Storing Passwords

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

User avatar
Mr. Fed
Posts: 15111
Joined: Tue Oct 12, 2004 11:05 pm
Location: Los Angeles, CA

Storing Passwords

Post by Mr. Fed »

What's everyone's favorite secure method for storing multiple passwords these days?
Popehat, a blog.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Storing Passwords

Post by Isgrimnur »

11 threads down would be a good place to start. :P
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19979
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Storing Passwords

Post by Carpet_pissr »

Even with the open source recommendation/praise in that thread, I still prefer LastPass because it automagically fills in your fields. It will also generate a highly secure password for you and remember it (which allows you to have multiple, highly complex, highly secure passwords for all your sites, which you would have a hard time remembering/typing without the aid of software).

Except on mobile, where it sucketh. A clumsy mess at best, when it even works (on iOS at least - no idea how good/bad it is on other platforms).
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: Storing Passwords

Post by Jag »

Lastpass seems to be doing the job well for me....until it gets hacked.
User avatar
wonderpug
Posts: 10342
Joined: Tue Oct 19, 2004 4:38 pm
Location: Albuquerque, NM

Re: Storing Passwords

Post by wonderpug »

I'm happy with STRIP on my iPhone, but I don't think it has an auto field fill-in function and I don't know anything about its process for syncing across multiple devices, as I don't need or want either of those features.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Storing Passwords

Post by Anonymous Bosch »

I would reiterate my suggestion in the thread Isgrimnur mentioned, i.e.:
Anonymous Bosch wrote:KeePass on the PC and MiniKeePass for the iPhone (which includes support for Dropbox synching).

EDIT: Here's a write-up on using MiniKeePass with Dropbox.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
RunningMn9
Posts: 24461
Joined: Tue Oct 12, 2004 11:55 pm
Location: The Sword Coast
Contact:

Storing Passwords

Post by RunningMn9 »

Anonymous Bosch wrote:I would reiterate my suggestion in the thread Isgrimnur mentioned, i.e.:
Anonymous Bosch wrote:KeePass on the PC and MiniKeePass for the iPhone (which includes support for Dropbox synching).

EDIT: Here's a write-up on using MiniKeePass with Dropbox.
KeePass rules, and I use KyPass on the iPhone, which integrates with DropBox as well.
And in banks across the world
Christians, Moslems, Hindus, Jews
And every other race, creed, colour, tint or hue
Get down on their knees and pray
The raccoon and the groundhog neatly
Make up bags of change
But the monkey in the corner
Well he's slowly drifting out of range
User avatar
Mr. Fed
Posts: 15111
Joined: Tue Oct 12, 2004 11:05 pm
Location: Los Angeles, CA

Re: Storing Passwords

Post by Mr. Fed »

Thanks much.

It looks like there are multiple options for integration with Firefox. Anyone recommend one in particular?
Popehat, a blog.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Storing Passwords

Post by Anonymous Bosch »

Mr. Fed wrote:Thanks much.

It looks like there are multiple options for integration with Firefox. Anyone recommend one in particular?
I haven't used Firefox in a while, but KeeFox does a great job of Firefox integration with KeePass.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Storing Passwords

Post by Kasey Chang »

I use KeePass with ChromIpass for Chrome. Though recently it doesn't seem to work any more, I haven't figured out why.
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
Giles Habibula
Posts: 6612
Joined: Sun Oct 17, 2004 10:38 am
Location: Bismarck, North Dakota USA

Re: Storing Passwords

Post by Giles Habibula »

I use a notebook and pen on my desk. I just recently started using that.
Before that, I used my memory, but as the years passed, and my memory faltered after many password changes, I finally decided to use a written record. Unfortunately, I only have less than half of the passwords written down that I will need at some point. The rest I figure I'll get as I need them, by using the "forgotten you password?" buttons.

My main problem is my reliance on the "remember my password" option, so if my computer never crashes, I can go for years without having to remember a password. So whenever I purchase a new rig, I have to go through a whole nightmare of trying to get into all of my regular sites again.
"I've been fighting with reality for over thirty-five years, and I'm happy to say that I finally won out over it." -- Elwood P. Dowd
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Storing Passwords

Post by Kasey Chang »

Use PasswordCard:

http://lifehacker.com/5521990/passwordc ... our-wallet" target="_blank

It's a wallet card, but you have to memorize a lot less. :)
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Storing Passwords

Post by Anonymous Bosch »

Giles Habibula wrote:I use a notebook and pen on my desk. I just recently started using that.
Before that, I used my memory, but as the years passed, and my memory faltered after many password changes, I finally decided to use a written record. Unfortunately, I only have less than half of the passwords written down that I will need at some point. The rest I figure I'll get as I need them, by using the "forgotten you password?" buttons.

