Are these apps legit? Safe? If they are “free,” what do they get from their users?
I use, and only have experience with one free one. They make money by trying to sell you a version with more bells and whistles that I don’t need.
I keep it on my phone.
I think they are pretty safe, but it also depends on the user. The main password needs to be very strong.
And, in my case, I don’t make any clear reference to what the user/pass is for. It only makes sense to me. For instance, my credit card authentication information is simply listed under the entry ‘H’. And there is no description what this really goes to. No website, nothing. But it makes sense to me. I know what ‘H’ goes to.
So if I loose my phone, and my main password is broken, no one will know what ‘H’ is for.
They’re handy for when there’s no room at the password inn.
This is no protection. If an organized attacker gets your information, they’re going to try every password for everything, including all of the major banks and credit card companies.
Thank you for that!
Cute. 
Haute cuisine?
Sure, but if some random shulb gets it, it helps. Just another level of protection IMHO.
I use one. It’s on my phone, my iPad, and my iMac. I’ve got about 150 passwords in it.
I paid for it. I barely use any free apps, and the ones I do use are from companies whose services the app helps you access. The idea of fighting against a 99 cent purchase and knowing I got something they hope to extract further reward from just generally bothers me.
Mine is too complicated. It allows multiple wallets, and within each wallet multiple cards of multiple types. I set it up to have one wallet with only “Notes” type cards. They might have 100 different card types to choose from but so many situations require features none of the cards put together.
The devices it sits on are all password protected.
The idea that I would memorize all these complicated, nonsensical, changing passwords without recording them anywhere is hopeless. For example I have situations where my username and my password each require uppercase, lowercase, digits, and punctuation, and they’re forced to change regularly. It’s either some insecure document (whether electronic or paper), or else a password manager. As to whether there’s some back door that lets the software vendor hack my life, well, I think I have to buy from somebody at least relatively reputable, and take my chances.
Well, you don’t put any of those passwords in the manager. Those you memorize.
You put your SDMB password on it, as well as passwords for other websites (but not email).
If someone posts as me, it’s no hardship, so I don’t care if I’m hacked.
If you’re using a password manager for everything but your bank and credit card, then you’re probably using the wrong tool for the job. If you don’t trust the creators of the manager to be honest and competent, then you shouldn’t be using it for anything at all. If you do trust that they’re honest and competent, then putting your important passwords in it is probably more secure than whatever else you’re doing with them.
I wrote my own. It just hashes the name of the website plus the master password and converts the result to a 10 character string. It’s also guaranteed to contain a couple of digits and punctuation to satisfy web sites written by people who don’t understand security. Nothing except the program itself needs to be stored anywhere so it can run on any computer.
–Mark
Fascinating… I want to say that that’s not secure, but I can’t see any obvious vulnerabilities. Does the program in any sense “know” the master password, or does it just use whatever password is entered to generate its strings?
If I understood it correctly, it kinda has to “know” the master password, since it has to recreate the algorithm every time it gives the password for the site to the user. So the master password can be extracted from the program. And if you think you can obfuscate the code enough so that hackers won’t be able to get to the master password, you’re wrong.
Hm, never mind, the master password can of course be entered each time the program is started. But then, how exactly is it different from a password manager? Those encrypt the stored passwords thoroughly using the “master password” as well.
The big advantage (for me) is that the passwords aren’t stored anywhere. I don’t have to run the program on the particular computer where the password database is stored, or try to keep several password databases in sync. The major disadvantage is it’s not easy to change a single password. I generally change the master password occasionally, which changes ALL my passwords, requiring an hour or so to go around to all my accounts and change them all en masse.
–Mark
The encryption may not be as good as KeePass/1Pass/etc (some of it depends on what hashing algorithm markn+ uses) but it’s plenty good enough for every-day use. If markn+ is specifically targeted by a good hacker or the NSA (very unlikely) then he’s toast, but then most of us are.
I use a paid for password manager, which I feel is pretty secure. But I do realise that if someone really, really wants to crack my passwords, and puts in enough time, money and effort into it, they probably will. I’m just hoping I’m not that important or likely to be unlucky.
But I think it’s all about finding a balance between useability and security.