Nm
What are your latest recommendations for a password manager?
All the ones listed here are still very viable. My suggestion is this:
Power users or users with one PC/device: use KeePass. KeePass lets you keep your passwords on your own PC and nobody has access to the data except you. Setting it up to share across PCs/devices is a bit more involved because you have to store it on the cloud via DropBox, etc. Storing your passwords on DropBox with KeePass is still more secure than other solutions (assuming you use a strong password). Note that it’s more difficult to install on OS/X.
Other uses: use 1Password or LastPass. They make it easier to share PWs across PCs/devices but you have to trust them to store your passwords securely. This is a pretty safe bet but a slight step down from KeyPass.
OK, I had to revisit this thread, and echo may last snarky comment - this system sucks!
I’m trying to manage my Dad’s finances while he is in the hospital, and I’ve already been locked out of two accounts because I can’t figure out his crossed-out and chicken-scratched notes “updating” his password crib sheet.
Use a damn computer - that’s what they are good for!
Sounds to me like your Dad’s password management system is actually working well.
My passwords are both memorable and unique for each site. I store them in Dashlane password manager. I find it easy to use, and I presume it is as secure as the others. Probably the most secure way is to use an encryption program like Truecrypt’s successors Veracrypt or Ciphershed
When my dad died, I had the similarly-unenviable task of going through all of his computer records. I knew that he used his wedding anniversary for all of his passwords, but I didn’t remember how he’d formatted it, so I made a list of every possible format. The last one on the list was the form that would make the least-secure password (IIRC, just a four-digit number), because I didn’t think he’d honestly be that stupid. He was, and with some fairly important accounts.
EDIT:
NineToTheSky, you’re working at cross purposes to yourself, there. If your passwords are genuinely memorable, then you don’t need a password manager. The point of a password manager is that you don’t need to make them memorable (and hence probably insecure), and can instead use truly random, truly secure passwords.
Unless I am somewhat mistaken (I haven’t upgraded to version 5), 1Password does the same thing as KeyPass. It stores locally with the option to sync to DropBox.
That is correct.
I use KeePass, using Dropbox to sync the password database between computer and phone (using Keepass2Android).
One method to enhance security is to use a keyfile in addition to a password (a form of two-factor authentication), and to directly (i.e. not via the cloud) store the keyfile on each device where you’ll use KeePass. That way, the effective strength of your password is greatly augmented (I use a 256-bit SHA hash of a text a few dozen words long that I can reproduce perfectly from memory if necessary – much too long for a routine password, but good for this purpose) against anyone without access to the keyfile. Of course, you should still pick a strong password (I recommend using the first letters of a memorizable phrase at least a dozen words long) so that you’re still protected if somebody does find the keyfile.