[Closed] Password Manager

I pay about £8 a year for LastPass. It's really good and you can use it on your mobile. There's also a chrome extension that can fill in your log in details when you go to a website you've saved a p/w for.

How is Lastpass any more secure than any other website?

I'n got my bwain.

1Password used here, nice little extension for the browser, an iThing app and a desktop app. The vault lives in the cloud all salted and hashed to buggery (or whatever they use for encryption on it) to protect the passwords to kittypic.com and other stuff. The random password generator is a helpful thing, though it irks my colleagues when I set 15 character ones on nonessential stuff.

RoboForm on a usb stick. I dont quite trust online but I might he wrong

I use Keepass (KeepassX) which has clients for most platforms.

I use a system which allows me to keep track of them, but is pretty meaningless to others...A password if you will...

1Password - plugs into all my browsers, phones, tablets etc. It encrypts all data to a vault that can be stored in Dropbox, and even accessed through a browser. Great software.

@Pieface - it's got two stage authentification, so any new log in would have to be verified through my mobile. It's also security focused so they obviously invest a lot more resources in keeping it secure. It also means you only need one password so you can make it a lot more complex than an ordinary password. It then allows you to have random passwords for every website which could never be guessed.

I keep a list in Wunderlist. The app is not especially secure, but the storing method is much better.

I read an article once that passwords are hacked using one of two methods - either forcing different random combinations at a website using an algorithm or something, or guessing the password using personal knowledge of the owner.

The former can be frustrated by using a very long password - each additional character will increase the difficulty of a forced hack exponentially. My main password is 23 characters long, which I can type out in a couple of seconds after some practise (it is a common myth that the addition of numbers of punctuation marks complicates a password - then only complication is password length). The latter is combatted by finding random words - I pressed the 'random article' button in Wikipedia a few times until I had four suitable words, which I then strung together to form my password. This stops someone you know guessing that your password is MyDogsName1 or something.

To store them, I have a list with the first and last two letters of the password next to the website or app. This allows me to remember whether there is a capital letter or a number at the beginning or end, as some websites demand. The full password isn't written down anywhere, so in theory it's very secure.

So your password is a collection of proper words? Dictionary attack?

I read an article once that passwords are hacked using one of two methods

That's a [b]massive [/b]oversimplification.

So your password is a collection of proper words? Dictionary attack?

Moreover,

Unless I'm misunderstanding you have one password, so all I need to do is hack a website with poor security which stores passwords in plaintext and I've got your password for almost everything.

1Password used here, nice little extension for the browser, an iThing app and a desktop app. The vault lives in the cloud all salted and hashed to buggery (or whatever they use for encryption on it) to protect the passwords to kittypic.com and other stuff. The random password generator is a helpful thing, though it irks my colleagues when I set 15 character ones on nonessential stuff.

^^

So your password is a collection of proper words? Dictionary attack?

Seen that ^^ picture before and tried to make a conscious effort to change my passwords to be more like the second but the problem is most of the time the security system tells me I need to make them more like the former to pass some imposed rules.

I don't use real words whch isn't difficult as my spelling is terrible anyway

iCloud Keychain for me but that's a bit different than a password keeper

Another with Keepass here, database is stored on an online file storage site then use a long password to open it along with a keyfile that has to be manually installed on any device I want to use it on. My PC client for Keepass will do a daily backup of the database to disc so even if the online site disappears I still have my passwords.

Complex passwords and bits of paper. Safer than a password manager that's like putting all your eggs in one basket. That gets hacked, they've got everything. Chances of house break in is much smaller. Chances of thief being remotely computer literate enough to understand scraps of paper are passwords and has the time to gather it all up, and work out what the emails are they are associated with, is incredibly small.

Chances of a fire?

I use lastpass, it works well. I do kind of agree that it's a bit all your eggs in one basket but I don't put banking, email or paypal passwords into mine, I just remember those as there aren't many. Pretty much anything else I have isn't that critical.