I’ve been thinking something like that would be both handy and safer for a while. The only one I had heard of is Password Safe although maybe I was mixing it up with the generic lower case use of the word. Anyway, I downloaded it this morning before seeing this thread.
Now I’m going “WTF do I have here” and came to the board to see I what I could find. The long list suggests that I should do some research before I bother tryng to figure out “WTF I have here”.
Here’s what I’d like …
a program that is secure
that builds a database of user names and PWs as I enter them
that could serve as a portal to login pages on the websites I use all the time
I extolled the virtues of Roboform earlier in this thread. I just received a notice that my annual subscription is up for renewal, to the tune of $20 per year. I use the Pro version, and don’t remember paying an annual fee last year.
I have around 600 at last count. I work in web development, and most are work related - client sites, online tools and services, mailing lists, email accounts, client sites, code repositories, unix accounts, databases, test accounts.
My rule of thumb is, if I can remember it after not using it for a few weeks, it’s not secure. There are only about half a dozen I remember, and those are the ones I don’t store in a password manager.
Same here. I didn’t realize there were websites/services dedicated to this. I’m not really the paranoid type, but I just don’t trust giving all my passwords to a service like that. I’d rather screw up logging in two or three times.
Every manager will do 1 and 2.
KeePass does 3 sort of. You can attach a url to an entry and use keepass to get to it. But you still have to cut and paste the user name and password from keepass to the browser.
I am not sure what you mean by 4. But with keepass you can change the passwords but you will also have to change enter the new password via the web page’s change password mechanism also.
I wouldn’t feel safe having my accounts in a password manager.My 3-password scheme is:
a “simple” password, e.g., “Pa$$w0rd”, for most accounts that I don’t care are hacked into, like Netflix and Consumer Reports. I figure these are the types of accounts most hackers don’t care about.
a “secure” password, e.g., “Pa$$w0rd-Secure”, for financial accounts, emails and such. It’s a minimum of 12 characters long, which is the recommended length in some article on account security.
a “time-dependant” password, e.g., “Pa$$w0rd12q02” (for 2012, 2d quarter); or**“Pa$$w0rd12m05”** (for 2012, 5th month). If any of these accounts forces a password update I use a list and go and change all of the passwords to keep these accounts in synch.
Therefore I only have to memorize three passwords, and I use that list of time-dependent accounts to remember (if needed) which password to use.
I use this scheme at work and for personal accounts; for everything.I think this is secure (and simple) enough. If anyone finds a flaw in my approach, please point it out. Thanks!
I use PassWard. It encrypts the data base, does 1, 2, and 3 (above) (not sure what 4 means). It also will “suggest” both user names and passwords randomly, using however many characters you select (from 2 or 3 to 14 or 16, I think I recall) so you don’t have to make up “strong” or “weak” versions yourself. Or you can type in your own, historic ones you presently use or new ones you may create. It resides on your computer if you wish, but also on a thumb drive. You can carry the portable to any computer with USB and access it directly, while leaving no trace on the computer. Very useful when traveling and you need to access an account from someone else’s workstation or at the library. Or you can install it on several computers you own/control (desktop home, work, laptops) for redundancy. Plug in the thumb drive and it automatically updates both databases (computer and thumb drive).
Agreed; no system is 100% safe. Having a password manager doesn’t obviate the need for other common security protocols. But a good password manager is more secure than using the same simple password over and over, or keeping a list in a local text file with or without a file extension. I’ve known plenty of people who store theirs in “passwrds.doc” or similar. Others (me for example, for quite a few years) had a wrinkled scrap of paper secreted in that ultimately secure place, under the keyboard. PassWard gives me reasonable security through encryption, easy redundancy to prevent loss of data by hardware failure, and a wealth of convenient features. But it doesn’t slay dragons Maybe the next upgrade.
I use 1Password and I used to use PasswordSafe. I have about 50 different places that I need to remember and I don’t use the same password for more than one site.
Uh, a keylogger would only work if you actually type your passwords in, seeing as it logs what you type. Keeping something in a file would defeat a keylogger.
I guess if I had anything important enough to keep secure passwords on, I might do this, but I really don’t. For example, quite a lot of places I sign up to leave like one comment, so I don’t really care if someone hacks into my account. I use the same password on all of those. That cuts me down to maybe five or six total passwords, which isn’t too hard to remember.
One not on the list is MSecure. I don’t use it, mainly because I had already set up 1Password (on our iPod Touches), when it was made available as a freebie on Amazon’s appstore.
These days, you really need such a tool if you have any significant online presence, passwords for work, or whatever. I’ve got at least 70-80 in my vault. All with different rules. Even with a basic password pattern, there are too many variants, and some are getting stinky about even repeating things. So I might have, say,
M@maZappa
MamaZappa1
MamaZappa2
MAmazappa
mamazappa
mama zappa
etc.
I’ve heard that desktop-based tools help thwart keyloggers since, as noted, you’re not actually entering the password every time. Of course, it could get nabbed the first time you enter it.
A number of them sync via Dropbox including 1Password and I think MSecure, in addition to KeePass. Since my husband and I have a shared Dropbox account, we always have access to the family passwords.
In addition: the vaults can store things like your driver’s license number, AAA number, insurance card info… all sorts of essential info. Assuming you’ve got it protected by a good master password, it’s secure enough that I don’t worry about it.
1Password will attempt to prefill the ID and password. I’ve found this to be spotty as far as successfully entering the stuff, but the fallback is of course copy/paste.
If I ever win the lottery, I’ll have a password manager. Her name will be Sherry. She will be a redhead. A sultry redhead. She will manage passwords with a passion.
Maybe the next upgrade.