I was not into password managers until I used Bitwarden. It's open source and works perfectly, chrome extension, app on Android/iOS. Saves me time and headache remembering passwords and secure notes.
I like Bitwarden as well and I'm using it as my only password manager. I tried using Dashlane but it isn't as good as Bitwarden. There are others like 1Password, but I trust Bitwarden more since it's free and open source.
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
KeePass on my Windows computers, along with Keepass2Android on my phone, and sync via DropBox / Google Drive (password database file is encrypted by KeePass).
Same! I use Dropbox for synchronizing the master file. I can then access it from KeePass (or some variant ) on a Mac, 1 windows laptop, and a PowerBook laptop, and a Linux box.
I wanted to do this but I always feared one thing: Does this mean that if I update one password somewhere, I have to keep downloading the files in all clients I need? So, if I update one password, I need to update all copies in all clients?
Yes, you do.
Those are passwords manager, non sync client : I like the Unix-like philosophy of doing one thing.
I keep my encrypted password db in sync with gogole drive, but you can use whatever you want.
I know people who are sending themselves the db every time they update something, ugly for me, but it it works for then then +1
Like @dbh
mentions in another thread, storing the Vault file in Dropbox or another similar cloud-based folder can be a solution for this. The file is encrypted at rest, so it's a fairly safe thing to do. Then the only place you need to sync it occasionally is your phone!
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Me too. Though after exporting everything to Bitwarden, I kept Lastpass on my work machine, just to try to consciously keep them separated from my personal passwords in a more definite way than just having different folders.
Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
The code is open source but you can just use the cloud version.
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Bitwarden does not store your passwords
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
My name is Matteo and I'm a cloud solution architect and tech enthusiast. In my spare time, I work on open source software as much as I can. I simply enjoy writing software that is actually useful.
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes
said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.
I agree that we can't/shouldn't trust the tools, but the question remains - how do you manage the passwords for the accounts you care about? Either your life is incredibly simple or you have incredibly good memory. (Well, come to think of it, either case would be quite admirable to me.)
I use Lastpass and their identities feature. This lets me keep home and work (and different workplaces) separate so I don't have to worry about logging in with the wrong account. When combined with the browsers people feature I can easily jump between the identities without having to worry about losing my place with what I'm doing.
I have pass on my PCs, which sync with an encrypted Keybase repository. My phones use an Android client for pass called Android-Password-Store which I am a maintainer for. Keybase's git protocol hasn't been ported into a standalone JNI library yet so my phones pull the local git repository from my desktop. It sounds like a lot but it's actually pretty straightforward!
Important ones in my head, others saved to Chrome. 2FA where possible. I believe the best password security is where you don't have to enter it at all so I'm really looking forward to a time when fingerprint etc is mainstream. Right now it's just Google who has that.
You get the prompt on your fingerprint device. When I login to gmail on my laptop, I get the sign-in prompt on my phone where I have to verify with the fingerprint if logging into some unknown device.
I am quite happy with the 1password solution + complex passwords.
To remind the master password, I am using a password card (passwordcard.org/en), with extra char. that are only in my head.
Just three days ago I kept receiving prompts to confirm that I'm logging in to a new device, It was obvious someone was trying to log in to my account.
I immediately installed dashlane and changed my email and online banking passwords from what I always used to a generated one
Dashlane is one of the more expensive ones for no real good reason. (Imo), I would recommend bitwarden or 1pass or LastPass (lastpass is mostly free actually now, but their support is meh)
Then my husband and I have our Master Passwords written down in our safe and my parents safe in case anything ever happened to us. My parents have the same setup. I think it's pretty important in this day and age that someone you trust knows how to access your accounts in the event that something were to happen to you. Better prepared than sorry!
You remember 15+ chars long passwords for all and every sites you use? Remembering frequently used ones is understandable but all of them sounds fictionous to me. And if you use the same password for multiple sites, one data breach can do multiple times the damage.
1Password (the standalone license not the SaaS model)
The password vault is just a file, so either you can move it to other devices yourself or use something like Dropbox if you want your passwords to update automatically across devices.
I like that it's not another server that can get exposed like LastPass (I already have crap on Dropbox so whatever) and that it wasn't a subscription service. You have to hunt to find the page to buy a license, but it's still doable. It's also cross-platform so I have it on my Mac, PC, and Android devices (phone, Chromebook).
