofill but just looking at the directions on how to use it scared me away! Seemed very complicated.
I do not integrate my password manager with the browser. I always need to cut and paste to enter username and password. I would not want a manager that would autofill. There have been hacks of systems like that.
Actually typing in manually essentially requires using weak passwords. Mine are long random character strings with upper and lower case letter, numbers, ASCII characters. They would be painful to type in by hand. Full of errors and frustrating. Multiple failures would lock me out
To get my passwords someone would need to get their hands on my computer, enter that password, find the password manager, get through that password and then understand the cryptic entries to know what to try at which site. Sure, it could happen, but safer than having the file online or integrated with a browser.
Password autofill protects you from falling victim to sophisticated phishing attacks.
And if your computer is pwned, you're SOL regardless of what password manager you use.
Having your program recognize the site protects you, but autofilling does not.
If someone gets into your unlocked computer, they still need to crack into the password manager. Provided it does NOT automatically fill in passwords. If it just an encrypted password-protected file, the cracker still has their work cut out for them to get your passwords.
We don't know how to beat the market on a risk-adjusted basis, and we don't know anyone that does know either |
--Swedroe |
We assume that markets are efficient, that prices are right |
--Fama
Been using Sticky Password Premium for the last 3+ years along with Google Authenticator for 2FA into the app. After trying about 6 other leading password managers, this was the only one that felt very straight forward to understand and really easy to group and display accounts by. Also love the local USB backup option where if something happens to my local machine, I can run the same full app off the USB stick, which I have locked in a safe when its not being updated.
afan wrote: ↑Tue Jul 19, 2022 6:19 pm
I do not integrate my password manager with the browser. I always need to cut and paste to enter username and password. I would not want a manager that would autofill. There have been hacks of systems like that.
Password autofill protects you from falling victim to sophisticated phishing attacks.
The term "autofill" is a bit of a misnomer. I have Bitwarden configured to not *automatically* autofill my credentials. The username and password fields remain blank when I visit a site and I have to tell Bitwarden to "autofill" the credentials. It's an extra step over having the browser automatically fill them in when it sees username and password fields. Similar to copy/paste except that Bitwarden will refuse to do it if I'm on a site it doesn't know about. All the anti-phishing protection with the peace of mind that the password manager won't reveal usernames and passwords without me telling it to.
This is an interesting point. I wonder if keepass (or its derivatives) has this feature.
tuningfork wrote: ↑Tue Jul 19, 2022 6:00 pm
I have been using password managers for about 15 years. I currently use Bitwarden but have also used Lastpass, Keepass, and a couple of other early ones that I don't recall.
Any of the password managers people recommend here should be acceptable from a security standpoint. You should choose one based on features you need or want. Consider things like sharing passwords with family members, availability across all the devices and browsers you use, local vs cloud storage, desire for 2FA on the password manager itself, etc. Most are free, some are subscription based or require a subscription for some features.
Pretty much all of them support exporting/importing from/to a CSV file. It only takes a few minutes to move all your passwords from one password manager to another, so you can try several to see which you like best.
I've been using Bitwarden a couple of years and very happy with it. It's the only one I've ever used and I put it off for years because I was concerned about having all my passwords "out there" in one place that could be compromised.
Now I can't imagine not having it. It's so fast and easy to use, and is better than my old Word doc I kept hidden in my PC, with a long list of less-secure passwords than the auto-generated ones I now use.
My question is, do you recommend making a CVS backup file and saving it somewhere safe like in an obscure folder in my PC, or maybe better in an encrypted folder?
Use Veracrypt to make an encrypted password protected file.
+1
I have been using Veracrypt for a while. Before that Truecrypt, until it was abruptly shutdown. Before that E4M (anyone remember E4M )
These are remarkable opensource encryption programs. E4M truly brought encryption to the masses (E4M: Encryption for the masses).
tarheel91 wrote: ↑Tue Jul 19, 2022 3:12 pm
Trivial stuff is on lastpass. Non-trivial accounts (about 4 financial accounts) are on local keepassxc.
BolderBoy wrote: ↑Tue Jul 19, 2022 5:21 pm
KeepassXC here. I like that it doesn't need the .NET framework. Is cross platform.
Been using a password manager since 2007.
How did you arrive at trusting KeePassXC? My imperfect solution was to restrict its access to Internet. With Windows Firewall on Windows and with a custom Apparmor profile on Linux. This still leaves a hole around its the browser extension, which is admittedly very, very convenient. Any thoughts?
I started with Keepass and found KeepassXC UI slightly better. I'm not sure if KeepassXC has any blatant security flaws. Would like to know though.
I don't use its browser integration. I have official URLs as part of the entries and use that to login (atleast for financial sites).
Are there any known vulnerabilities with KeepassXC (or Keepass)?
