So the Failing New York Times is telling me I need to use a password manager. It will be fun they say.
As I understand it, this program will enter my passwords for me, it will even create good strong passwords. I suppose I will not even know my own passwords.
So what happens to me if LastPassFree or 1Password goes broke? Will the app still work?
I need reassurance.
Well, you can export your passwords. Going bankrupt doesn’t mean they close overnight.
There’s also KeePass, which I’ve never used, but makes you store the password file (e.g. on Dropbox).
Then you click the little “I forgot my password” buttons on all the websites you visit, and make new ones.
ETA: Just don’t lose your main email password. One thing not to put in LastPass…
Just hope your company’s system administrator doesn’t forget his passwords.
I’m not a big fan of password management or even clicking “remember my password”. When my father had to go into a home, we were trying to help him. “What’s your email password?” He didn’t remember because the computer remembered it for him. Same for Facebook etc.
you also better hope those password management companies have good disaster recovery options, especially if they are located near places where hurricanes or tornados hit.
I do use this and you don’t have to store your password file on Dropbox. You can keep it local to a machine, on a jump drive, or on Dropbox if you’re so inclined.
(And a big plus, IMHO, is thst, should they go away, so long as there’s a working copy of the program on my Windows, OR my Linux, OR my Android device, I still have my passwords.)
1Password keeps its vaults on your local machine. They can be synced to the cloud, but if that source was lost, you still have an up-to-date copy on your computer.
Right, but I mean it’s a file you store through whatever means, not on their servers.
You are correct. I was amplifying your point. I rather like the program.
Google seems to have figured out how to capture all my passwords, even the ones I use for sites that never come in contact a Google-owned program (Google search, Google browser, Google cloud, etc.)
I printed out a list of every password I have and keep it by my computer. This little Google feature is both convenient and scary.
I remember the days of jotting down my passwords on paper. I had so many and would eventually loose most of them. I’ve been using Lastpass for the past seven years and it’s been a lifesaver since it syncs across all devices and browsers. If they ever shut down you can just export your passwords to your desktop. Most software/storage companies warn you way ahead of time so you can save everything.
Also convenient and scary is the fact that my Brave browser also saves passwords. That being the case, why would I need a standalone password manager?
I think you are talking about saving passwords in Chrome. Be careful. If someone hacks your gmail password, they will get all of these passwords too.
1Password is moving, as so many other tools are, to a SaaS model (Software as a Service)… whereby you must pay a monthly subscription fee to continue using the tool. I was able, though some digging, to find out how to do a one-time purchase. My data is synched between my phone and laptop using Dropbox.
If I used their monthly subscription model, i’d pay more in about 15 months than it took to do the one-time purchase. AND my data would be stored on their servers.
All this means that if 1Password were to shut its doors, I think there’s a very real chance the software might quit working. I’d have to look at their web page to see what happens to your data if you quit paying the fee; if “it’s still available, you just can’t modify it or add new passwords”, then you should still be able to use your local copy of the software. Of course you couldn’t install it on a new machine, I imagine.
Very good point - and my in-laws are in much the same boat. I’ve had to help them recover email passwords a couple of times.
Actually this is an argument for having a password manager where your data is backed up elsewhere - as long as you have your master password or whatever written down somewhere. If I had my Dropbox password written down, and my 1Password master password, a family member could use that to get to everything else at need. I don’t, as it happens… but I could write them down and seal them in an envelope somewhere safe.
Oh, and of course they’d probably need access to my phone, since so very many websites will now say “never seen this computer before, enter the passcode I’m gonna text you”.
You do need to upgrade to the Premium version to have LastPass sync across all your devices, but it’s not that expensive and it’s well worth it.
How do you mean? The Vault is accessible on any device with the free version.
Just use the one in your browser. I think most (all?) the third party ones have been hacked.
Google spends more on toilet paper than the worth of most of those tiny password companies. They don’t stand a chance…
If you don’t trust Google, Mozilla offers the same thing. If either one goes out of business, just export it to another service.
If you want more protection, you can turn on a master password and/or use two-factor authentication, such as your phone or a physical USB security key.
cite?
cite?
Random ones…
Those aren’t necessarily for the latest versions, but the point still stands: it takes a huge enterprise, bug bounties, full-time security teams, etc. to actively prevent and proactively patch flaws asap. Those small companies don’t have the resources.
Alphabet has about 90k employees, using maybe on average 100 rolls of toilet paper per person per year on average, costing maybe 50 cents? That’s $4.5 million a year.
Lastpass was sold for $110mil, so I suppose that was a bit of an exaggeration 
Though of course that’s not all spent on security R&D.
Nonetheless, Google employs more than 500 security people (Google’s Security Culture - Google Workspace), among the best in the industry. They’re often the ones discovery the vulnerabilities in the other password managers to begin with (Important Security Updates for Our Users).
More seriously, it’s the cloud-synced passwords you should be worried about. The local stuff any malware can compromise, if you don’t use your own encryption password. But the cloud stuff… that’s where the enterprise-level security of Google or Mozilla or Microsoft, and maybe Apple, would hopefully be better. Especially if you turn on 2FA, or use Google’s Advanced Protection program.