Bitwarden. Because I can have my passwords everywhere with me - Firefox PC, Firefox Android or any other browser that supports extensions.
Favourite Password Manager
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Re: Favourite Password Manager
Core i7-4770, Palit GTX 1660 Ti, 32GB DDR3 RAM, Firefox, Arch LTS w/ Cinnamon 5.2.7
My Linux group on Telegram
Avatar & desktop: https://ibb.co/album/GFx0yV
My Linux group on Telegram
Avatar & desktop: https://ibb.co/album/GFx0yV
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
I find that most websites are Rejecting the passwords created by Password Generators, so I have to make my own manually.murray wrote: ⤴Tue Nov 08, 2022 4:43 pmI switched to Bitwarden (from KeePass) a couple of years ago after seeing it recommended here. Best decision I've ever made. So easy to use on all my devices, imported my old KeePass DB without a hiccup, regularly being updated to add new features (last few updates added a username generator and email aliases), a CLI so you can access your password vault from the terminal and scripts.
- Portreve
- Level 13
- Posts: 4882
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: Favourite Password Manager
While I don't, as a matter of policy, comment on what I do or don't do related to my security, I have to say that Bitwarden building in random username generation is likely a good idea for those who want to be able to maintain public anonymity as well as those who simply don't want to make it obvious which systems they have accounts on.
Personally, I think society at large needs to make the cost associated with being a bad actor (whether individual, commercial, or governmental) so absurdly and, if I may, excruciatingly high, that people thinking about doing these kinds of attacks choose not to. I have gotten to the point that I don't think writing and passing laws, while indisputably necessary, is any longer on its own a sufficient solution.
Personally, I think society at large needs to make the cost associated with being a bad actor (whether individual, commercial, or governmental) so absurdly and, if I may, excruciatingly high, that people thinking about doing these kinds of attacks choose not to. I have gotten to the point that I don't think writing and passing laws, while indisputably necessary, is any longer on its own a sufficient solution.
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
Writing Laws,
only has one consequence,
it punishes the innocent,
and the outlaws ignore them
only has one consequence,
it punishes the innocent,
and the outlaws ignore them
Re: Favourite Password Manager
https://www.theguardian.com/technology/ ... mains-safe
I prefer old fashion painful way of managing by typing and listing my passwords for specific accounts using text or document on a computer that is not connected to the internet (without wifi and ethernet cable unplugged) then save onto encrypted USB using Veracrypt and print them out using laser printer with no wifi, and put both into fireproof safebox locked in my home. I still can memorize some passwords that I use often without repeatedly of accessing my safebox. So after I die, my passwords shall die with me as noted in my will’s directives for my relatives to destroy those in my safebox. I doubt the companies would do the same for you.
Sounds like they’re working to gain more surveillance (spying) on their users. Putting trusts into any companies that have very little or no regulations likely would lead to disasters. Remember what happened to Equifax.Toubba said the company would put in place more security measures and monitoring to detect any more threat actor activity.
I prefer old fashion painful way of managing by typing and listing my passwords for specific accounts using text or document on a computer that is not connected to the internet (without wifi and ethernet cable unplugged) then save onto encrypted USB using Veracrypt and print them out using laser printer with no wifi, and put both into fireproof safebox locked in my home. I still can memorize some passwords that I use often without repeatedly of accessing my safebox. So after I die, my passwords shall die with me as noted in my will’s directives for my relatives to destroy those in my safebox. I doubt the companies would do the same for you.
-
- Level 1
- Posts: 47
- Joined: Sun Sep 19, 2021 11:54 am
Re: Favourite Password Manager
For an actual password "manager" I use KeePass on a airgapped and encrypted old obsolete Android phone, that is only used as a "secret keeper" and 2FA authenticator. The only purpose of this phone is to generate TOTP codes and to provide a digital backup of my passwords.
It is open source (a MUST in my opinion) does not need any internet or cloud shenenigans, but still allows you to easily encrypt and export your database between devices... or upload it to the cloud if you so wish.
Alternatively, a rather unortodox but still technically a "management" trick, is to use hashes of imutable files.
For example, you choose a picture from your album, run it through SHA256 or SHA512, and use the resulting hash as a password. While certainly not foolproof, this has several conveniences.
- You allways get a long, random "password", that is different and unique.
- It's fast and convenient to use; just right-click the picture and hash it.
- You can store and transfer the "secret pictures" in plain sight, like in your social media, without presenting a obvious target.This makes it very easy to backup your secrets, and hard to lose them, as most people regularly backup their memories/photos anyway.
- You only need to remember wich picture matches each account, wich is much easier than trying to remember big passwords.
- You can very easily create even stronger passwords by combining the hashes of >1 picture, and you only need to remember it's combination (ex: mom + puppy + beach).
- Worst case scenario, if you forget wich picture is the "key", you can just hash all your pictures and try them 1-by-1. Then again, so can a hacker, so make sure to use 2FA; but this is still safer that a post-it on the screen or a plain-text file.