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
They're pretty much all cross-platform. A password manager wouldn't be much use if you couldn't use it anywhere else.
I think, out of all the big name password managers, 1Password is the only one that explicitly started as a single-platform product, so everything else is an after-thought. I don't know if that makes it better or worse, though.
from android user perspective, all these pwd managers are not mature enough ( yes i tried them).
for example:
1) they constantly need to look for new input fields/keyboard open/close activities to capture pwd which is not efficient method tbh
2) they can't auto fill these fields, you need to tap on notification to fill the boxes (huge downer for me)
3) none of them work inside browser. (huge downer again)
Alternative: after various apps trial i found out that built-in google password manager works flawlessly in mobile apps and chrome browser, it also remembers card details etc. For mobile browser i use kiwi (chromium based, you should also switch) which has its own password manager.
I really wish for a pwd manager which works on apps,mobile browser and desktop browser but I couldn't find any :(
My company uses LastPass, but we're very unhappy with it. It's probably awesome at first, but once you scale... We're at several thousand shared logins, and I can only HOPE it saves the updated server root password. (I usually put it somewhere else for a few days until I'm sure)
These comments - I'll probably start reviewing bitwarden.
I started with LastPass but just didn't care for it. There were some nice features, but I had issues with the Firefox extension.
I found Bitwarden and made the switch. After a week or 2 of use, I bought the family version and got everything synced between me and my wife. It is easy enough for her to use, so less tech support for me when it comes to our shared accounts.
It's my brain.
There are tens if not hundreds of techniques to remember passwords even for different websites. If you want the one I use, you may want to watch the following video that I made. If you like it, do subscribe and explore my other videos. youtube.com/watch?v=j9OcQhuZjXg
The files on your computer have a much higher chance of being looked at than your passwords being glanced at in a password manager.
In fact, I remember a while back for windows, Microsoft having access to any and every folder on a computer, Facebook as well.
Whereas a password stored in a password manager is encrypted, the managers peer reviewed by big name security firms, and the only way they can get your passwords is if they can guess the master password or want to spend the time brute forcing and decrypting.
Hell, with options like keepass and keepassxc, where you are the maintainer and host of the database, there's no reason for not having a password manager.
I haven't started using it yet, but I intend to start using masterpassword.app
It's simple reproducible, and doesn't store anything whatsoever as it's entirely algorithm based. Just choose an extremely strong master password, because no 2FA
I'm using MasterPassword which is not really a password manager but more like a password generator. On my laptop I use pass as a local cache for my password, decrypting them with my private key on my yubikey. I'm also using the yubikey for managing 2FA access.
LastPass. Their shared folders make it easy to manage passwords across the organization. Itβs cheaper than other options with similar features (last I checked). It was the easiest path to better password security when we had none, even though other options seem more highly regarded for individual users.
I am a software engineer currently working @ShopPad, previously @HPE. I like to build websites and web application in PHP, JavaScript, and Golang. I have an unhealthy obsession with Mexican food (π―)
I manage digital products and projects for nonprofits. 10 years working around campaign technology, including a lot of HTML/CSS, with custom logic sprinkled on top. Learning to do new things daily.
I use LastPass for my personal but picked 1Password for my team at work because (at least a year ago) 1Password was slightly easier for managing a team.
My only gripe with 1Password:
Currently, 1PW access is based on "vaults" but there is no relational setup.. so if you have Passwords A,B,C in one vault... and one person only needs Password B but shouldnt have access to that entire vault, you have to create a separate instance of that credential that will have no connection (including changes) to the other instance of Password B...
...LastPass allows an individual password to be shareable.
I used to use 1Password but their pricing schemes got a little wonky for casual single person use, moved to Bitwarden and have been extremely happy with it!
Lastpass user here. ππΌ It does everything I need it to.
Do I need to check out something else? What are the benefits of using something like, say, Bitwarden?
Polyglot, autodidact. OSS author and contributor. Addicted to writing code, seeking my next 'fix'. Love communicating with an audience whose eyes don't glaze over when I get to the 'good parts'.
I write from time to time.
Views expressed are my own and may not represent the opinions of any entity with which I have been, am now, or will be affiliated.
I use a password book that I bought from Barnes and Noble a few years ago! Best thing ever and I write the passwords in pencil so that if I have to change them I can update.
A text file and my head. I mostly type out password so I remember them and they are quite complicated. I used to have more different ones. Now I just have two.
