[ SOLVED ] best password manager

[ThaCrip]

I would not consider encrypted .zip files as good enough for password storage. I wish I knew enough about it to give a nice detailed response but suffice it to say, Winzip/.zip files, etc. are not designed as security products and its encryption isn't implemented as such. Encrypted .zip files are rather famously easy to bypass so please do your research first if you plan to trust this method.

Yeah, I also agree with you as it basically mirrors my thoughts as while I don't know all of the details, password managers are meant to be more secure in this regard. so while I am not a expert, I am sure the experts in the encryption field would likely agree on this basic point.

but with that said... depending on what security threats one is concerned with, assuming the passwords they are using are secure, as long as their computer does not get compromised, then even in regards to what you mention won't matter much (like even sort of a worst case in this regard... if passwords were stored in a basic text file on a computer it won't matter unless that computer was stolen etc). besides, I figure if ones computer gets compromised with malware (and the like), at this point they got bigger things to worry about since their computer is compromised and the only way I would trust using that computer again is to do a proper clean install (i.e. completely remove all data and install the OS from scratch).

Put it in a VeraCrypt container.

Even in regards to VeraCrypt, while people seem to think that's a solid encryption program, it's basically putting more work on oneself to use stuff like that vs just a standard password manager. unless of course you don't trust the password manager at which point I would just switch to one you do trust a bit more etc. VeraCrypt can be nice but for general password management, a standard password manager is just the all-around better choice.

like even if we assume both VeraCrypt and a Password Manager are secure, it don't make much sense to use VeraCrypt for password storage as it's easier/more practical to use a password manager for password management since it's designed for it where as VeraCrypt is more of a general data encryption kind of program.

[newlyminted7]

Even in regards to VeraCrypt, while people seem to think that's a solid encryption program, it's basically putting more work on oneself to use stuff like that vs just a standard password manager. unless of course you don't trust the password manager at which point I would just switch to one you do trust a bit more etc. VeraCrypt can be nice but for general password management, a standard password manager is just the all-around better choice.

like even if we assume both VeraCrypt and a Password Manager are secure, it don't make much sense to use VeraCrypt for password storage as it's easier/more practical to use a password manager for password management since it's designed for it where as VeraCrypt is more of a general data encryption kind of program.

You keep missing my point, ThaCrip, which is that I believe there is a lot of value in doing these types of things yourself instead of using a password manager.
Again, you don't have to agree...

[ThaCrip]

You keep missing my point, ThaCrip, which is that I believe there is a lot of value in doing these types of things yourself instead of using a password manager.
Again, you don't have to agree...

I get your general mindset of doing-it-oneself and all. but at the same time, something as simple as password management, one is probably better off using a password manager is all.

because in your VeraCrypt example... like we already talked about, your just trading one encryption method for another and in the case of Password Manager vs VeraCrypt, it's just making more work for the user by using VeraCrypt and password managers are designed for password management where as VeryCrypt is more of a general purpose encryption for random data. so it just makes more sense to use a password manager when it comes to general password management since both are probably secure enough, but a password manager is more practical.

[newlyminted7]

something as simple as password management, one is probably better off using a password manager is all.

so it just makes more sense to use a password manager when it comes to general password management since both are probably secure enough, but a password manager is more practical.

In your opinion.
Get it?
I thought you understood my opinion and my point.
I don't really want to go around and around on here anymore...
Hopefully we can agree to disagree? (I am, at least)

[ThaCrip]

In your opinion.
Get it?
I thought you understood my opinion and my point.
I don't really want to go around and around on here anymore...
Hopefully we can agree to disagree? (I am, at least)

I see (ill understand if you don't want to reply any more on this subject). I just am surprised you would suggest/mention that given what I said is all. while one can say it's technically just my opinion, it's almost certainly a opinion inline with the majority for whatever that's worth. so I guess I just mainly see a small problem with suggesting stuff that's more complicated for something like password management as I think the whole point of password management, is to give the user a pretty good level of security (like use secure passwords) while keeping ones effort in doing that to a low enough point. so in this regard, VeraCrypt falls a bit short vs a typical Password Manager. so if someone is going to use a method to store passwords on a computer, it's hard to beat a password manager or thereabouts (as in something similar with similar enough security and similar effort). but if one is avoiding a password manager, they might be better off coming up with their own method outside of the computer (like not storing any data on the computer itself for those do-it-themselves types of people) like writing them down on a piece of paper etc like Diceware or using a decent password paired with some padding (or equivalent to whatever someone wants to come up with since you seem to be a big fan of the do-it-yourself method).

NOTE: but obviously, using VeraCrypt is not necessarily bad in general (as like I mentioned it seems to be good general encryption software), it just don't seem like a optimal option for password management is all as it's more geared towards general data encryption. it's a little overkill for basic management of ones passwords on a computer.

p.s. but it's cool, I got nothing against you ; in fact, I liked your advice over on the "5 viruses" thread.

[newlyminted7]

I see (ill understand if you don't want to reply any more on this subject). I just am surprised you would suggest/mention that given what I said is all. while one can say it's technically just my opinion, it's almost certainly a opinion inline with the majority for whatever that's worth.

No, I don't really want to reply any more on this subject, actually, since it's cluttering the thread and you should probably take your zeal to PMs (but please don't send me any lol) and we can let this thread be, but I'd like to clarify some things since you don't seem to be okay with agreeing to disagree...

