hrolsons
asked on
Safe Password Manager
I have no idea what "Topic" category to put this in.
So I'm going to take the plunge and subscribe to some sort of Password Manager. My physical password book is getting way too big, and I don't always have it with me. So I started a Google Doc, but quickly started to worry about the security of all my passwords being in a Google Doc.
I've been reading about some of the managers online, but I don't know who owns these companies. I would imagine that it would be pretty easy for Al Qaeda or ISIS to hire some programmers to make a password manager program and make it look legit for 10 or 15 years, and then...BAM.
The United States government has some good information on passwords, but don't recommend a specific vendor.
Your suggestions for a Password Manager would very much be appreciated.
So I'm going to take the plunge and subscribe to some sort of Password Manager. My physical password book is getting way too big, and I don't always have it with me. So I started a Google Doc, but quickly started to worry about the security of all my passwords being in a Google Doc.
I've been reading about some of the managers online, but I don't know who owns these companies. I would imagine that it would be pretty easy for Al Qaeda or ISIS to hire some programmers to make a password manager program and make it look legit for 10 or 15 years, and then...BAM.
The United States government has some good information on passwords, but don't recommend a specific vendor.
Your suggestions for a Password Manager would very much be appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The manager I mentioned is only on computers and rock solid from the point of view of encryption.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'll second Keepass. Great variety of OSes it will run on. Windows, Linux, Apple, Android etc etc, see http://keepass.info/download.html for the list.
Just backup the password file to the Internet or your phone or your tablet and put on the required application for that OS and you're away again.
Just backup the password file to the Internet or your phone or your tablet and put on the required application for that OS and you're away again.
ASKER
Thank you all so much for your input. I'm leaning toward LastPass or possibly KeePass.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/?mt=1469603973118
Both exploits occured yesterday. Again, these cloud password managers while convient, are leaving out "keep it simple stupid", there are so many working parts, and a lot of trust has to be put into each link of the chain. (Your PC -> routers(the internet)->Webpage being served, as well as the server serving, and then the service itself.)
Offline ones the chain is smaller, PC -> Software/DB housing your PWD's.
-rich
http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/?mt=1469603973118
Both exploits occured yesterday. Again, these cloud password managers while convient, are leaving out "keep it simple stupid", there are so many working parts, and a lot of trust has to be put into each link of the chain. (Your PC -> routers(the internet)->Webpage being served, as well as the server serving, and then the service itself.)
Offline ones the chain is smaller, PC -> Software/DB housing your PWD's.
-rich
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The author shared Lastpass and Keepass and experts have shared more and even means to secure password rather than just relying on password manager. The answers are reasonably discussed and experiences are shared with author.