BlackBerry Password keeper is the best. I have been using it for a decade. Just the format changes when you upgrade like pkb to pkb2. Its encrypted with complete options
Started using password managers when there wherent many options and the most known at that time was Roboform. So thats what i started usint and thats what im still using.
LastPass. But there's a lot of sites that I don't bother creating an email/password account for. I just use google or facebook depending on the importance of the service.
I use Firefox Lockwise. It's been getting a lot better with the beta releases, and it covers all my needs. Really basic though, so if you need a bunch of stuff, it doesn't do everything.
I'm a web sysop and support engineer. My skills are mainly in back-end: Java, Linux, Python, PostgreSQL, Git, and GitLab. Currently I'm learning front-end skills: JavaScript, and Ruby.
Hey! I'm Dan!
I have been coding professionally for over 10 years and have had an interest in cybersecurity for equally as long!
I love learning new stuff and helping others
Location
Brighton / London, UK
Education
Edinburgh Napier (Postgrad Cert Advanced Security & Digital Forensics)
I was not into password managers until I used Bitwarden. It's open source and works perfectly, chrome extension, app on Android/iOS. Saves me time and headache remembering passwords and secure notes.
+1 for bitwarden too - apps and extensions for almost everything, cloud backups (where your data is encrypted locally first), open source, and free
It's great! But what do you think of it as being developed by one guy?
I like Bitwarden as well and I'm using it as my only password manager. I tried using Dashlane but it isn't as good as Bitwarden. There are others like 1Password, but I trust Bitwarden more since it's free and open source.
A user from dev.to told me about Bitwarden. Highly recommend it also.
Typically
password123. That way I don't need a tool to remember anything.I use hunter2
Hopefully noone sees that
I just see ******** when you type that.
Oh, good. It still works
Thank you both for throwback laugh! π
This is not a safe password. Please try
Mb2.r5oHf-0tinstead.According to IT experts it is the most secure password!
(Source: the-postillon.com/2017/03/mb2r5ohf...)
I seriously hope this is facetious, because this is the worst possible way of handling things.
Don't worry, it doesn't work. Most websites require an upper case letter and a symbol as well.
Password_123works much better.And yes, we're joking.
KeePass on my Windows computers, along with Keepass2Android on my phone, and sync via DropBox / Google Drive (password database file is encrypted by KeePass).
Both are free and open source.
This has worked really well for years.
Ports are available for Linux, Mac, IOS, etc.
This is exactly what I do too except that I use KeePassXC which started as a community fork of KeePassX.
Keepassx is great, I use it for ssh keys with its embedded ssh agent and 2f@ secret, that I store along with qrcode for quick setup.
Same! I use Dropbox for synchronizing the master file. I can then access it from KeePass (or some variant ) on a Mac, 1 windows laptop, and a PowerBook laptop, and a Linux box.
I wanted to do this but I always feared one thing: Does this mean that if I update one password somewhere, I have to keep downloading the files in all clients I need? So, if I update one password, I need to update all copies in all clients?
Yes, you do.
Those are passwords manager, non sync client : I like the Unix-like philosophy of doing one thing.
I keep my encrypted password db in sync with gogole drive, but you can use whatever you want.
I know people who are sending themselves the db every time they update something, ugly for me, but it it works for then then +1
Like @dbh mentions in another thread, storing the Vault file in Dropbox or another similar cloud-based folder can be a solution for this. The file is encrypted at rest, so it's a fairly safe thing to do. Then the only place you need to sync it occasionally is your phone!
I used to use LastPass, now I switched to Bitwarden also thanks to this thread:
Password manager recommendations?
Jess Lee γ» Nov 20 '18 γ» 1 min read
Me too. Though after exporting everything to Bitwarden, I kept Lastpass on my work machine, just to try to consciously keep them separated from my personal passwords in a more definite way than just having different folders.
Where I'm working we use a light bitwarden server self-hosted
I did the same thing, Bitwarden just works a lot more consistently than LastPass ever did for me.
I never trust password management tools.
They might collect my passwords and sell those info for some other parties...
Or worse, they might get hacked and all my accounts across the internet would be exposed.
I use simple passwords like (123456) for stuff I don't care about, and different passwords for accounts that I care about.
Yeah, the risk of that happening is way lower than you reusing a cracked/leaked password.
Sounds like the thing that would make you happy (and safe) is keepass, synchronised in a way you feel comfortable with.
@rhymes
@kriscius
Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
For why you should use a password manager and not your memory troyhunt.com/password-managers-don...
Troy Hunt is also the person behind Have I Been Pwned, a tool to check if your email is part of various security breaches haveibeenpwned.com/
Its DB of 500 million leaked passwords is also exposed as an API and currently used by various sites to bar people from using leaked passwords again.
Fun stuff π
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
troyhunt.com/have-i-been-pwned-is-...
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.
I agree that we can't/shouldn't trust the tools, but the question remains - how do you manage the passwords for the accounts you care about? Either your life is incredibly simple or you have incredibly good memory. (Well, come to think of it, either case would be quite admirable to me.)
Maybe I have a good memory, and also I help that with the choice of what I call simple-sentence-passwords like
YaserIsHere!I forget some passwords for stuff I don't use often, say DockerHub account, so I simply restore that password by email in seconds.
Use an open source one that encrypts everything
I use Lastpass and their identities feature. This lets me keep home and work (and different workplaces) separate so I don't have to worry about logging in with the wrong account. When combined with the browsers people feature I can easily jump between the identities without having to worry about losing my place with what I'm doing.
I have pass on my PCs, which sync with an encrypted Keybase repository. My phones use an Android client for pass called Android-Password-Store which I am a maintainer for. Keybase's git protocol hasn't been ported into a standalone JNI library yet so my phones pull the local git repository from my desktop. It sounds like a lot but it's actually pretty straightforward!
I use pass along with tomb. Great tool!
Important ones in my head, others saved to Chrome. 2FA where possible. I believe the best password security is where you don't have to enter it at all so I'm really looking forward to a time when fingerprint etc is mainstream. Right now it's just Google who has that.
Fingerprint is not much more secure than a password though, it can be lifted and you never change it in your life, ever.
It's handier for your personal device but biometrics on a mass scale are more about tracking people than they are about providing infallible security.
Not quite, the fingerprint doesn't go anywhere from your device. Check out WebAuthn, it's a new W3C standard w3.org/TR/webauthn/.
Yes, for device security is OK. what if you're logging in from a computer or a device without fingerprint reader?
You get the prompt on your fingerprint device. When I login to gmail on my laptop, I get the sign-in prompt on my phone where I have to verify with the fingerprint if logging into some unknown device.
Got it, thanks. It works like a 2fa basically
Yep, kinda, but better.
I am quite happy with the 1password solution + complex passwords.
To remind the master password, I am using a password card (passwordcard.org/en), with extra char. that are only in my head.
Just three days ago I kept receiving prompts to confirm that I'm logging in to a new device, It was obvious someone was trying to log in to my account.
I immediately installed dashlane and changed my email and online banking passwords from what I always used to a generated one
Dashlane is one of the more expensive ones for no real good reason. (Imo), I would recommend bitwarden or 1pass or LastPass (lastpass is mostly free actually now, but their support is meh)
I didn't notice. I also want to try our their vpn and see if it's any good
LastPass!
Then my husband and I have our Master Passwords written down in our safe and my parents safe in case anything ever happened to us. My parents have the same setup. I think it's pretty important in this day and age that someone you trust knows how to access your accounts in the event that something were to happen to you. Better prepared than sorry!
A physical notebook in a secure location and lots of memorization. I never store passwords, so that forces me to remember them daily.
And yes, they're long (15+ characters) and not common.
You remember 15+ chars long passwords for all and every sites you use? Remembering frequently used ones is understandable but all of them sounds fictionous to me. And if you use the same password for multiple sites, one data breach can do multiple times the damage.
At the moment I do very small batches of closely-related sites under the current scheme, but I figured out a scheme to switch to one-pass-per-site.
But, yes, I do remember many dozens of 15+ char long passwords. I also remember my library card number from 12 years ago.
pass(with git repo for sync) androfi-passto have a simple way to use stored passwords.In the future I need to find an alternative for this. Rofi-Pass relies on x-do and I plan to move over to Wayland.
1Password (the standalone license not the SaaS model)
The password vault is just a file, so either you can move it to other devices yourself or use something like Dropbox if you want your passwords to update automatically across devices.
I like that it's not another server that can get exposed like LastPass (I already have crap on Dropbox so whatever) and that it wasn't a subscription service. You have to hunt to find the page to buy a license, but it's still doable. It's also cross-platform so I have it on my Mac, PC, and Android devices (phone, Chromebook).