If you think that having an opinion that is in line with what you consider "the majority" is preferable, then I think you might think twice about computer security, as I'd wager that "the majority" don't understand computer security very well. In my opinion, they tend to go with convenience. Convenience is an Achille's heel of computer security. So, if you want to encourage people to do what the "majority does", then go ahead, but I don't think that's the wisest choice. I think the majority is a poor model to follow when trying to secure data on a computer or a network. Just because lemmings do it, doesn't mean it's the right thing to do. This is just my 2c, and you're entitled to your opinion, of course. But your opinion doesn't make my opinion any less valid simply because you think you agree with the "majority" of lemmings out there. (No offense to lemmings lol) By your own reasoning, everyone should just use MS Windows, too.

so I guess I just mainly see a small problem with suggesting stuff that's more complicated for something like password management

Except you're making an assumption that by doing it yourself is always more complicated than using a password manager. It isn't. I will still encourage someone to learn how to fish before using MS Windows, I mean--, before using a password manager, especially an online one. Yet not everyone can avoid using a password manager, so those people will use one, of course.

VeraCrypt falls a bit short vs a typical Password Manager. so if someone is going to use a method to store passwords on a computer, it's hard to beat a password manager or thereabouts

Again, this is just your opinion. I happen to disagree with it completely, and for what I consider pretty good reasons. It doesn't mean you're "wrong", by the way, it just means that I disagree. And that's Okay™. Is that okay with you?

(as in something similar with similar enough security and similar effort). but if one is avoiding a password manager, they might be better off coming up with their own method outside of the computer (like not storing any data on the computer itself for those do-it-themselves types of people) like writing them down on a piece of paper etc like Diceware or using a decent password paired with some padding (or equivalent to whatever someone wants to come up with since you seem to be a big fan of the do-it-yourself method).

NOTE: but obviously, using VeraCrypt is not necessarily bad in general (as like I mentioned it seems to be good general encryption software), it just don't seem like a optimal option for password management is all as it's more geared towards general data encryption. it's a little overkill for basic management of ones passwords on a computer.

No indeed, VeraCrypt is not at all "bad in general". (Glad it gets your stamp of approval lol...)
In my opinion, VeraCrypt (and many other solutions) can be a very good choice for people who don't want to rely on password managers (especially ones that have been compromised or ones that apparently engage in unscrupulous behaviour - like Lastpass and ClickStudios, for example).

Entering a password into the VeraCrypt application to unlock a container is no harder or "less convenient" than entering a password to unlock a password manager.

Are there some good password managers? Of course. Some password managers certainly have their place, but so does doing things yourself, which is not always "more complicated" just because someone doesn't yet understand something.

[ThaCrip]

No, I don't really want to reply any more on this subject, actually, since it's cluttering the thread and you should probably take your zeal to PMs (but please don't send me any lol)

Yeah, don't worry I won't PM you

If you think that having an opinion that is in line with what you consider "the majority" is preferable, then I think you might think twice about computer security, as I'd wager that "the majority" don't understand computer security very well. In my opinion, they tend to go with convenience. Convenience is an Achille's heel of computer security. So, if you want to encourage people to do what the "majority does", then go ahead, but I don't think that's the wisest choice. I think the majority is a poor model to follow when trying to secure data on a computer or a network. Just because lemmings do it, doesn't mean it's the right thing to do. This is just my 2c, and you're entitled to your opinion, of course. But your opinion doesn't make my opinion any less valid simply because you think you agree with the "majority" of lemmings out there. (No offense to lemmings lol) By your own reasoning, everyone should just use MS Windows, too.

Ill be more clear... when I said 'majority' I basically meant more of the majority of people a bit more in the know about these things. not majority as in majority of the general public.

p.s. but if we were talking about the general public... then I totally agree with what you said here.

Except you're making an assumption that by doing it yourself is always more complicated than using a password manager. It isn't. I will still encourage someone to learn how to fish before using MS Windows, I mean--, before using a password manager, especially an online one. Yet not everyone can avoid using a password manager, so those people will use one, of course.

I realize it's not, so I agree in that regard. but... in the examples we are generally discussing it's creating a bit more work vs using a password manager.

p.s. and naturally, when I refer to password manager I always refer to the offline ones since we both agree they are technically safer than online ones.

No indeed, VeraCrypt is not at all "bad in general". (Glad it gets your stamp of approval lol...)
In my opinion, VeraCrypt (and many other solutions) can be a very good choice for people who don't want to rely on password managers (especially ones that have been compromised or ones that apparently engage in unscrupulous behaviour - like Lastpass and ClickStudios, for example).

Sure, if we account for basically all password managers, I suspect it's possible I could agree that VeraCrypt might be a better option than some. but for a password manager that does not automatically update and is strictly offline (like the one I use) one should be pretty safe etc.

p.s. I get your 'lol' comment as I did not mean to act like I am some ultimate authority on these things. but it's just difficult to justify suggesting alternative encryption software/methods for storing of ones passwords over a (offline) password manager is all, all things considered.

Entering a password into the VeraCrypt application to unlock a container is no harder or "less convenient" than entering a password to unlock a password manager.

Yes, strictly on that aspect I agree. but... once your past the basic entering the password, password managers are just better suited for managing passwords as you can generate your passwords after this point and things are better organized etc.

Are there some good password managers? Of course. Some password managers certainly have their place, but so does doing things yourself, which is not always "more complicated" just because someone doesn't yet understand something.

Yeah, I agree that alternative methods of storing a password are not always more complicated. but assuming one is storing their passwords using some form of encryption software (or the like) it seems like a fairly safe bet that a password manager will generally make for less work. because that's what password managers specialize in and are designed for is storing passwords.

even for someone who's a bit more cautious like yourself, just try to find a password manager you trust a bit more and does not update itself or store anything online. once your at that standard, I just can't really see a tangible benefit of the alternative methods unless one really gets into that whole 'doing-it-yourself' aspect that overtakes other considerations.