geekhack

geekhack Community => Off Topic => Topic started by: Input Nirvana on Tue, 19 August 2014, 00:08:26

Title: Password managers
Post by: Input Nirvana on Tue, 19 August 2014, 00:08:26: I've been consolidating, organizing, cleaning up, deleting various online shizz. I'm looking to use password managers/related type software. I use OSX and iOS and want to access things from both types of device. Apple has their new iCloud Keychain on Mavericks and iOS7 which is free, but more importantly is tightly integrated with the OS and allows major convenience being able to use across Apple devices.

What do you guys use, what have you used and what do you like/not like?
Title: Re: Password managers
Post by: Hundrakia on Tue, 19 August 2014, 00:42:22: I can't bring myself to aggregate mine into a manager :-\ I've been brainwashed I suppose
Title: Re: Password managers
Post by: Novus on Tue, 19 August 2014, 00:48:49: Lastpass for me!
Title: Re: Password managers
Post by: Belfong on Tue, 19 August 2014, 01:17:05: KeePass, mini KeePass (iOS) and MacKeePass. Open source and very very secure.
Title: Re: Password managers
Post by: paicrai on Tue, 19 August 2014, 03:29:53: yeah just give me your passwords I'll help
Title: Re: Password managers
Post by: caesar on Tue, 19 August 2014, 04:21:10: i use keepassx
Title: Re: Password managers
Post by: Belfong on Tue, 19 August 2014, 04:24:00: Quote from: caesar on Tue, 19 August 2014, 04:21:10
i use keepassx
Mac KeePass have better interface.
Title: Re: Password managers
Post by: caesar on Tue, 19 August 2014, 06:05:02: may be, but i can use it on windows, linux and mac <3
Title: Re: Password managers
Post by: EpicSNES on Tue, 19 August 2014, 06:45:13: I know a lot of people who use LastPass and like it.
Title: Re: Password managers
Post by: osi on Tue, 19 August 2014, 07:13:24: Personally, I don't use a password manager but for shared environments, keepass works like a charm
Title: Re: Password managers
Post by: mashby on Tue, 19 August 2014, 12:11:50: 1Password (https://agilebits.com/onepassword) gets my vote. It's not free, but I've been a user since 2007 and highly, highly recommend it.

You can have separate vaults, so I have one for work, one for personal and one that my wife and I share. Works on Windows, Mac, iOS and Android. You can even have it work in the browser via Dropbox if you want.
Title: Re: Password managers
Post by: dorkvader on Tue, 19 August 2014, 14:42:58: I was thinking about using the following:
http://16s.us/sha1_pass.html

Here's the reasoning behind it:
http://16s.us/software/SHA1_Pass/sha1_pass_why.txt

It's based on the principle of generating your passwords instead of storing them on potentially unsafe servers or with potentially weak encryption.
Title: Re: Password managers
Post by: microsoft windows on Tue, 19 August 2014, 16:12:34: Quote from: mashby on Tue, 19 August 2014, 12:11:50
1Password (https://agilebits.com/onepassword) gets my vote. It's not free, but I've been a user since 2007 and highly, highly recommend it.

You can have separate vaults, so I have one for work, one for personal and one that my wife and I share. Works on Windows, Mac, iOS and Android. You can even have it work in the browser via Dropbox if you want.

Does it work on Windows 98?
Title: Re: Password managers
Post by: rainb1ood on Tue, 19 August 2014, 16:19:34: Keepass + Dropbox for me
Title: Re: Password managers
Post by: Photekq on Tue, 19 August 2014, 16:22:13: Lastpass!
Title: Re: Password managers
Post by: tigersharkdude on Tue, 19 August 2014, 16:22:27: password manager; a piece of paper you keep hidden near your computer desk
Title: Password managers
Post by: Belfong on Tue, 19 August 2014, 19:56:25: Quote from: mashby on Tue, 19 August 2014, 12:11:50
1Password (https://agilebits.com/onepassword) gets my vote. It's not free, but I've been a user since 2007 and highly, highly recommend it.

You can have separate vaults, so I have one for work, one for personal and one that my wife and I share. Works on Windows, Mac, iOS and Android. You can even have it work in the browser via Dropbox if you want.
I didn't know 1Password works in Windows. Do you have to pay for the Windows app as well? I find it appalling that one has to pay for the iOS and the Mac client. It looks great, sure, but why charge a few times when the alternative, such as KeePass is free!