They're pretty much all cross-platform. A password manager wouldn't be much use if you couldn't use it anywhere else.
I think, out of all the big name password managers, 1Password is the only one that explicitly started as a single-platform product, so everything else is an after-thought. I don't know if that makes it better or worse, though.
from android user perspective, all these pwd managers are not mature enough ( yes i tried them).
for example:
1) they constantly need to look for new input fields/keyboard open/close activities to capture pwd which is not efficient method tbh
2) they can't auto fill these fields, you need to tap on notification to fill the boxes (huge downer for me)
3) none of them work inside browser. (huge downer again)
Alternative: after various apps trial i found out that built-in google password manager works flawlessly in mobile apps and chrome browser, it also remembers card details etc. For mobile browser i use kiwi (chromium based, you should also switch) which has its own password manager.
I really wish for a pwd manager which works on apps,mobile browser and desktop browser but I couldn't find any :(
You sure?
I use Keepass2Android for autocompletion and it is excellent (not like Google one but I have ally password where I want now).
thanks for suggestion. so does this work on mobile browser also? also, what's its advantage over the google one
Yes, I use it on my android devices.
On desktop/laptop I use KeePassXC
Lastpass - Across Android / Mac for Personal use
1Password - Work use
My company uses LastPass, but we're very unhappy with it. It's probably awesome at first, but once you scale... We're at several thousand shared logins, and I can only HOPE it saves the updated server root password. (I usually put it somewhere else for a few days until I'm sure)
These comments - I'll probably start reviewing bitwarden.
I started with LastPass but just didn't care for it. There were some nice features, but I had issues with the Firefox extension.
I found Bitwarden and made the switch. After a week or 2 of use, I bought the family version and got everything synced between me and my wife. It is easy enough for her to use, so less tech support for me when it comes to our shared accounts.
What I use is probably what you should too.
It's my brain.
There are tens if not hundreds of techniques to remember passwords even for different websites. If you want the one I use, you may want to watch the following video that I made. If you like it, do subscribe and explore my other videos.
youtube.com/watch?v=j9OcQhuZjXg
I have used LastPass for the past 3 years and have never had a major complaint about it.
Only one password anywhere : BigBrother1983
With a 3 because if someone hear me saying it
No seriously I have all of hem written in excell on my PC with the related account and correspondant site
The files on your computer have a much higher chance of being looked at than your passwords being glanced at in a password manager.
In fact, I remember a while back for windows, Microsoft having access to any and every folder on a computer, Facebook as well.
Whereas a password stored in a password manager is encrypted, the managers peer reviewed by big name security firms, and the only way they can get your passwords is if they can guess the master password or want to spend the time brute forcing and decrypting.
Hell, with options like keepass and keepassxc, where you are the maintainer and host of the database, there's no reason for not having a password manager.
I haven't started using it yet, but I intend to start using masterpassword.app
It's simple reproducible, and doesn't store anything whatsoever as it's entirely algorithm based. Just choose an extremely strong master password, because no 2FA
1Password.
I'm using MasterPassword which is not really a password manager but more like a password generator. On my laptop I use pass as a local cache for my password, decrypting them with my private key on my yubikey. I'm also using the yubikey for managing 2FA access.
I only use passwordstore.org/ in my case.
It's simple to use, create good / long password, store, encrypt, ...
LastPass. Their shared folders make it easy to manage passwords across the organization. Itβs cheaper than other options with similar features (last I checked). It was the easiest path to better password security when we had none, even though other options seem more highly regarded for individual users.
Of course, on the day I say nice things about it, this happens.
Started with mSecure in offline mode for many years, then eventually adopted LastPass.
But in addition to a password manager, I use my vanity domain to create a distinct email for each account (which is itself non-guessable).
This makes logging into websites very inconvenient, and yields dozens of distinct email accounts, but that's the point.
Plain Text like this:
Just kidding I am currently using 1Password.
I use LastPass for my personal but picked 1Password for my team at work because (at least a year ago) 1Password was slightly easier for managing a team.
My only gripe with 1Password:
Currently, 1PW access is based on "vaults" but there is no relational setup.. so if you have Passwords A,B,C in one vault... and one person only needs Password B but shouldnt have access to that entire vault, you have to create a separate instance of that credential that will have no connection (including changes) to the other instance of Password B...