My main problem is my reliance on the "remember my password" option, so if my computer never crashes, I can go for years without having to remember a password. So whenever I purchase a new rig, I have to go through a whole nightmare of trying to get into all of my regular sites again.
Just use KeePass with an easily-remembered (yet extremely cryptographically secure) Diceware master pass phrase. That way you can simply have KeePass generate gibberish strong passwords for all your sites, but the Diceware phrase is the only thing you ever have to remember.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Kelric
Posts: 30196
Joined: Thu Oct 14, 2004 5:20 pm
Location: Whip City

Re: Storing Passwords

Post by Kelric »

Just DLed KeePass, setup all my passwords, saved the file, went to open it and.... Composite Key Is Invalid! error. Their official forums are no help, the only response ever seems to be 'You typed your password wrong.' Which I didn't. I even created a test database with the password as 'test' and get the same error. Waiting for their forum confirmation e-mail to show up so I can post and complain there, too. :grund:
User avatar
TheMix
Posts: 10904
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado

Re: Storing Passwords

Post by TheMix »

Started using LastPass.

So far it's been pretty decent. Using it in Firefox, Chrome, and IE.

Managing everything gets to be a bit of a pain at times. It likes to create multiple entries for some sites. I'm using it with work stuff, which is likely a bad idea due to how often I change my password at work.

The biggest problem I have with it is if I forget the password to get into the LastPass vault. Then I can't activate it to get to any of my passwords. In what is probably a VERY bad move I have the vault set to auto log me in. Which is fine as long as I don't let anyone else on my computers...

Black Lives Matter

Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
User avatar
Carpet_pissr
Posts: 19979
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Storing Passwords

Post by Carpet_pissr »

TheMix wrote:In what is probably a VERY bad move I have the vault set to auto log me in. Which is fine as long as I don't let anyone else on my computers...
I only do this on my home desktop computer. Yeah, probably a very bad idea on any comp. outside the house.
User avatar
TheMix
Posts: 10904
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado

Re: Storing Passwords

Post by TheMix »

I do it on my work computer as well. But it is encrypted and requires me to log on. So as long as I don't walk away and leave it unattended and unlocked, I should be fine.

Of course, I had a bit of a scare today when I logged on at work and found that my LastPass had logged me out. Luckily I was able to get the password in a couple of tries. We have a ton of different internal sites that all seem to use their own passwords (that I don't have the ability to change).

Black Lives Matter

Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
User avatar
Enigma
Posts: 401
Joined: Fri Oct 22, 2004 8:02 pm

Re: Storing Passwords

Post by Enigma »

ROBOFORM
Now Playing:
XCOM, Huge backlog in the wings thanks a lot Steam!
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Storing Passwords

Post by Kasey Chang »

Kelric wrote:Just DLed KeePass, setup all my passwords, saved the file, went to open it and.... Composite Key Is Invalid! error. Their official forums are no help, the only response ever seems to be 'You typed your password wrong.' Which I didn't. I even created a test database with the password as 'test' and get the same error. Waiting for their forum confirmation e-mail to show up so I can post and complain there, too. :grund:
Weird... Are you *sure* you opened the right file? It's very easy to create multiple versions of the KBPX files, esp. with Dropbox trying to sync the differences.
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
JSHAW
Posts: 4514
Joined: Wed Oct 20, 2004 2:03 pm

Re: Storing Passwords

Post by JSHAW »

Storing passwords...in my head/brain.
ibdoomed
Posts: 1738
Joined: Tue Dec 11, 2007 4:52 pm

Re: Storing Passwords

Post by ibdoomed »

Using lastpass as well. My lastpass password is a line from a poem, I type it and don't let it save since it's so easy. I also underlined it in invisible ink and put the book in our safety deposit box at the bank, in case I die and the wife needs it.
User avatar
Giles Habibula
Posts: 6612
Joined: Sun Oct 17, 2004 10:38 am
Location: Bismarck, North Dakota USA

Re: Storing Passwords

Post by Giles Habibula »

ibdoomed wrote:Using lastpass as well. My lastpass password is a line from a poem, I type it and don't let it save since it's so easy. I also underlined it in invisible ink and put the book in our safety deposit box at the bank, in case I die and the wife needs it.
You should have picked a tougher poem. Please check your accounts.
Spoiler:
I'm kidding of course!
Yeah I know...I'm lame.
"I've been fighting with reality for over thirty-five years, and I'm happy to say that I finally won out over it." -- Elwood P. Dowd
User avatar
Hrdina
Posts: 2913
Joined: Sat Oct 16, 2004 6:18 pm
Location: Warren Cromartie Secondary School

Re: Storing Passwords

Post by Hrdina »

Giles Habibula wrote:
ibdoomed wrote:Using lastpass as well. My lastpass password is a line from a poem, I type it and don't let it save since it's so easy. I also underlined it in invisible ink and put the book in our safety deposit box at the bank, in case I die and the wife needs it.
You should have picked a tougher poem. Please check your accounts.
Spoiler:
I'm kidding of course!
Yeah I know...I'm lame.
That's the weirdest poem I've seen in a while.
Conform or be cast out!
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: Storing Passwords

Post by Jag »

Lastpass premium free for a year. Works for existing accounts. I already pay for premium, so I got free year.
User avatar
Carpet_pissr
Posts: 19979
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Storing Passwords

Post by Carpet_pissr »

I also pay for premium, but not sure why, except to support the ongoing development I guess. Really the only thing it gets you is mangled attempt at a mobile solution (at least on iOS, not sure if the Android implementation is better).

