Authenticator apps don’t require an internet connection.
I use that for sites that require it, but the site has to be set up to work with the authenticator, so it didn’t seem to speak to what the OP was asking. It’s not a replacement for general passwords.
I use eWallet, which seems to be a pretty minor player in the market these days. I’ve been using it for a very long time (at least 15 years), since back when I used a Palm PDA.
I’ve got literally hundreds of passwords stored in there, created using its random generator - I know only one or two of them from memory. I’m happy with its availability on both my Android phone and my PC (synching between them via Dropbox - their setup, not some hack I created).
I’m not in a position to meaningfully test the security, so I’m hopeful it’s adequate.
I’ve considered looking into other options, but fear that I’m subject to some flavor of vendor lock-in. There’s no way I’m retyping all of the info I have saved in there, so without a conversion utility it’s not happening - and eWallet’s relative obscurity may be working against me.
The ones I love are the recovery security questions: “When we asked you ten years ago, who did you say was your favorite singer?”
Why are you picking questions you know you aren’t going to remember the answer to?
Security keys are different from password managers. Every site that I’ve tried still requires a password for initial setup, and passwords are not stored on the keys. There is a method to sign in with only the key, but see below.
Also, sites implement keys in different ways:
Google: The key is only a second factor. I log in with my user name and password, then touch the physical key. Twitter works the same.
Microsoft: I can log in with my password plus security key OR just use the security key plus the security key pin.
For all of the accounts for which I’ve configure my key, I still have to have a password to set it up in the first place. In the case of Microsoft, I also had to set up another form of authentication (app or SMS) first.
Just to add a little to this…
Apps that allow push notifications require an internet connection, but will usually also have a method that works offline.
Another LastPass user here, I have been using the paid version for a number of years now. I like it, but it was even better on mobile before Android locked down the Accessibility features against apps like LastPass.
Please don’t thread shit.
I think password managers are wonderful. I cannot think of any reason not to use them.
Moderator Warning
Acting like a sarcastic jerk is not the recommended response to a mod note. As our registration agreement says, “We have one guiding principle: Don’t be a jerk.”
This is an official warning for being a jerk.
I have used RoboForm for eons. A couple of years ago, I took advantage of one of their Cyber Monday deals for 5 years along with an upgrade to RoboForm Everywhere, which gives me 5 licenses to use between my computer, tablets and cell phones. Changes synchronize to the new devices. Totally worth the $ I spent.
Yeah I’ve come to the conclusion that these can’t be reliably recalled, and I just pick oddball answers and write them down. Favorite teacher? Grunt. Favorite food? Basketball.
In effect they are really like backup passwords so I treat them that way.
I use a command line random password generator and just paste in random text for each answer. Then I add them to the notes field on my password manager.
Recently I was asked one of the questions to verify me to my bank, and I answered, “let me spell my first pet’s name ‘papa uniform eight…’” The person on the other end of the phone was not upset one bit. Either I got it right so she didn’t care, or she’s encounters enough nonsense answers, that as long as it’s right, it doesn’t matter. No, “you really grew up on a street named ‘Quuic3ri’?” type comment.
This is the correct way to respond to those questions and they are easier to remember when one has a manager to store them.
Yes, I forgot to mention it could definitely be a bad idea for companies to know the real answers to your security questions, especially with all the data breaches that have happened.
I especially like it when a site lets you create your security question. When I can do that, I get straight to the point - my security question is : What is the security answer?
Well? What is it?
Forty Two
Damn it!