...LastPass allows an individual password to be shareable.
KeePass!
I used to use 1Password but their pricing schemes got a little wonky for casual single person use, moved to Bitwarden and have been extremely happy with it!
I use LessPass, it doesn't store password, it just recalculate it everytime π
I use bitwarden.com/ now for some years.
It works pretty well.
Bitwarden, self-hosted using the rust implementation.
1Password for Family and Teams
I use forgot password every single time. is it the right way?
Lastpass user here. ππΌ It does everything I need it to.
Do I need to check out something else? What are the benefits of using something like, say, Bitwarden?
Lastpass and google smart lock
KeePassXC
On both Linux, Android, and OSX if I switch back to using an Apple again.
LastPass and KeePassXC are two good options.
LastPass for less important stuff. KeePass for stuff like banks that deserve extra protection.
I use pass
"the standard unix password manager" - state-of-the-art minimalism, the whole thing is just a bash script calling gpg and such.
Bitwarden. Its OSS, secure and cross platform
If I told you would that be good password security? :P
Lastpass
I just use βForgot password?β every time.
Just kidding, I use bitwarden
I use KeePassXC with the corresponding browser extensions on desktop and Keepass2Android on my phone and sync it using my personal nextcloud instance.
masterpassword.app/
For years π
Great cli ;)
i'm alone here using Karspersky Password Manager. it's great.
1Password, the standalone licence, not the SaaS licence.
Last Pass is my favorite!
1Password. They provide a good service, meets my requirement and i have the possibility to pay for it.
I use a password book that I bought from Barnes and Noble a few years ago! Best thing ever and I write the passwords in pencil so that if I have to change them I can update.
ansible-vault
LastPass & Enpass
LastPass. The UX is not that good but its works great for teams (sharing client data,...)
fwiw. ditched LastPass after the security issues. Moved to 1Password.
Firefox Lockwise :)
A text file and my head. I mostly type out password so I remember them and they are quite complicated. I used to have more different ones. Now I just have two.
Before, I used a simple text file encrypted with AES-256 via openssl (I had a Vim plugin to handle that under the hood).
Now I use KeePass2 on Linux. Itβs local.
Iβve used 1Password for years and have zero complaints.
Buttercup! Found out about it on the Changelog podcast.
The Changelog
Wow. Now I gotta check out Bitwarden.
Lastpass!
BlackBerry Password keeper is the best. I have been using it for a decade. Just the format changes when you upgrade like pkb to pkb2. Its encrypted with complete options
LastPass and I really love it.
LastPass! Being cloud based really helps a lot
Haven't seen anyone mention this, I use Buttercup. It is open-source, works well for me across my devices.
I remember my passwords for my bank logins and use LastPass to store passwords for all the other sites.
Lastpass. Free version.
I'm using a MacOs default password manager for a not valuable password and my brain for another.
Just Chrome. I use the random passwords it offers and then store them within it.
Started using password managers when there wherent many options and the most known at that time was Roboform. So thats what i started usint and thats what im still using.
Lastpass
My brain. It's reaching its capacity.
A notepad deep inside my desk π.
LastPass. But there's a lot of sites that I don't bother creating an email/password account for. I just use google or facebook depending on the importance of the service.
I use mac's keychain.
qvault.io ! It's simple and new features are added each week. Its under constant development
Lastpass a lot of people recommended this app for password management and I really love it!
passwordstore.org/ + Dropbox = multiplatform pluggable cli awesomeness π¦π
Just keep your GPG key away from your Dropbox password vault.
The gnupg.vim plugin. Transparently edit a text file.
I use Firefox Lockwise. It's been getting a lot better with the beta releases, and it covers all my needs. Really basic though, so if you need a bunch of stuff, it doesn't do everything.
Store all my passwords in Google chrome π
I use Passpack.
I use lastpass for all things passwords. It's really great and serves me well.
For security reason, I don't tell you :)
security
1Password
/post
I use password store
I've blogged how I set it up on my *nix and Android devices (reverse-chronologic order)
A mix of Bitwarden for cross-platform and Safari/iCloud keychain because it works so smoothly.
I havenβt figured out a good balance between these yet.
We use LastPass, it works really nice with browsers and on mobile as well. Plus it supports yubikey for MFA
I use Keypass X and Keypass Droid. I don't share any passwords over the internet but manually copy each one to the other. Because I'm paranoid.
allyourpasswords.com