I seem to constantly forget my passwords lately, and I have a zillion of them.

What's the best app out there which can work across all platforms? I know most are setup via cloud encryption and storage and I know some store directly on device like iPhone, which is good enough for me as I don't need them to prefill anything but I do want to have access to my passwords without breaking my neck to do so...

Any recommendations?

 

for iOS I use Password Keeper and also iPassword.
Password Keeper used to be free now it's $5.
iPassword is free.
Both enable you to backup and retrieve your encrypted password database to another computer (Windows, Linux, Mac,..).
Both are 4+ stars

 

^ are they secure? I can't get much info on them. AES256 encryption?

I heard of OneSafe, 1Password and such... I have a JB iPhone so that leaves me worrying as well about hosting such an app. I don't know.

 

I use KeePass http://keepass.info. Free under GPL. Uses AES and includes apps for various platforms.

 

https://agilebits.com/onepassword

 

^ thank you, I'll look it over, I know they recommend syncing via dropbox. Do you use it?

 

Just checked and I also have 1password, good app.


note of possible concern though

http://arstechnica.com/security/2013...for-end-users/

 

Did you decide on a manager? I'm really starting to crank down on my passwords and need something. But at the same time, I'm nervous about putting things out in the cloud that are protected by one master password.

 

The truth is I'm in the same boat as you - I don't trust the cloud to store my passwords. Heck, I don't trust my iPhone either. I don't even JB anymore.

I've changed my passwords to something relateable to the wherever I'm logging into. I've also started using check.me for all my bills and bank stuff. I don't know if I trust it, but it makes my life a lot easier.

PS Example to my relateable bs technique, lol.. let's say walmart password. I sometimes buy Mobil 1 Extended there... so the pass can be m0b1lext5w30for24.99 lol...

 

I started using KeePass after my EBay account was taken over almost 1.5 years ago. My biggest hangup about using a PW manager was that I never wanted to be unable to log in to a website when I needed to. But since KeePass has a mobile version that can sync with DropBox, that concern is gone. Even without that capability, I don't recall ever being inconvenienced by not knowing my true passwords on any website.

Here's my tip for your master password. Make it a full phrase, like:

"This is my awesome password."
"Why can't this be cracked easily?"
"Go ahead and make my day, punk."
"Why should I worry about it?"

Try a few phrases on https://www.grc.com/haystack.htm. My password with a "Massive array" is 45 years. Yeah, I'll be pretty dead by then.

You'll see that when an attacker has no clue how long your password is and what types of characters are in it, they just have to brute force it, and it will take an exceedingly long time to crack your password.

Security people say, "If you think no one is trying to crack your password, you're a fool," but, my response is, "if they are spending so much CPU power on me, they are the fool." A smart hacker would have some sense of ROI and would probably move on before even coming close to hacking my master password.

Final thoughts on KeePass: Use it to store answers to your security questions and make your security answers garbage or wrong information.

If you have a bunch of people who need to share passwords, you can make the KDBX file HTTP-accessible and Keepass will load a read-only version from the URL. If you have personnel changes, change the passwords in the file, and change the master PW on the shared file, then distribute the master password through a different channel to the remaining people.

You can use KeePass to store any macro-type text. You can make it auto-type a disclaimer in documents and emails.

KeePass can store documents and images attached to an entry.

KeePass has the advantage of being able to work on local application passwords and not just websites.

Yes, I really like KeePass. It was the best decision I think I've ever made on my computer.

 

Notepad

 

I personally use LastPass and yes, password managers are a total win.
It is very (satisfying? relaxing?) to know that every important site has a unique extremely complex password. If a site gets hacked and they steal passwords, then it's (almost) zero concern. That's fantastic.

The biggest annoyance is when I full reset an android device, and I have to manually type in my gmail password.

Second biggest annoyance is when I have to log into LastPass on my phone, which means I have to type in my obnoxiously long LastPass password.
My next phone will almost definitely have some sort of fingerprint sensor, so I can log in via fingerprint.



- Frank

 

How does one log into a website requiring a password not at home/on-handheld?

I.E., if you were at a friend's house on their computer, how do the password managers enable you to access your password for a site on a non-trusted computer?

 

The fingerprint piece is of interset me and given Apple is opening up that via an SDK to developers and I have a 5s, it's something I need to consider.

 

There isn't really any trusted computer concept. If you have the master password you can open the database and get the passwords. Lastpass is web based, so you can open it from anywhere and copy the password you need. KeePass can be carried on a USB Drive or the exes can be stored on Dropbox or other cloud storage.

 

OK, thanks. Downloaded 1password to try out.

 

If you are paranoid, you should always consider that the computer you are using has a keylogger installed. KeePass has a secure desktop password mode that can defeat capture of your master password, and also has a optional, very intricate mode of password entry blending keystrokes and clipboard copy/paste that makes your passwords very difficult to capture with a keylogger.

If you are uber-paranoid, you should consider the keyboard you are typing on has a hardware keylogger, in which case you should use a YubiKey to type your passphrase for you:

http://www.yubico.com/products/yubikey-hardware/yubikey

 

Lastpass also has a USB drive option, as I expect all of them do.

 

Notepad

 

Hope you don't mean the apple notepad. I looked at my mom's iPad and saw she has ALL of her passwords in the notepad app

Now, she is pretty good with technology but I nicely explained that if anyone got her iPad, they could see all her passwords, plus since they had her email on there, they could change them all. Not good...

 

I'm guilty of the above sometimes on my iPhone note's, but I put clues only, which I then have to decipher myself and eventually saying f@ck it and changing to a new password.

Lately passwords requirements are become even more difficult to deal with manually. Must use upper case, lower case, special characters and numbers.

 

Bump.

Looking into a password manager, I have been using my Quickmemo on phone but want something more secure.

 

Still using KeePass with database on DropBox. My phone and desktop both sync with Dropbox so I have all my passwords available all the time. With the increased use of two-factor authentication, I used to use Google/MS Authenticator apps, but now I have that data stored in KeePass as well, so I don't even need a second app.

 

I used 1Password and love it.

 

I developed my own method that has worked for me for years. I can write down a few characters in plain text and look at it again in the future and instantly know what the password is. Anyone else looking at the characters wouldn't have a clue what the full password is.

Because of my line of work, along with personal accounts, I couldn't even guess how many unique passwords I have to keep track of, and this method has never failed me.

 

Scottman111
1919
Join Date: Mar 2005
Age: 33

Just you wait...

 

All I have to remember is a few phrases, which I have been using for years, so likely won't be forgetting them any time soon. The parts that are actually written down are certain characters within the phrase. Kinda like this:


Actual password: Sc0ttm@nruleZ
Plain text that is written down: S0@Z


Actual password: sc0ttm*nruleZ
Plain text that is written: s0*Z


Just change symbols/caps/length/etc to keep them unique, and to satisfy complexity requirements.

 

I created a little formula that I use to mix my general password with the name of the place that the password is for.... this way every place has a unique password, and I only have to remember my single password and the formula.

 

Example please!

 

(Dick)+(Box)/Amazon=Dickinabox/Amazon
(Dick)+(Box)/Facebook=Dickinabox/Facebook
Etc....