I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.
I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.
I do not trust password managers. There’s a saying that goes ‘do not put all of your eggs in one basket’ and that’s what I don’t do. Mobile, