[ SOLVED ] best password manager

[whispers]

would like some help please

thanks for all your replies

[LanceM]

Lastpass. The extension is available for Chrome, Chromium. It was for Firefox last I checked. It was free last I used it. It is right at top of the heap for security. For the last 4 years, I just let Chrome save my passwords and have had zero problems.

[Rosko]

I use KeePassXC and love it. You can find it in the repositories.

[mrgordos]

LastPass is changing their free account options, starting March 16, 2021. You can now only use it on either mobile OR desktop, but not both. So if you want to use your passwords on both you now have to pay for a premium account. Bitwarden is what I changed to as soon as I was notified of the upcoming changes, and the free account is the same as LastPass used to be. I actually like it so much that I upgraded to the Bitwarden premium account for my wife and myself at the cost of 10.00 US a year each. LastPass premium would cost us 66.00 US for a family account or 36.00 US each for individual accounts.

[Kirara]

Before considering to use LastPass it might be good to have a look at these links:

https://www.theregister.com/2021/02/25/ ... ers_found/
https://www.tomsguide.com/news/lastpass ... p-tracking
https://appleinsider.com/articles/21/02 ... ndroid-app


KeePassXC usually gets good ratings and you can download it from the software manager.

[OunceofCommonSense]

KeePassXC usually gets good ratings and you can download it from the software manager.

+1 KeepassXC Passwords stored locally on PC so no issues with relying on third party to store sensitive data

[JoeFootball]

would like some help please

"Best" is subjective, but here are my picks ...

Local: KeePassXC

Cloud: Bitwarden

[LogMan]

I switched to Bitwarden when Lastpass changed ownership a few yrs ago and they started charging what I thought was a ridiculous amount, plus they were having a lot of problems with the program.
Doesn't surprise me at all that they want to gouge even more from their users.
Bitwarden works for my tablet, desktop ( 5 OS's ) and Android phone and all machines keep in sync when I change something like add or change a password.

[BenFenner]

Text document inside encrypted 7-Zip file/archive.

[DraganTheMighty]

Text document inside encrypted 7-Zip file/archive.

The best of the best!

[LanceM]

Text document inside encrypted 7-Zip file/archive.

You still trust the browser and all its corridors once you enter the password.

[BenFenner]

Text document inside encrypted 7-Zip file/archive.

You still trust the browser and all its corridors once you enter the password.

No one said otherwise.

[LanceM]

No one said otherwise

I just mean the browser is still the key item, regardless of how you manage your passwords. Once you put you password in a site, you are at the mercy of all the corridors in cyber space. It's on servers and weigh points from beginning to end. I trust Mint, Chrome, and common sense to protect mine. I have never had a problem. A lot of the password paranoia came from Windows and its cesspool of crud.

[whispers]

Thank you all for your replies

[newlyminted7]

KeePassXC.

[ThaCrip]

Password Safe (https://pwsafe.org/) which is 'Designed by renowned security technologist Bruce Schneier'.

it's in the repository, just run the following from terminal to install it... 'sudo apt install passwordsafe' (without the '). NOTE: the database file is stored locally (on your hard drive) which is more secure than storing that stuff online. because with online services, while they might be okay, there is a increased risk someone could get a hold of your password database file should one of those password manager places ever get hacked (although even assuming that happens, if your password managers database file has a really secure password then you should be safe. but I figure why even take the chance).

but the newest version of Password Safe on Linux is here... https://sourceforge.net/projects/passwo ... les/Linux/ ; currently v1.13.0 is the newest which was released late last month. for Mint v20.x you basically want the "passwordsafe-ubuntu20-1.13-amd64.deb" file. NOTE: the last I knew if you install Password Safe from the repository first and then try to install from deb file it won't install as you have to remove a specific package first before running the .deb file. but if you just go straight to the .deb file it will work straight up without issue. personally I suggest using the updated v1.13.0 over the one in the repository but I don't expect you will have problems with either one.

I have been using that on Windows since roughly 2005-2007 or so (and Linux version since I switched to Linux Mint on Jan 2019). the Windows database file works fine on Linux to (or vice versa). there is even a Android version maintained by Jeff Harris (the general Windows/Linux version is maintained by Rony Shapiro (which to my knowledge Bruce Schneier personally knows)). but in general I avoid smart phones for this stuff as I prefer proper computers (desktop/laptop).

another small thing I will mention which is not important as Password Safe is secure in it's default state but one can increase the security of the Password Safe database file further by going to... Manage > Options > Security. then on 'Unlock Difficulty' you can increase that slider if you want. the only advantage here is it would increase the time needed to brute for the password database file should someone ever get a hold of it and try to brute for it. the only small catch is, increasing that slider adds more delay to opening the database file after entering your master password. by default, it pretty much opens immediately. but I increased the slider to about 25% which you can see adds a small delay upon opening the file. but on a decent CPU it's still fast enough even though on a slower CPU the delay is more noticeable. but I figured why not get a small boost in security for minimal delay of opening the database file. but like I say, this is totally optional as you can completely ignore this because as long as your master password is secure, then you got nothing to worry about. but if you have any doubts about the security of your master password (like if it's pretty good but not top notch) then giving a fair increase to the slider will in effect make your non-super secure password that much better since it will take more time for someone to brute force the password and when someone is brute forcing the password it's all about making sure they can't crack it within a reasonable time frame. Password Safe uses the Twofish encryption algorithm (designed by Bruce S) which was one of the finalist years ago before people generally adopted the AES standard (i.e. https://en.wikipedia.org/wiki/Twofish ). Twofish is still considered really secure along with AES etc.

