I freely admit I’m late to the party on this. Many accounts and user names for both sensitive and trivial websites. A list of kept clues to the passwords with some duplication among the trivial ones (yes, I know - very poor) and even the strongest ones only around 10 characters long.
No requirement to share anything with other users (e.g. family emails, etc).
My criteria in order would be:
Price - I currently pay $5pm for iCloud storage, so something similar would be reasonable. I’m thinking you get what you pay for here, like anything else.
Reputation - I imagine such tools would be a major prize for hackers, so those recommended by security experts preferred.
Simplicity - ‘set and forget’, ideally.
4+) Other features I may not have considered. For example, do they offer ‘time locks’ where you can say (for example), you won’t need to access your retirement savings tracker between 11pm and 6am.
I haven’t got round to a VPN either - if that’s something that can be bundled with a password manager, that sounds like a good plan. Same criteria, really.
Also use LastPass. Free for one device, but if you also want to use it on another device using the same account, like the browser on your computer, it’ll cost you $3/month (billed annually, so $36 total for the year).
1Password.
The trick is to learn to put all your key stuff there. Bank account info, your wife’s birthday, car license number, VIN number, etc.
The reason is you want your password manager to by your go to source of all sorts of information so that you use it all the time. That way, you will get in the habit of quickly entering all your passwords in the manager and not have the one password you really need right now still on a piece of paper in your desk back home. At least that works for me.
Do they both work in a similar way? I’m fully ignorant of how this all works, so a really basic primer would probably clear the fog of cluelessness for me!
I don’t have any experience with LastPass, but I would think that it works in a similar fashion to 1Password.
You create an encrypted database in which to store your passwords and other secure information. A single password unlocks it. This password should be long, and not used anywhere else. The database is shared to multiple devices though the “cloud,” and is synced every time a change is made. Passwords can be copied out of the unlocked database and pasted into fields on web pages, or there are plug-ins that allow the password vault app to auto-fill when it is unlocked.
With 1Password, there are a number of pre-defined data types, that have the most useful fields already defined (for example, credit cards will have the card number, CVS, expiry date, contact phone number, etc.). There are always free-form types that allow the storage of any data you might want. One limitation in 1Password (at least, the version I have) is that it doesn’t support storage of images. That would be handy.
Your data is encrypted locally on your device using your email and master password as the key. The encrypted information is sent to Lastpass and that is what is stored on their server. When you “unlock” your account, your encrypted data is downloaded to your device and then decrypted locally. Lastpass never actually “has” your passwords, they only have your encrypted data for which only you have the key.
How? Keychain has all my passwords (that I tell it to store) and is already on my devices. It autofills with prompts. I can look up my passwords with it. It is a password manager.
It’s like using Excel to write a document.
Keychain is fine for many password management functions, but it stinks at storing free-form data.
I’m a big advocate of iCloud keychain for managing non-critical passwords, but I won’t use it to store my financial passwords - too easily unlocked.
Unless you have my password and my face, you’re not gonna get to see my credit union account via my CU app. How would a 3rd-party password manager differ?
Well, I was thinking about it on the Mac end.
And, I’m sure it’s better these days, but generally, on OS X (Mavericks), Keychain will auto-fill passwords if the machine is unlocked, without requesting a password. That’s a security risk for me, since I don’t set my machines to sleep.
But, as I mentioned, I use Keychain, just not for my high-security passwords. And, as I mentioned, it’s not very good as storing arbitrary data (like, software licenses).