If the credit bureaus (and others who hold our personal data) play fast and loose and most of our data is already compromised (150 million US adult records were compromised at Equifax) ... and when we have systems like ACATS transfer ... there is not much we CAN do to protect ourselves. I feel helpless. Despite following the best practices and doing my due diligence. There are systemic risks and people responsible aren't doing anything to protect (congress). At somepoint, public trust is going to breakdown. I hope they don't let it go that far.
Like someone else said, its out of our hands. There is no point worrying about it.
tarheel91 wrote: ↑Wed Jul 20, 2022 12:32 am
If the credit bureaus (and others who hold our personal data) play fast and loose and most of our data is already compromised (150 million US adult records were compromised at Equifax) ... and when we have systems like ACATS transfer ... there is not much we CAN do to protect ourselves. I feel helpless. Despite following the best practices and doing my due diligence. There are systemic risks and people responsible aren't doing anything to protect (congress). At somepoint, public trust is going to breakdown. I hope they don't let it go that far.
Like someone else said, its out of our hands. There is no point worrying about it.
20 odd years ago I worked for a company that had a contract with one of the big credit bureaus, software for their processing.
When my colleagues and I would visit their secure facility we would have to be escorted everywhere, bathroom, cafeteria etc.
At the same time they would give us boxes full of CD’s with personal data including bank account information to take back to our office.
The best part is when we told them we needed 1 of their 9 test servers in our office to do further testing they let us unbolt a giant Compaq Prolinea server out of their rack, put it on hand cart and wheel it out the front door right past security without an escort and without anyone saying a thing. The fun part is when we had the server by the sidewalk outside the facility next to lots of employees waiting for the bus I managed to hit the panic alarm button on my remote while trying to open the trunk of my car attracting even more attention.
A very secure facility indeed.
Bad spellers of the world untie |
Autocorrect is my worst enema
MikeWillRetire wrote: ↑Tue Jul 19, 2022 9:45 pm
For many years I wrote my passwords on index cards and kept them in a box on the shelf. For my bank account and 401k, I would not write down the last 4 digits of the password. I memorized these 4 digits. They call it "peppering" your password.
Now that I am approaching retirement, I plan on doing some travel, so I don't want to carry my index cards around with me. So I began experimenting with password managers. I started with Google Password Manager. I liked it, but I was disappointed. When you log out of your google account, your e-mail is also logged out. That's good. If someone gets access to your computer, they can't access your e-mails. But I learned that the google password manager is still active even after logging out of google. So even if you log out of google, and someone gets access to your computer, they can use google password manager to autofill your passwords. I don't understand that.
So I tried 1 Password. I am able to log out of it when I leave my computer, and I like that. But I still use my peppers on important sites.
This sounds like you should be using separate user accounts for your computer.
AnnetteLouisan wrote: ↑Tue Jul 19, 2022 4:16 pm
I just write the passwords down. No, not on the back of my hand (that’s for phone numbers and grocery lists), I use a sheet of paper called “Passwords.” It’s old school, but it works.
Annette, may I suggest 1Password. You can read the reviews of it online. I have used to for many years once I graduated from the sheet of paper technique.
Dave
"Reality always wins, your only job is to get in touch with it." Wilfred Bion
I guess Bruce Schneier was the first person to create a password manager. He created a password manager called Password Safe using his own "Twofish" algorithm (link: https://www.schneier.com/academic/passsafe/). I used that program for a long time. Now I use KeePass.
My iPhone, iPad, Chromebook, Fire Tablet are never used to access any sites requiring a password other than this site. So no need for a password manager for any device besides my PC.
After much encouragement DW has started using LastPass, but she has not made her passwords stronger, and she continues to use the same password on various sites. She will get hacked one day, I'm sure.
Broken Man 1999
“If I cannot drink Bourbon and smoke cigars in Heaven then I shall not go." - Mark Twain
I use 1Password. Importantly, it works for my parents. Since it is free for them, and I was familiar with it and could help them set it up and trouble-shoot, they were willing to use it. As they got older, I was worried that they would be susceptible to phishing and they certainly don't need the complicated nightmare of dealing with lost funds or identity theft. Same goes for me, of course! Paying for a password manager that actually gets used is extremely cheap insurance IMHO.
In my opinion, the main benefit of a password manager is that it allows and encourages you to use very strong and unique passwords for every important website, and it helps prevent a phishing attack. It isn't the only way to achieve these goals, of course. But many people are lazy or overestimate the quality of their secret sauce method.
If you are reusing passwords or have some rule-based scheme, even using salt you are inviting trouble. In addition to phishing, in my opinion the main risk for most folks is that a website they have an account with will be hacked on the company end. You should ask yourself if someone gets access to your login info for a few of your accounts, what have they gained in getting into your other accounts? For a lot of the schemes I hear people describe, they've learned enough to make your logins fatally weak.
