So think I need to get some sort of password manager. I know very little about how they do or don’t work. I’ve been very reluctant to put this type of info into a computer (and no – I don’t write them down either). My general policy to date has been to have unique passwords for websites I really, really need to keep secure and then a “who cares” password for others but even the unique ones are starting to become tricky. Yes I have a system and no it’s not 1234 etc but even so.

It strikes me as being the sort of area primed for opportunistic bloatware etc so any recommendations appreciated.
Is it doing the login for you?
Is it possible to have one on a I-pad that will display them for login on a pc? (or is that a very bad idea)

Yes. But the problem is that if you share your iPad with someone then they will have access to your passwords

And

LastPass

I let chrome deal with mine.

In the new iOS you can even use it for app passwords which is handy/ .

Is it possible to have one on a I-pad that will display them for login on a pc?

It is, but, it’d be massively annoying to type in long strings of random characters every time.

Chrome will sync passwords across devices if you’re logged in to a google account. However, I prefer LastPass – 2 pcs, one iPad and one android phone all working from the same account. And it’s free

PasswordSafe, originally written by Bruce Schneier and Counterpane Labs now open source. Pick a long pass phrase to secure the safe.

Before letting your browser take care of your passwords check what you could do if your laptop got stolen – I used to use Firefox but when my laptop was stolen I couldn’t find a way to disable the sync to that device, so theoretically all those passwords were compromised.

LastPass for me. Turned off all the password saving in all the browsers, and just let LastPass generate stupidly long complex passwords. There’s an app for iPhone, iPad, Android, extensions for all browsers.

Before letting your browser take care of your passwords check what you could do if your laptop got stolen – I used to use Firefox but when my laptop was stolen I couldn’t find a way to disable the sync to that device, so theoretically all those passwords were compromised.

I think if you go to accounts.firefox.com, you can disconnect any device that you have connected and is syncing.

Keepass is what I use.

Tip for a long master password is a line of your favourite song. Length is important and you can always remember it.

Last Pass here too.

Plus the xkcd formula

Another keepass user here. Not into giving my passwords to store on someone else’s server, and paying them to do so.

I use 1Password. Small annual fee, been very happy with it so far.

Easy to create logins on the fly and generate password to suit whatever the site criteria.

My face is my password.

My face is my password.

It’ll be interesting if you ever have to change it.

Keepass 2 here. Have it on 3 pcs and my phone with the dB synced via Google drive.

More seriously:

Biometrics are convenient, but really they should be analogous with usernames rather than passwords. You can only change your fingerprint ID ten times at best before you’re taking your shoe off or risking arrest.

There are many password managers out there, I use LastPass simply because at the time of signing up they’d had the fewest security wibbles out of all of them.

Anything you care about should have 2FA / MFA. A loss of a device should not be an issue as the device itself is secured, right?

My face is my password.

what happens if you grow/shave a beard? Or develop a huge boil?

Most security professionals recommend you use a password manager, and practically any of them are better than not using one. They all do pretty much the same thing. Generate and store logins and other details and then autofill login, registration and other forms. Once you get over <span style=”font-size: 0.8rem;”>Storing you and your families NI, passport, drivers licence, bank cards, insurance details and everything else that you tend to have to dig around in a drawer for makes paying for stuff and filling in forms so much easier.</span>

Keepass is free and open source which is important for some people, but it has a learning curve. Personally I  would rather pay a company who’s sole purpose for existing is to keep passwords secret.

<span style=”font-size: 0.8rem;”>I have to use Lastpass </span>and<span style=”font-size: 0.8rem;”> 1Password at the moment, due to work. 1Password is one of my favourite pieces of software, ever, and I have come to hate using Lastpass</span><span style=”font-size: 0.8rem;”>. 1Password does costs more, but it is much easier to use, and from what I have read is generally determined to well written from a security POV, where as Lastpass is clunky and baffling, and every so often a security researcher finds something dubious that needs fixing. Am sure someone else will come along with the opposite opinion though!</span>

I have come to hate using Lastpass

How come?

Thanks all. Some good info in here.

My face is my password.

It works on my iPad.

How come?

It’s just really awkward and clunky. Takes so much longer to do everything compared to 1Password.

It works on my iPad.

No, my thumb does.

It’ll be interesting if you ever have to change it.

Like Face Off?

what happens if you grow/shave a beard? Or develop a huge boil?

I’m not allowed a beard. A boil may help my looks.

Anyway I think my obscure reference was missed. I’ll go and put my American trainers on now.

Daft lad question, what’s to stop someone hacking the password manager? At which point they presumably have access to absolutely everything. Surely for a hacker that’s the gold mine to aim for?

Not used a manager and not looked into so general ignorance here. Naively perhaps assuming that safer is when I’m not beholden to an other.

In the new iOS you can even use it for app passwords which is handy/ .

Can you? I need to work this out so I can use it. I currently use a selection of about 3 passwords for everything 😳

Anyway I think my obscure reference was missed.

I got it. The scene where Liz is trying to get the guy to say ‘Passport’ is so great.

Daft lad question, what’s to stop someone hacking the password manager? At which point they presumably have access to absolutely everything. Surely for a hacker that’s the gold mine to aim for?

