Password "Vaults" or storage options

Just after some ideas of ways of storing passwords that you rarely use… Got sick of counting the fire hydrants while trying to guess passwords are 12mths since you last used them.. Then trying resetting it to be told you can't use one you've used in the last 15 resets… So go and use something you'll never remember.

Any good suggestions, I've looked at a few, but not sure how secure these types of things are…
But might be better than 500 post it notes around the screen or a book next to the keyboard like some of the people at work have.

Comments

  • I just use chromes inbuilt one

    • Same here. After being hacked on one [email protected] site with no security, I was sick of resetting them on all other sites using the same password.

      Google Chrome also offers to check all your passwords to see if any of them have been hacked, similar to haveibeenpwned.

      You can revamp your security by first going to https://passwords.google.com/ and then 'Go to Password Checkup'. Then change all compromised passwords and use Google's suggested password (little pop up when typing a password). Google will save it in Chrome with your approval.

      Best thing is that it's synced with your mobile, so I don't have to turn on my PC every time to check what my password is.

      Sometimes google doesn't automatically recognise a password field and doesn't suggest a strong password, for those sites, I use https://passwordsgenerator.net/ to create a random strong password.

      Soon enough, I will have all my passwords different for each site, and don't have to worry about one website getting hacked. If google gets hacked, then I am F***ed lol.. putting all my eggs in one basket.

  • Lastpass

    • ^ this.

      And I'm using passphrases. MyGrandmaDiedIn2017 is not that easy to break using brute force.

    • I'm on LastPass and it seems to work well. I got onto it based on reviews I read when I got onto it about two years ago.

      Everything is stored in there and off it goes. I have one "master password" to get into LastPass itself that is apparently very difficult to crack based on brute force.

      I haven't used it yet, but LastPass has an option where it will then reset all your passwords that you have stored within it to random character strings.

    • +1 Lastpass, been using for years now. The chrome extension is very good, and the app is good most of the time on android (usually pops up) but sometimes doesnt. Not hard to go into it with fingerprint to copy the password for a browser or app.

      Speaking of which, does anyone have any good deals for LP? Mines about to renew…

      • Do you actually need any of the paid features? I used Google Play credit to pay for it a few years back, but all of the premium features I needed were added to the free version.

        • Great point. I seem to recall when I signed up years ago that you had to pay to have multi-device possibly? Seems the features have increased so I think I'll cancel the premium. Thanks for the tip!
          Also, while cancelling noticed it had gone from $12USD/Year to now $36USD within 5 years..

      • Give Bitwarden a go. I've been a LastPass user for over 6 years and recently migrated over. The android integration is much better and doesn't have the intermittent issues like LastPass does with it failing to pop up.

        You can easily import all your data into Bitwarden and the free version is more than adequate (for me anyway). I came from a paid version of LastPass.

        • +1 for Bitwarden. The fact that it's Open Source and has recently completed an independent code audit (https://bitwarden.com/blog/post/bitwarden-network-security-a...) makes it, in my eyes, much more secure than any of the closed-source options such as LastPass, 1Pass and Dashlane.

          Don't get me wrong, all those options are good, but the transparency around BitWarden gives me (someone who is "borderline socially-acceptable paranoid" about technology security) a great deal of comfort. I migrated from LastPass 3 months ago and love it.

      • Cashrewards usually have a decent cash back for Lastpass.

        I had to renew mine recently. Make sure your auto renewal is cancelled, then sign back up before your current sub expires and you should get the cashback, but your millage may vary.

        Also best deal is to split the family license - i split it with a couple of family members and it comes up super cheap and we can easily share some passwords if needed.

        If you don't need the sharing features, the free option might be OK, but between my wife and I it's pretty handy to have the features from the paid version.

        • I just checked and Shopback also has a 10% discount if you want a paid tier for Lastpass. Didnt look like it had it for Dashlane or 1password.

  • If you're on iOS/macOS, the built-in iCloud Keychain is very good. 1Password, LastPass all good third party options as well.

    The new way of choosing passwords is not to chose it. Use a built-in feature of your platform/app to generate and save a totally random password.

    • You still need one good password you remember to log into these sites - a pass phrase is best for that

  • +48 votes

    Bitwarden is also good, browser plug-ins, android app, vault sync etc

  • I use Keychain built into my iPhone, which also is built into my Mac and ipad. But it's not built into my PC, so I copy passwords by hand for that and save them to Firefox if I need them on my PC a lot. I don't let them upload to a firefox account or anything, if my computer burns then I'll need to re-add them to my new PC manually. I also have two factor on all my important accounts, I get like a dozen codes texted to me every day. I couldn't imagine just trying to remember passwords, what a waste of mental energy.