TIP: just some suggestions for making a secure master password... Diceware (i.e. https://www.eff.org/files/2016/07/18/ef ... rdlist.txt ; basically with that for example... you need 5 dice (one die will work, but it's going to take much more of your time) and with each roll of those five dice, reading from left to right or right to left as they fall on the floor/table in front of you, you convert that 5-digit number into a word from that txt file (I suggest using the CTRL+F as you can type in the 5-digit number into it and it will find your word much faster in that txt file vs manually looking). it's suggested to use a six word minimum (always use dice and don't choose words you personally like as this will defeat the whole point of using Diceware as it will lower your security) which gives you 77.5bits of entropy (a 10 word Diceware passphrase would be 129.2 bits of entropy which is about equivalent to a 20-character randomly generated password, which won't be cracked for the foreseeable future. if one is really paranoid and don't trust ones password manager for long password generation... you can use dice to make long/random passwords by reading the "How do I use dice to create random character strings?" at this link... https://theworld.com/%7Ereinhold/dicewarefaq.html (basically with this you would need to roll three dice a minimum of twenty times if you wanted a 20-character random password using all possible keys on the keyboard etc)). or for those who want to opt for a easier/less secure method one can do something like this... instead of "MyDecentPassword" you can do something like "...MyDecent.Passwordzzzzzzzzzzzzzzz" ). but Diceware is guaranteed secure if you use a long enough passphrase and always let the dice choose the words for you! (although I am willing to bet the decent password option paired with ones own padding scheme is probably still 'good enough' if it's long enough and your basic password meshed in there is not too easy to guess. because as they say, password length is the biggest factor in increasing it's security etc. but at he end of the day, in a very basic sense, it seems as long as one is not using the same password across multiple websites and your password are not too easy to guess your probably still 'good enough' since, as they say, those hacker types tend to go after the low-hanging-fruit).

if one wants to verify their download with 'gpg', which is optional but safer since it helps ensure the download has not been tampered with, you can do that by going to pwsafe dot org then on the left side of page click 'contact' and at the bottom of the page you will see "To verify the signature, use this public key (key fingerprint = C887 6BE6 9A8E C641 4C8C 8729 B131 423D 7F2F 1BB9)" and you basically click the 'this public key' which will download a .asc file which I just name it 'PWSafe.asc' and save it to your home folder and then from terminal run "gpg --import PWSafe.asc" (without the ") and then after that you can verify your .deb and .sig files (which you download from that sourceforge link above basically) by doing something like... "gpg --verify passwordsafe-ubuntu20-1.13-amd64.deb.sig passwordsafe-ubuntu20-1.13-amd64.deb" (without the ") which should show that long C887 etc thing there along with 'good signature' etc. don't worry about the warning screen which is normal/expected. but in the future to verify newer/future versions of Password Safe with gpg you just run the 'gpg --verify .sig .deb' command as you only need to import the .asc file once.

on a side note... for those using Firejail sandbox (for say your Firefox web browser for example), it does not filter out the ".pwsafe" folder by default which is where your Password Safe database file is stored in the home folder. so you need to tweak your Firejail configuration files accordingly to get it to filter out the Password Safe stuff properly as then the web browser cannot see that ".pwsafe" folder no longer as you can see what the Firefox browser can see for example by typing in "file:///" (without the ") into your Firefox browser.

on last thing... to state the obvious, ALWAYS make sure you have at least once backup copy of the Password Safe database file (which is located at... /home/USER/.pwsafe). because if you ignore this and your computers hard drive crashes and that file is corrupt/damaged, it's going to be a major problem regaining access to your accounts online. so save yourself the trouble and make darn sure to make backup copies of that file!!! (don't ignore this)

[Boca]

Before considering to use LastPass it might be good to have a look at these links:

https://www.theregister.com/2021/02/25/ ... ers_found/
https://www.tomsguide.com/news/lastpass ... p-tracking
https://appleinsider.com/articles/21/02 ... ndroid-app


KeePassXC usually gets good ratings and you can download it from the software manager.

Thanks for highlighting this.
My LastPass renews later this month; the above issues are prompting me to look elsewhere.

Currently liking KeePassXc...


Tony

[Boca]

My LastPass renews later this month; the above issues are prompting me to look elsewhere.

Currently liking KeePassXc...


Tony

Had several issues with KeePassXC ( Browser not connecting t database, import of LP data crashing database).
Tried BitWarden and the transition from LP was effortless!

Tony

[murray]

I recently switched from Keepass to Bitwarden and I'm really happy with it. The change-over was seamless and everything works really well, much better than my old setup. I'm currently using the free version of Bitwarden, which does everything I need, but I might upgrade to the $10 a year version just as a way to say thanks for such an awesome product.

[Boca]

I might upgrade to the $10 a year version just as a way to say thanks for such an awesome product.

I have also upgraded to Premium to get the Emergency Access and 1Gg of storage features... and to support the project.

Tony