Considering how unsafe and amateurish most people's password management is, when they even have any at all, I'd still consider this a straight upgrade despite it's flaws. And for unimportant accounts that you wish to nevertheless keep reasonably safe (ex: online games, generic forums), it has a good balance of security vs convenience. Combined with even the most basic 2FA and a little common sense (the latter allways rarest), this is more than enough for non-critical websites.
It is open source (a MUST in my opinion) does not need any internet or cloud shenenigans, but still allows you to easily encrypt and export your database between devices... or upload it to the cloud if you so wish.
Alternatively, a rather unortodox but still technically a "management" trick, is to use hashes of imutable files.
For example, you choose a picture from your album, run it through SHA256 or SHA512, and use the resulting hash as a password. While certainly not foolproof, this has several conveniences.
- You allways get a long, random "password", that is different and unique.
- It's fast and convenient to use; just right-click the picture and hash it.
- You can store and transfer the "secret pictures" in plain sight, like in your social media, without presenting a obvious target.This makes it very easy to backup your secrets, and hard to lose them, as most people regularly backup their memories/photos anyway.
- You only need to remember wich picture matches each account, wich is much easier than trying to remember big passwords.
- You can very easily create even stronger passwords by combining the hashes of >1 picture, and you only need to remember it's combination (ex: mom + puppy + beach).
- Worst case scenario, if you forget wich picture is the "key", you can just hash all your pictures and try them 1-by-1. Then again, so can a hacker, so make sure to use 2FA; but this is still safer that a post-it on the screen or a plain-text file.
Considering how unsafe and amateurish most people's password management is, when they even have any at all, I'd still consider this a straight upgrade despite it's flaws. And for unimportant accounts that you wish to nevertheless keep reasonably safe (ex: online games, generic forums), it has a good balance of security vs convenience. Combined with even the most basic 2FA and a little common sense (the latter allways rarest), this is more than enough for non-critical websites.
Re: Favourite Password Manager
The purpose of 2FA authenticator is for providers or services to identify you then that also could make it easier for hackers to pinpoint you to your jackpot. I wouldn't be surprise there would be 3FA authenticator then there will be 4FA, so on someday. People buying iPhones because they thought they're safe and pro-private but doesn't have a defense against zero-day exploits. I never use my mobile for anything important such as banking. Tech companies shouldn't have too much power collecting your data. Doctors and hospitals have HIPAA law but when they use Microsoft or Google for your data then those tech companies get to have it too and they don't follow HIPAA law. If a password company has all of your passwords then they have all of your passwords for their own "insurance", simple as that.
https://www.youtube.com/watch?v=nbnWdA2JBik
https://www.youtube.com/watch?v=nbnWdA2JBik
-
- Level 12
- Posts: 4289
- Joined: Tue May 28, 2019 4:27 pm
Re: Favourite Password Manager
Well, while we're here, Lastpass has been breached again.
'certain elements of their customers’ information”'' has been accessed but no other details have been given out at this time.
'certain elements of their customers’ information”'' has been accessed but no other details have been given out at this time.
Re: Favourite Password Manager
Bitwarden... easy to use and suits all my platforms. On Ipad I can even use biometric (fingerprint) to access my passwords.
Lenovo T480s i5 Mint Cinnamon Mint 21.2 Victoria
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
that and KeepassXC....
just how, do you propose to Export all of the 1,000 passwords from LastPass to either one of those?
I looked at BitWarden and I don't like it
-
- Level 5
- Posts: 635
- Joined: Sat Dec 26, 2009 3:36 pm
Re: Favourite Password Manager
These all have export and import features. I switched from Lastpass to Bitwarden a year ago, because several people here recommended it, and I've been very happy with it. The browser extension works very well, just does password management, generates new passwords when needed, and otherwise stays out of the way. Actually simpler and easier than Lastpass even at this point.
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
Except for LastPass:acerimusdux wrote: ⤴Sun Dec 04, 2022 11:09 pm These all have export and import features. I switched from Lastpass to Bitwarden a year ago, because several people here recommended it, and I've been very happy with it. The browser extension works very well, just does password management, generates new passwords when needed, and otherwise stays out of the way. Actually simpler and easier than Lastpass even at this point.
I have tried and tried many times, to find a way to export the passwords, I can't even get it to export a single password, all I can do, is EDIT the one password and view the info, WHILE ON THAT WEB PAGE.
IMO,
there is more bally hoo being made over the supposed hacking of LastPass because other password managers want to claim they are better.
I have never once, in 20 plus years of using LastPass, had one of my passwords hacked.
All I do, is change my password for my bank, and AMEX and Discover Card.
I do NOT bother with any of the websites that I use, and not once, have any of them been messed with.
I have one big Major Gripe with the websites that want you to use a Special variation of Passwords.
using the LastPass Generated passwords, nearly 100% of the time, the websites refuse to accept them, forcing me to think up one just for that website... very aggravating.