Also, I always, always, always enable 2FA on any important account.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
I use 1Password. The single subscription, but I share the entire account with my wife. She is not as tech savvy as I am, and she was at the beginning reluctant to the idea, but once she became on board she thanked me for making her life easier.
I can no longer go back to recycling password. Way to hassle especially some sites require different criteria than others.
I also use it to store any kind of information that I could need in the future without having to worry about where to save it.
Worth every penny.
"One of the funny things about stock market, every time one is buying another is selling, and both think they are astute" - William Feather
David_w wrote: ↑Tue Jul 19, 2022 6:48 pm
I use an Excel file that is password protected
Me too. I have a few sensitive passwords for financial and medical accounts. Each has a unique strong password. Everything else uses one or more versions of simpler passwords because hacking them is not a problem. I let Google Chrome manage those for me.
My systems works well for me. Is it riskier than a password manager? Probably unless the password manager gets hacked. I am told password managers have great security. I am sure that is true, but many hacks of major companies come from within. Some employee sells the data to hackers who use it steal from customers of the company. IMO, it is just a question of time before this happens to password manager companies. They are very big and lucrative target.
1Password is definitely worth the subscription price. I sincerely hope that anyone using the paper and pencil method doesn't have any banking or other financial information online. There are times when the cost of a product is justifiable and using 1Password to manage not only your passwords but other information you want to remain secure is worth it.
David_w wrote: ↑Tue Jul 19, 2022 6:48 pm
I use an Excel file that is password protected
Me too. I have a few sensitive passwords for financial and medical accounts. Each has a unique strong password. Everything else uses one or more versions of simpler passwords because hacking them is not a problem. I let Google Chrome manage those for me.
My systems works well for me. Is it riskier than a password manager? Probably unless the password manager gets hacked. I am told password managers have great security. I am sure that is true, but many hacks of major companies come from within. Some employee sells the data to hackers who use it steal from customers of the company. IMO, it is just a question of time before this happens to password manager companies. They are very big and lucrative target.
That scenario is not a real worry. A reputable password manager company has no more ability to get at your passwords than anyone else. They are in an encrypted file and the company does not have the password nor any special ability to access the file.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
carolinaman wrote: ↑Wed Jul 20, 2022 10:52 amI am told password managers have great security. I am sure that is true, but many hacks of major companies come from within. Some employee sells the data to hackers who use it steal from customers of the company. IMO, it is just a question of time before this happens to password manager companies. They are very big and lucrative target.
You are comparing apples to oranges. Yes companies get hacked all the time, and sometimes employees steal data, but you can't compare reputable password managers to the Equifax's and Target's of the world because password managers build their entire business model around protecting passwords, it is their very reason to exist, so they take extraordinary measures to protect and encrypt their customer data and they employ people who work on the bleeding edge of online security and encryption. They go so far as to create a "zero knowledge" structure where none of their employees know your master password and none of the employees can access your data, even if they wanted to, because your data is encrypted and only you have the password.
I don't blame you for being skeptical about password managers, you should be, and I was too for a long time, but I have done my research and I have become educated and I have learned that using a reputable password manager and following reasonable security practices is much safer than not.
Last edited by mptfan on Wed Jul 20, 2022 6:27 pm, edited 2 times in total.
LastPass which I like even though you now have to pay for it (it was free until several years ago). The best feature is the autofill and the ease of finding passwwords if you need them.
I also use Keepass as a backup. Good freeware program.
afan wrote: ↑Tue Jul 19, 2022 9:49 pm
If someone gets into your unlocked computer,
... it's game over.
Not necessarily. The password manager has its own password. Someone who had access to the computer but not the password would still have to crack the password manager.
We don't know how to beat the market on a risk-adjusted basis, and we don't know anyone that does know either |
--Swedroe |
We assume that markets are efficient, that prices are right |
--Fama
trueson1 wrote: ↑Wed Jul 20, 2022 1:45 pm
LastPass which I like even though you now have to pay for it (it was free until several years ago). The best feature is the autofill and the ease of finding passwwords if you need them.
I also use Keepass as a backup. Good freeware program.
Same here. I switched from KeePass to LastPass but kept KeePass around just for its database of IDs, PWs. and notes I have taken. I keep the LastPass password in KeePass.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
afan wrote: ↑Tue Jul 19, 2022 9:49 pm
If someone gets into your unlocked computer,
... it's game over.
Not necessarily. The password manager has its own password. Someone who had access to the computer but not the password would still have to crack the password manager.
It's game over in a thousand different ways. Keylogger, screengrabber, you name it
If you torture the data long enough, it will confess to anything. ~Ronald Coase
afan wrote: ↑Tue Jul 19, 2022 9:49 pm
If someone gets into your unlocked computer,
... it's game over.
Not necessarily. The password manager has its own password. Someone who had access to the computer but not the password would still have to crack the password manager.
It's game over in a thousand different ways. Keylogger, screengrabber, you name it