Security best practice is to create a unique, complex password for every service you use. Unless you only use a handful of services, that becomes burdensome pretty quickly. Some people settle for reusing their password (or creating weaker, but easier-to-remember passwords) while others use a password manager to help them keep track. How about you?
We talk about passwords a lot here on Lifehacker. Using strong, unique passwords is one of those bits of advice that are often given and seldom heeded. Part of the reason is that good passwords can be hard to remember. That’s where a password manager comes in handy — whether it’s a Lifehacker favourite such as LastPass or a newcomer like Dashlane. The best of them not only provide a secure place to record passwords, but also tools for generating them, auditing them, and even automatically signing in for you. So, how about you?
Comments
11 responses to “Do You Use A Password Manager?”
One thing I haven’t done is go through and change all the duplicate passwords that were created before I switched to a Password Manager.
It’s a pretty big eye opener once you do.
I’m fully aware, that’s why I haven’t done it to date!
It’s going to be boring and tedious.
The good news is I’ve started trying to change them as I visit, but at some stage, I’m just going to have to sit down for a few hours to knuckle through the rarely visited sites.
I’ve been using KeePass for a long while. I keep the database in DropBox, and use a keyfile and password on each device. I also use Google Authenticator pretty widely for time-based one time passwords (TOTP).
How can you be sure that the password manager is safely encrypting your passwords and not just storing in a way that you won’t be able to break in and a smart 8yo kid with ample time can.
Second, being connected to the net and sending it directly to your browser, they can also directly post passwords to hacker board all in one line of code.
Think this way: If you were to steal passwords, how would you do it so you can get all of them at the same time, neatly per-packaged… with page link?
I’m happy to give anyone my (giant) LastPass “blob” of encrypted data to chew on. Which is all that is ever synced to the cloud. All encryption is done client-side with high security. The only weakness is using a crappy weak passphrase as the Master Password.
Products like LastPass and OnePassword and KeePass have really nailed the core security issues. Just use a high quality long master passphrase and you’re set.
Yeah, I think it’s fair to say that a company whose entire business is maintaining safe passwords have probably spent a great deal of time thinking about the best way to do just that.
I use LastPass, and I’m pretty confident they have it covered.
1. You can choose an open-source one and review the encryption code
2. Using an auto-type based system, rather than a browser plug-in, means that the password manager itself doesn’t need network access and thus (if blocked) can’t send your passwords.
Insofar as you can’t or don’t review source code, though, and use premade binaries your point is valid.
LastPass = Problem solved.
* Cross platform
* Cross device
* Syncs across all.
* Secure.
* Apps, Browser
* Free (for basic service) or $1/month full version.
I spent about 2 full days migrating every site I remember having logins on (about 200+) to LastPass recently (and generating unique passwords). Thought it was about time, considering all the account hacking problems lately.
Tried out LastPass and Dashlane, LastPass won because it runs well on Linux as well as Windows, Mac, Android and iOS, plus they’ve been around longer.
Use free version of Dashlane very effectively to keep everything under control. Just been made to change passwords at work for the first time in about 6 years, forced to use strong combinations, etc, as is now becoming standard. Surprising how many colleagues had used a pet’s name or a nickname or similar followd by two numerics, for example buster21, django56. Some people had even used the IT manager’s name in combination with other, unprintable words. Hilarity ensued.
I use long complex passwords for the sites I need to remember and that are important. For me, Steam, Online banking, Gmail ( and google account ) and some work things, I refuse to let any password encrypt them locally or via the cloud, or generate these passwords for me. Even password managers can fail, and what happens then? What happens if I lose all the data on my hard drive? What about if I lose my master password? I know that’s being a bit over the top, but to me, those are important things that I don’t want to lose. So I come up with a random phrase, add in symbols and numbers, I can remember at least ten of these with some ease.
I was using last pass previously, then used RoboForm, but I have found 1password desktop client to be the most effective and now I have it for my mobile device too. I use 1password to manage all logins to all online websites other than what I mentioned, such as forums, online shops, tech sites and NBA member sites. My passwords are all completely random, secure and easily memorable, and if the day comes that the password manager fails, I still have the most important accounts available to me, and I know them most importantly.
No one’s mentioned oneSafe yet, so I thought I would! I’ve been using it for over a year and a half now and it’s great – very easy to use and very secure. And you can also synch all your info between Mac and iPhone and iPad, which is really useful! I’ve used a few password managers over the years and it’s the best I’ve found so far.