Edit to say that I do appreciate paying for software but I just wonder how they would stay competitive by charging for every client app (iOS, Mac, Windows). I like LastPass model. Free to use but pay a yearly sub if you want it on a mobile device.
Title: Re: Password managers
Post by: riotonthebay on Tue, 19 August 2014, 20:01:08: Quote from: mashby on Tue, 19 August 2014, 12:11:50
1Password (https://agilebits.com/onepassword) gets my vote. It's not free, but I've been a user since 2007 and highly, highly recommend it.

You can have separate vaults, so I have one for work, one for personal and one that my wife and I share. Works on Windows, Mac, iOS and Android. You can even have it work in the browser via Dropbox if you want.

I have the exact same setup. A personal one shared with my girlfriend and one for work that our whole team shares. Works great.
Title: Re: Password managers
Post by: dorkvader on Wed, 20 August 2014, 01:07:54: Quote from: microsoft windows on Tue, 19 August 2014, 16:12:34
Does it work on Windows 98?

SHA_1 Pass does.
Title: Re: Password managers
Post by: JaydrVernanda on Wed, 20 August 2014, 01:43:36: i use keepass because it's open source and is free.
Title: Re: Password managers
Post by: paicrai on Wed, 20 August 2014, 06:20:40: Quote from: tigersharkdude on Tue, 19 August 2014, 16:22:27
password manager; a piece of paper you keep hidden near your computer desk
yep, that's about it
Title: Re: Password managers
Post by: Input Nirvana on Wed, 20 August 2014, 14:27:01: Couple products keep popping up, and a new one (Thanks Dorkvader!)

This is an important issue that everyone should take seriously. I know I am, I've been hacked :(
Title: Re: Password managers
Post by: mashby on Wed, 20 August 2014, 14:37:29: Quote from: Input Nirvana on Wed, 20 August 2014, 14:27:01
This is an important issue that everyone should take seriously. I know I am, I've been hacked :(

I agree 100%.

And just to plug 1Password again... I know it's not free, but it's the most integrated and easy-to-use solution I've found. On iOS devices, being able to use the built in browser to auto-login is fantastic. The fact that all of my passwords are the maximum allowed with the most complicated recipe the site will allowed is a non-issue.

As an added security measure, I enable two-factor authentication whenever possible. PayPal, Google, etc.
Title: Re: Password managers
Post by: Input Nirvana on Wed, 20 August 2014, 15:02:40: It seems to me that 2 step auth. is the way to go.

All passwords can be brute-forced eventually, and although I'm not going to spend hours reading about it, the concept is scary enough just knowing passwords aren't enough.
Title: Re: Password managers
Post by: mashby on Wed, 20 August 2014, 16:21:01: You're right. Strong passwords today will not necessarily be strong passwords in the future. One of the things I like about 1Password is that it allows you to do an audit of your passwords, and will alert you to vulnerability issues. It'll show you which passwords a weak, which are old, which are duplicates and which may require updating due to Heartbleed, etc.

Speaking of strong passwords, I always think of this comic when the topic comes up.

(http://imgs.xkcd.com/comics/password_strength.png)
Title: Re: Password managers
Post by: keymaster on Wed, 20 August 2014, 16:25:26: I've used LastPass for years and I haven't looked back.
Title: Re: Password managers
Post by: dorkvader on Wed, 20 August 2014, 17:04:43: Quote from: mashby on Wed, 20 August 2014, 16:21:01
You're right. Strong passwords today will not necessarily be strong passwords in the future. One of the things I like about 1Password is that it allows you to do an audit of your passwords, and will alert you to vulnerability issues. It'll show you which passwords a weak, which are old, which are duplicates and which may require updating due to Heartbleed, etc.

Speaking of strong passwords, I always think of this comic when the topic comes up.

Show Image
(http://imgs.xkcd.com/comics/password_strength.png)

That right there is why I like the SHA1 solution. I can produce passwords that meet the complexity for stupid websites that are easy enough for me to actually remember. And I can also keep around a huge amount of passwords for all the logins that I need without having to store them on a potentially insecure server somewhere int he cloud.

Anyway, I haven't switched over to something like that yet, but I suspect the better ones are the "more integrated" ones. for most people that'd be the solution I go to.

Another option is to use a yubikey or make a similar thing (like using an MCHCK). We had these at work for 2 factor and it was pretty sweet. (and easy to use).
Title: Re: Password managers
Post by: anowt on Mon, 25 August 2014, 02:40:31: encrypted spreadsheet. best. pwd. manager. ever.