Password Managers: Do You Use One?

Based on this thread: Qwertycard password assistance cards - how good/bad an idea is this?

Does anyone here use a Password Manager? If so, what type? How do you use it? How easy is it to use?

Sorry - all of the older threads on this subject are really old.

I use Keepass. It’s really simple to use and install. You only need to memorize one password, and you’ll be using it every time you start up Keepass, so you won’t forget it.

The biggest problem was going over 200 or so accounts and changing all of the passwords. It’s easy but time-consuming. Once that was done I was relieved. Any time I set up a new account now, I create a password in Keepass for it. It takes seconds. It even stores the URL, so when I want to do online banking (as an example), I find that in Keepass, tell it to open the URL and it does so, then I can insert the user name and the 16-20 character long random password that I never actually see (unless I want to). Effectively it saves me from having to create bookmarks for all of those websites. I can even use it for passwords for stuff on my own computer rather than online.

Keepass is slightly a PitA to update since you have to reinstall it. You do not actually need to update it though. Reinstalling it does not erase the “key file” so you don’t need to worry about screwing it up.

You do not have to store Keepass and the “key file” in the same place. You can if you want to, though. I make sure to backup the “key file” on a USB key.

I don’t have it on my phone, and refuse to put any financial info on my phone. There are some password managers that will work on Windows and on a smartphone too. I don’t know if Keepass works on a smartphone or not.

I use Keeper. It does all the things listed above by @Kimera757, too. I like it. I don’t use the autofill function because I’m the kind of lazy person who creates more work for himself. I really should learn how to use it.

Keeper will work on smartphones and Windows.

I use LastPass and it’s available both as a Chrome add-in and a smartphone app. You can of course also just visit the website to look up passwords. Once I started to use it, I realized just how many passwords I have. For example, I decide to buy new shoes from Nordstrom online, so I have to create an account there. And another when I buy something else from Macy’s. And so on. Now, a lot of sites let you use your Google account to login to the site, so that’s simplified things a bit, but still I have over a hundred stored passwords.

This won’t affect most people but I wouldn’t want to store those passwords on a website. My passwords are stored just in the key file, with most not being backed up in my browser.

Well, I access LastPass at home, at work, and when traveling (although not now of course). So having it at the website means the information is always available. Of course there is the nightmare scenario of someone hacking into their servers and gaining access to all of my accounts.

Keepass should fill those in for you if you go to the URL, you shouldn’t need to insert them yourself.

I use Keepass as well. The key file is also backed up on the company OneDrive.

Password manager keyfiles are very well encrypted. Someone hacking the server won’t be able to open them easily.

Wrote my own in FileMaker, for the zillions of passwords that go to things that aren’t horribly important to me that my access be oh so extremely protected. I should perhaps invest a bit of effort into encoding the stored info in such a way that if someone steals my laptop the info will still be protected, I guess.

I go to the URL, then I can press auto fill, through I usually just copy and paste from the program. (I can reprogram the auto fill so it doesn’t accidentally click on “I forgot my password” but generally I just don’t bother to do that.)

Are you suggesting I can skip pressing auto fill?

I do not use a password manager. I can easily understand how they make life easier. But I can’t understand how they make my info safer. If I use a password manager, and someone breaks into it, then they have access to all my stuff, not just a couple of accounts, right?

They need to know the main password, which you wouldn’t store anywhere. In theory they could break into it, but unless they work for the FBI or NSA I doubt that’s a real concern.

I get around this by only storing part of the password, along with a key that identifies the missing value (such as the ZIP code of somewhere I lived 50 years ago). Means I can’t use autofill, but I’ll survive.

So what do I do if I forget the main password, or if I get a new PC? If I have to write it down somewhere, then it’s no different than what I’m doing now.

I use LastPAss, but am planning to move to BitWarden soon.

I’d greatly prefer a world in which I could abandon these add-ins and rely upon the built-in browser’s password manager (or the OSes), however largely due to Apple’s intransigence this isn’t viable when working in both mobile and PC landscapes.

So why are you switching from LastPass to BitWarden? Just curious, as I use LastPass myself, but there are several similar programs.

I meant you can auto-type (or Ctrl+V) from Keepass, usually. You go into Keepass, say “Open URL”, and go back to Keepass and say “Auto-Type”. Or yes, if you’re on the page, Ctrl+Alt+A should do the same thing.

The nice thing , IMO, is that you can set up Auto-Type to do other actions besides the default “username->tab->password”

Well, the alternative is what? Memorize them all? Like I said, password managers are encrypted, breaking into them is not trivial. If it’s gotten to that, your stuff is likely all compromised already, anyway.

Make the main password something you won’t forget. If even the CorrectHorseBatteryStaple method doesn’t work for you, try something like the first verse of your favourite song.

Yes, I said verse.

As for switching PCs, no, you keep the same keyfile, that’s what the master password unlocks.

I use LastPass. Key benefits being that it syncs across multiple platforms where I use it, and it easily generates really strong unique passwords for you to use.

I am concerned at the potential small risk of their servers getting compromised, but the data stored there is all encrypted using the user’s master password as (presumably part of) the key; decryption happens locally on the device. I guess there’s also a risk that some bad plugin or local malware could snag the passwords after they’ve been locally decrypted, but that could also happen if you’re typing them in from memory.

In theory, you could write the password on a piece of paper and store it in a locked box with your passport and other ID you don’t need to carry all the time. Obviously not completely risk free, but if someone broke into your place and stole that ID you would have many other problems as well.

Time to Bail on LastPass? Free Version of Password Manager Gets a Serious Restriction | PCMag

Also, due to some security issues they’ve had my company has started blocking LastPass entirely from their network.

Well, I already pay for LastPass so the issue described in that article doesn’t affect me. And for now at least, I can still access it on my company computer. That is useful as I also have business-only accounts stored there as well.