  • You know what I hate? Sites that won't let you paste passwords in from a password manager. Is that the intent of the site administrator or is there something wrong with my computer?

    Happened today with bloody Microsoft pestering me with need to fix something messages in notifications. Result - short passwords for Microsoft.

    • Remember when Westpac had that on screen keyboard you had to 'type' into by clicking on the keys. Back in those days that means it was exactly 6 alphanumeric chars with no capitals allowed. Nowadays, it's still 6 chars but uppercase letter allowed!

      • ing customers with 4 digit passwords:
        https://imgur.com/a/R6mD65y

      • Westpac is still case-insensitive.

      • Westpac allows uppercase but doesnโ€™t actually differentiate. As in, if youโ€™ve been using caps, try your password in lowercase and youโ€™ll see.

        Enjoy!

        • I'm no cybersec expert, but if it accepts both, then your password is being read/interpreted by the server. This means encryption is broken before your password is read by the bank.

          • @Superannuation: The password can be lowercased on the front end and your password is normally in plain text when it reaches the server application. It's encrypted in transit, read by the server app then converted to a one way hash for storage or comparison against the stored hash.

          • @Superannuation: The authentication middleware will lowercase the input before passing it along to the auth service. Nothing nefarious here.

            -

            @Murdrum: Honestly, I'd be surprised if hashing was involved at all. It'd be a mainframe application (given that fact they haven't migrated to better wider passwords) with a fixed length field.

            If hashing was involved, they might've switched sooner as the hashed result would be a fixed length no matter the input.

            Of course, I'm making many assumptions.

            • @ozbargainsam: Banks not hashing passwords is a scary thought. But I guess they put a lot of work into securing access to their customer data anyway.

              • @Murdrum: Hashing a six character case-insensitive password is pointless, you'd basically just be adding padding for no reason.

                • @ssquid: Provided the passwords are hashed with a salt, the hash of single letter is almost as irreversible as the hash of a random 100 character string.

      • Crazy how weak the front facing bank security is

    • Auto-type feature on my keepass xc works fine here on these sites.

  • Wait so you're saying me having my laptop password written on a post it stuck to the side of the screen is bad?

    • Depends if you're more worried about being compromised physically or over the internet. This assumes said password is sufficiently difficult to guess or brute force.

    • Depends on the colour of the post it note…

  • bitwarden.

  • LastPass, works well. Had 1password, switched to LastPass.

    • I use LastPass but have considered switching to 1password when subscription is up. Why did you change?

      • From memory ability to share passwords with family was well built in LastPass when I switched.

  • I personally use 1Password and have for a bit over five years. It's worked really well and I sync my vault to Dropbox (I don't really trust/want to have it hosted by AgileBits who make 1Password). I've even bought multiple versions over the years to get the full suite on Windows, Mac, iOS and Android. My biggest issue with them are now that they have a subscription service (the aforementioned feature where they host the vault for you), they are less incentivised to either sell the full version (so no sales/discounts nowadays) and they don't focus development effort on supporting more hosting options besides Dropbox and iCloud. Since iCloud is Apple specific, that really just leaves Dropbox which now has a 3 device limit on the free tier, and to add more devices means you need to pay for a month's subscription to Dropbox Plus. Once it's finished and you revert to free tier status, you keep all your existing devices logged in but you'll need to repeat again if you format a device or get a new phone. I've looked into alternative ways of synchronising it through OneDrive (my preferred cloud storage provider since I use Office 365) or even my Synology NAS but none of these seem to work as well as the Dropbox route…

    … one day I'll move to another platform though or maybe even Bitwarden.

  • I use MacPass which is open-source and free (I'm a tightwad).

    It is based off KeePass.

    A 2017 Consumer Reports article described KeePass as one of the four most widely used password managers (alongside 1Password, Dashlane and LastPass), being "popular among tech enthusiasts" and offering the same level of security as non-free competitors.

    • Thanks.
      I've used KeepassX for many years but it hasn't been regularly updated.
      So good to know an alternative for the future as Macpass can open and use the same Keepass files.

  • Using KeePass, love it because it's free and open-source.

    • I don't understand why you've been negged. I too use Keepass and have it on every device I use. I will also admit, it's UI isn't very pretty and that it can be somewhat clunky to use, but the free and open source bit trumps those inconveniences for me. I know I'm a bit strange with this, but I actually like that I'm initiating the password authentication rather than it being done automagically for me.

      I also love the fact that it's up to me if I want to store the database file in the cloud in accounts I have full control of or locally.

    • I use KeePass with a number of plugins too such as OneDrive sync. Use KeePass Touch on my iPhone. I've used it for many years. Rock solid. I'd probably only move away for LastPass, 1Password or Dashlane if I got a YubiKey and wanted better integration etc. If your not using a password safe of some description these days you're crazy and very vulnerable to a password stuffing attack because you're probably using the same password or variations of it everywhere.