Literally, you get an app that just has the list of your passwords. In theory, it's supposed to allow you to run its own version of a browser, or somehow integrate with Safari, but it's awful.

If I am on mobile and I need to access, say my banking site online, I have to open the LastPass app, find the appropriate site, open the info, and copy the password (then paste it into the bank site's app or browser window). Ugh.
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: Storing Passwords

Post by Jag »

Carpet_pissr wrote:I also pay for premium, but not sure why, except to support the ongoing development I guess. Really the only thing it gets you is mangled attempt at a mobile solution (at least on iOS, not sure if the Android implementation is better).

Literally, you get an app that just has the list of your passwords. In theory, it's supposed to allow you to run its own version of a browser, or somehow integrate with Safari, but it's awful.

If I am on mobile and I need to access, say my banking site online, I have to open the LastPass app, find the appropriate site, open the info, and copy the password (then paste it into the bank site's app or browser window). Ugh.
It's not ideal, but at least I have access to those passwords when I'm away from my PC.
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: Storing Passwords

Post by Zaxxon »

The mobile app is very good on Android. It will auto-fill in Chrome and most apps, and the ones where it can't auto-fill, it'll pop up and give you buttons to copy the username/password so you still don't have to type it in. Happy LastPass Premium user here.
User avatar
Carpet_pissr
Posts: 19979
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Storing Passwords

Post by Carpet_pissr »

Zaxxon wrote:The mobile app is very good on Android. It will auto-fill in Chrome and most apps, and the ones where it can't auto-fill, it'll pop up and give you buttons to copy the username/password so you still don't have to type it in. Happy LastPass Premium user here.
You're kidding! I would kill for that implementation on iOS. Really, that's the way it should be...no idea why they can't get that to work (I assume some Apple restriction)
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: Storing Passwords

Post by Zaxxon »

I imagine that's probably the case.
User avatar
The Meal
Posts: 27987
Joined: Tue Oct 12, 2004 10:33 pm
Location: 2005 Stanley Cup Champion

Re: Storing Passwords

Post by The Meal »

1 Password does all that on the iOS platform. Also does a good job of integrating from the db on my phone to both my work and home PC chrome installations. Not sure you'd want to migrate, but you sounded pretty eager for the implementation of those functions.
"Better to talk to people than communicate via tweet." — Elontra
User avatar
Carpet_pissr
Posts: 19979
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: Storing Passwords

Post by Carpet_pissr »

The Meal wrote:1 Password does all that on the iOS platform. Also does a good job of integrating from the db on my phone to both my work and home PC chrome installations. Not sure you'd want to migrate, but you sounded pretty eager for the implementation of those functions.
Hmm, yeah, talk about a product with a HUGE disincentive for a customer to switch...ouch. I have sooo many entries in my LastPass vault it's not even funny.
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Storing Passwords

Post by Kasey Chang »

I was about to export my KeePass stuff and import them into LastPass and stop using it except for the most important stuff. :)
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
Mr. Fed
Posts: 15111
Joined: Tue Oct 12, 2004 11:05 pm
Location: Los Angeles, CA

Re: Storing Passwords

Post by Mr. Fed »

THanks for the pointer. Was looking for a program to start keeping PWs. Installed on new computer.
Popehat, a blog.
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: Storing Passwords

Post by Zaxxon »

LastPass becomes less clunky on iOS 8. Still not as slick as on Android, but it's an improvement.
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: Storing Passwords

Post by Jag »

Zaxxon wrote:LastPass becomes less clunky on iOS 8. Still not as slick as on Android, but it's an improvement.
Sweet. I love Lastpass + Xmarks.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: Storing Passwords

Post by Moliere »

Installed KeePass. I like the auto-type option so I can have a 32 random digit username and 32 random digit password without having to remember either.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: Storing Passwords

Post by Moliere »

How do you keep a keylogger from recording your Master Password? I found this old thread asking the same question and it seems there is no good answer without adding extra steps like authenticating through your Windows user account or adding a Key File. But I don't want to deal with carrying a Key FIle around with me or potentially losing it.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: Storing Passwords

Post by Zaxxon »

There's no 100% solution to prevent that. The realistic solution is to use two-factor authentication with your master password. That's what I do with LastPass.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: Storing Passwords

Post by Moliere »

Zaxxon wrote:There's no 100% solution to prevent that. The realistic solution is to use two-factor authentication with your master password. That's what I do with LastPass.
Since I am not using a two-factor authentication for the Master Password how exposed are my KeePass stored passwords? I use the Two-Channel Auto-Type Obfuscation feature in KeePass to hide the credentials as they're auto-typed into the individual sites.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: Storing Passwords

Post by Zaxxon »

I don't use KeePass so I don't know for sure. I would recommend turning on 2FA for anything that important, though.
Post Reply