Nothing, they have been hacked in the past. Vulnerabilities get found, exploited and then filled.

Best thing to do is if you are using a password manager, create a double blind password. Use the password manager to generate your 12 digit password which is filled in on the site you are using, then add your own 4 characters/digits onto the end. This way, even if the password manager is hacked and your password stolen, they only know the first 12 digits and not the full 16. Also important to note is use 2 Factor Authentication where ever you can.

Daft lad question, what’s to stop someone hacking the password manager? At which point they presumably have access to absolutely everything. Surely for a hacker that’s the gold mine to aim for?

Nothing, they have been hacked in the past. Vulnerabilities get found, exploited and then filled.

Best thing to do is if you are using a password manager, create a double blind password. Use the password manager to generate your 12 digit password which is filled in on the site you are using, then add your own 4 characters/digits onto the end. This way, even if the password manager is hacked and your password stolen, they only know the first 12 digits and not the full 16. Also important to note is use 2 Factor Authentication where ever you can.

Having second-factor authentication enabled is your main barrier to somebody getting into your password vault IMO. So it’s important you put some thought into your master password and then enable 2FA.

More info…
https://www.lastpass.com/security/what-if-lastpass-gets-hacked

I’m just trying out Bitwarden after getting tired of Lastpass poor performance on my Android phones. Been on Lastpass for a few years now but prices have gone up and performance has dropped significantly.

Bitwarden seems to work exactly as expected so far. 1Password will be next if Bitwarden doesn’t work out.

what happens if you grow/shave a beard?

I haven’t had a shave since I came back from holiday – 3rd October, so I am quite beardy ATM.

My Pixel 4’s face recognition still lets me in without hesitation, and was set up when I was less hirsute.

We use Lastpass, I don’t know why that particular one, but my Boss chose it.

I also use the built in one on my iPhone, Lastpass does work quite well with it. I like to use both because should I ever leave my job I’d like to avoid losing all my passwords at the same time.

We’ve been warned away from letting browsers record them, it’s too easy to get into PCs / Laptops and once you’re in you can access passwords from a browser with ease. That said, I always set lastpass to remember my master password because it’s a ballache otherwise. Naughty me, all my devices are encrypted though.

One lesson I’ve had since using Lastpass is just how many accounts I have, before using it I’d guess maybe a dozen?? I’ve got over 150 records in my lastpass vault! That’s a mix of personal and private.

I use Keeper. Why? Because it was the first one I found and it suits my purpose. I did a bit of a study a couple of years ago and found that they are all very similar. So have upgraded to a family affair to get my wife and two son’s to think about password security.

Idiot question incoming.

I’ve got an Android phone and a Windows laptop, what will my experience be when I crank (say) lastpass into action?

Essentially, can it go through my passwords for me or is it a one by one process? If the latter, is there a way to streamline that process? I know what I’m like, I’ll be enthusiastic to begin with, but if I haven’t set them all up before the honeymoon is over I’ll probably find something else to do instead…

Just been thinking about this recently as a forum I was a member of had their email and password hacked. I’ve changed as many as I could. So, say I have usernames and passwords on half a dozen forums, and then more passwords for things like PayPal etc, how do I go about changing them using a password manager? Is it an automatic thing every time I visit one of those websites?

Same/similar question to old nick, how do you migrate from say Chrome storing all the goodies to say LastPass?

Using a combination of Chrome built-in password manager and the iOS keychain here. Works well and lets me have stupidly long complicated passwords for stuff.

When I create a new account I’m in the habit of then opening the same site on my phone just so I can get the password stored on iOS as well as Chrome. Slightly more risk having it stored in two places, but also redundancy if I lose access to one for some reason.

And yes, turn on 2FA wherever possible. I use Google Authenticator for most 2FA and Microsoft Authenticator for a few MS logins/accounts etc.

I’ve been using Keepass for a number of years now. I’m not sure if it’s the best, but it works for me, and as someone has said, the important thing is you use one at all.

One of the most important things for me was to have it available whenever I need it. At the time I started using it, that meant cross-platform support. I think I had a Mac at the time, and used Windows at work. Now my home PC is Linux-based, still Windows at work (I use Keepass portable).

I don’t think I even had a smartphone when I started using it, but now I have the app, which can use fingerprint recognition, so I use that most often. The database is sync’d between all my devices via Dropbox, so it’s always up to date.

So same question as oldnick. I have lots of logins already. Presumably those will all be changed to something that’s “more secure” using LastPass (or equivalent). i.e it’s not just storing my previously used passwords but generating something more random? So I have to do it one-by-one? And I presumably have to have the app installed on phone, tablet, pc?

Lastpass extension on Chrome both at home and at work plus the app on my phone.

Open a website on your computer, if you don’t have anything stored then when you log in, lastpass will ask of you want it saved, if you do have something stored it’ll offer to fill it in for you. Super simple.

If you want it to create a super secure password then that’s an equally easy but separate process.

The people with lots of questions seem to be over thinking this.

And as above, after about 2 years of using it, I’m very surprised at the c200 logins I have.