    • Yep, use mine in combination with Google Drive and have my password database available on any device.

      Works really really well, free and open source so you KNOW it's secure.

  • +5 votes

    Lastpass user here for about 7 years or so, cant complain about it at all.
    Currently on the free model as it does everything I need without paying the $40 a year, I like the password generator, Chrome/Firefox plugin is great, having it on mobile is fantastic as it means I can have access anywhere. The family side is good as well, can set up shared accounts between people, so my wife and I have things like Netflix, Paypal etc in the shared account side, works great, can't recommend enough.

    I install it on every PC I sell and use it as a must have for my managed clients. I don't want them to have any excuse for shitty passwords and infecting their systems and blaming me!

  • I've used Roboform for past 20+ years. The best out there IMO

    • Me too. Used it for years, without issue, so I just keep renewing my subscription. Syncs between multiple devices (desktop, laptop, mobile).

  • I use Dashlane which is free.

  • i use a piece of paper

    • LulZ
      Btw nice profile pic ๐Ÿ˜€

      • thankks, you should change yours from the default too….

        • Done. Let me know if you pogo maybe we can be friends ๐Ÿ˜Ž

          • @JungliChilli: oooh. no, unfortunately i dont pogo since i dont have an android….we can still be friends unless you only want friends who pogo….

            • @Zachary: Aww. Are you sure you cannot get pogo on an apple?im sure i have friends for are apple for life type of people haha. Lets be friends regardless ๐Ÿ˜‹

              • @JungliChilli: I don't have an apple either….

                • @Zachary: Oh this is interesting my friend. So do you a windows phone or blackberry or soemthing else? Or nothing? ๐Ÿค”

                  • @JungliChilli: Yes….it is most interesting…..would you still be friends with someone who doesn't have either an android or an apple?

                    • @Zachary: I don't see why i wouldn't. I don't discriminate. Now the question is do you want to still be friends? ๐Ÿค”

                      • @JungliChilli: WOoooooooooooo, yeeeeeeeeeeessssssssss!

                        How much of a pokefan are you?

                        • @Zachary: Yaaaaaayaahh

                          I'd like to think im a decent poke fan. But the pro fans may think im no where close ๐Ÿ˜‚

                          As a kid I used to get up to watch pokemon as a religion. Played many many hours of yellow, ruby and fire red.

                          Wbu?

                          • @JungliChilli: Yellow, huh? You must be older than me! I started with LeafGreen and played all the generations up to ultra sun (still going with this…lol), except black and black 2 and soulsilver or its generation alt equivalent. Havent played the new one since i dont have a switch…

                            i also watch the animu and have seen all up to xyz. i stopped watching after that as I feel ash (and maybe the series as a whole I guess) has gotten more childish and less mature than his previous "adventures"… I've also got dvds and blurays of them all up that point of course including their movies.

                            ive collected all the adventure books up to xyz, except black and white since no one seems to be selling those boxsets anymore…. i also read them too, so they're not all for show… I kinda find the books more…adventurous and mature than the animu following ash…wish they'd adapted the books as a faithful animu series….

                            ive collected some plushies….and set them up so they look like they're having fun without me….since you know, im not always around them…and if I am, im usually on the computer…playing games….or procrastinating….

                            I wrote a fanfic of myself in a pokeworld, still ongoing - havent actually finished it yet, just envisioning and immersion myself into it and what adventures I would take or receive…..the story is …pretty dark…..maybe as or darker than the books….

                            how do i rate as a pokefan?

                            • @Zachary: Who dam this is a whole differnt level. The ultimate pokefan perhaps?

                              Id like to see a pic of your plushie setup. Oh hit me up when you complete your fanfic. Id be keen to read it.

                              I can most definitely not call myself a pokefan after reading about you hahaha

                              Truly impressed

                              • @JungliChilli:

                                The ultimate pokefan perhaps?

                                Not really, I haven't cosplayed as any of the characters or pokemon or gone to those "meetups or conventions"….so I wouldn't say ultimate level… Also there is card collecting too, which I dont do….used to play the game though a few times….then stopped because no one wanted to play with me…still have the starter deck I think, somewhere around my room…probably forgot how to play the game now…hahaahaha…

                                And then there's clothing apparel with poke stuff on it. I think I used to have some, dunno where they went…. Oh yeah, you'll also need to basically have a bit of poke in your daily life….such as a poke mug for your coffee or tea or whatever you drink, poke bag (I used to have one but gave it to my lil sis) for school or work and just basically have lots of references of it in some form or kind….like stickers or if you drive a car, have a vinyl on it…..or number plate….you know things like that, that a hardcore pokefan would do…..

                                You'll get teased about it too, so you kind have to have a strong mind and ignore them(Or fight them with an assertive figure) - its like being gay, lesbian or any kind of thing that isn't normal for a typical human or at least in our society(For example seeing 90 year old grandpa who still plays with lego blocks or is 40 year old (wo)manchild)… (although probably less of it now since you know….social justice warriors that care for these sorts of people - i dont know, i wasnt even born during the earlier times to see how bad it was to express your individuality then…but I was just told stories and read stories so …yea…)…unless you they physically bully you in which case….run or fight back - with pokemon! Throw your pokeball out and summon your charizard and smoke that (profanity) who bullied you! And then use that masterball of yours to catch his girlfriend who he was trying to impress and then you have your own pokegirl! Nah that won't work…as much as I would like it too! hahahaha

                                Id like to see a pic of your plushie setup.

                                My camera's kinda broken after dropping it on hard concrete some days ago, stupidly…..otherwise I'd take a pic for ya. I can try explain the picture in words if you want?

                                Oh hit me up when you complete your fanfic. Id be keen to read it.

                                Oh really?! Didn't know there was anyone interested! Well there was this one guy (Before you that is) but I don't think he bothered to read it all and only wanted to say he wanted to read to make me feel good about it….hahaha But I guess he probably doesnt have the time to read it all since you know, his got a full time job….unlike some people here….

                                I take it that Rayquaza is your fav poke?

                              • @JungliChilli: Hey man, you still interested in reading my fanfic? Or not really? I've done quite a fair bit, and there may be some spelling and grammatical errors that I've missed or overlooked…..and ….it's not finished yet, but thought you might wanna take a taste of what I've got in progress?

                                • @Zachary: Heyy man! I'm not the best grammatical nor a great speller and i rarely criticise it, so dw about it! In fact i get pissed off when people point out small grammatical errors snd make fun of it. For me if one can figure out what is being said just shut up and read on. No need to put people down unnecessarily.

                                  Back to your question, Yes I'm keen for the read!!

                                  :)

                                  • @JungliChilli: Sorry for late reply, was trying to add(And find) whatever's left of my drawings up…excuse my drawings, they're pretty crap and cringy…but I had hoped the extra page for the illustrations would help visualize the last page's scene happenings….like a kindergarten/pre-primary picture book…. Wicked - it's a long read…..185 pages….half of it is meant for drawings and pictures….which I've yet to finish… But you'll blow over it all within an hour or so, assuming you're a fast reader and interested in the flick. Hah….

                                    Welcome for any consistency, plot holes, grammar and spellings that I've screwed up, criticisms(if there are any and that you wish to share, don't have to if you don't want to, after all, its not like its gonna be published physical book or anything to sell….)…oh and anyone else who wants to read, the links up there….

                                    Just note, the story went from adventure action to more action adventure with action being the focus if that matters(somewhat does to me as I intended to be adventure orientated first and foremost and action later…)….and there's some other stuff I want to add, but also screws up the plot or requires a rewrite of the plot somewhere and I've already rewritten the plot about 20 times - no wonder why I haven't finished it…..and I don't want to do a dues ex machina thing in my fanfic….that would seem too easy…or maybe I already have but dont know it? Hmmm…..

                                    Anyways…enjoy!

    • I know you are trying to sound smart but you managed to do the opposite.

  • I've been using Kaspersky password manager for years. It synchronises over multiple platforms and devices. Never missed a beat

  • There are a number of good solutions out there. A password safe is essential these days. Every account should have a unique password and you should also consider two factor authentication for any account with personal or sensitive information.

    Commonly used 3rd party with free/paid are 1Password and LastPass. These seem to have a satisfied customer base and are often recommended.

    Open source free (or donation) options that are well received also (I have used these at different times - before doing so, I asked a friend in the IT security department at work to check them out):
    KeePass - local file
    Bitwarden - hosted and synchronised

    My personal recommendation for a password safe is Bitwarden although I've not seen its iOS client.

  • I run free Avast Antivirus on my home laptop and started using the inbuilt password manager a few years ago.
    Now I find it indispensable for the level of security that I need for banks and super - 18 digit passwords, different for every site that I use.
    It prefills most login forms, and just has one master password that I need to remember.
    I think I can extend it to my iphone but I haven't tried that yet.

  • Firefox Lockwise. + Add Master Password on Firefox.

    • FYI the Lockwise team is tiny, has had repeated layoffs and they have not been able to fix major bugs after over 1 year. Based on what I have seen, I have very little confidence in their ability to keep your data safe. I switched to Bitwarden, didn't look back.

  • Bitwarden

    Started on 1Password but wanted to get rid of the monthly subscription. 1Password does do some things better, but for a free service Bitwarden does everything I need well enough.

  • i just use 1111 for everything so it's easy to remember