-
- Level 8
- Posts: 2300
- Joined: Sat Sep 17, 2016 6:40 pm
- Location: England
Re: Favourite Password Manager
It wasn't a supposed hacking, it was a real genuine actual hacking that even Lastpass has admitted. It has nothing to do with the claims of its rivals.
Cliff Coggin
-
- Level 12
- Posts: 4289
- Joined: Tue May 28, 2019 4:27 pm
Re: Favourite Password Manager
It wasn't a supposed hacking of passwords, it was a genuine hacking of customers' information.cliffcoggin wrote: ⤴Mon Dec 05, 2022 6:46 pmIt wasn't a supposed hacking, it was a real genuine actual hacking that even Lastpass has admitted. It has nothing to do with the claims of its rivals.
-
- Level 5
- Posts: 635
- Joined: Sat Dec 26, 2009 3:36 pm
Re: Favourite Password Manager
Well where is it failing? Are you getting the CSV file at all?
It's been a year since I did it, but I think this procedure worked for me. Though It's possible I had to make some corrections to the data and don't remember now.
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
No,acerimusdux wrote: ⤴Wed Dec 07, 2022 12:51 amWell where is it failing? Are you getting the CSV file at all?
It's been a year since I did it, but I think this procedure worked for me. Though It's possible I had to make some corrections to the data and don't remember now.
I was never able to get the CSV file, that would have solved my problem, I will follow that link.
EDIT: feel stupid now, I never have seen that Advanced Options before, probably because I have my screen set at 200% and the bottom of that menu never showed up.
anyhoo, now I have the .CSV file,
-
- Level 5
- Posts: 635
- Joined: Sat Dec 26, 2009 3:36 pm
Re: Favourite Password Manager
Oh good. Now hope import works. Now that I think about it, when I did mine I may have had to deal with the problem in this warning:
....which could still be a bit of a pain if you really have 1000 passwords. But maybe fixed by now?Some users have reported a bug which changes special characters in your passwords (&, <, >, and so on) to their HTML-encoded values (for example, &) in the printed export.
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
I threw BitWarden in the trash bin,acerimusdux wrote: ⤴Wed Dec 07, 2022 2:16 amOh good. Now hope import works. Now that I think about it, when I did mine I may have had to deal with the problem in this warning:....which could still be a bit of a pain if you really have 1000 passwords. But maybe fixed by now?Some users have reported a bug which changes special characters in your passwords (&, <, >, and so on) to their HTML-encoded values (for example, &) in the printed export.
once the passwords are loaded, you cannot edit or see them again, and it is hell of a lot harder to manage than LastPass.
I trimmed down the passwords to something less than 600, there were 100s that were related to old news websites that I now refuse to use, if they want a password, I am a gone gosling.... piss on that.
-
- Level 5
- Posts: 635
- Joined: Sat Dec 26, 2009 3:36 pm
Re: Favourite Password Manager
It's just a little different layout that you aren't used to yet.
If you are using the browser extension, you just click on the icon when on a website, and it will list any logins for that site. Or just browse through all your logins using the "vault" button on the bottom. To the left of each login entry are icons to view, copy username, copy password, copy verification code. If you click view, it will show the whole entry, but the password will be obscured. To the right of the password is an "eye" icon for toggling its visability. At the top right of the entry is an "edit" button which will bring the whole entry up in edit mode. You can edit what you like there, then hit "save" in the upper right corner.
- AZgl1800
- Level 20
- Posts: 11146
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Favourite Password Manager
I downloaded the app from the Mint repository.
I gave it 10 shots, and 5 different efforts at creating new accounts.
I used the Web login to see if I can see and edit the passwords, nope, they won't let you.
I will never again, mess with it....
just simply is NOT worth the effort it takes.....
One other thing: get the password wrong, and ask it to send you an Email for a hint???
wasted effort, it never once sent the email, and I changed to Yahoo and Gmail 4 times, with new email addresses.
It claimed that my Master Password has been Accepted: it is one that I know by heart, a unique one that only I would know... but once I logged out, it refused to let me login to the web account repeatedly. I am done with itl.
and, I don't believe the ballyhoo that LastPass customer information has been divulged.
their servers might have been hacked, but the encrypted info did not get divulged....
I have never once, had any password hacked and I have been using LastPass for many years, before it was renamed as "LastPass"
I gave it 10 shots, and 5 different efforts at creating new accounts.
I used the Web login to see if I can see and edit the passwords, nope, they won't let you.
I will never again, mess with it....
just simply is NOT worth the effort it takes.....
One other thing: get the password wrong, and ask it to send you an Email for a hint???
wasted effort, it never once sent the email, and I changed to Yahoo and Gmail 4 times, with new email addresses.
It claimed that my Master Password has been Accepted: it is one that I know by heart, a unique one that only I would know... but once I logged out, it refused to let me login to the web account repeatedly. I am done with itl.
and, I don't believe the ballyhoo that LastPass customer information has been divulged.
their servers might have been hacked, but the encrypted info did not get divulged....
I have never once, had any password hacked and I have been using LastPass for many years, before it was renamed as "LastPass"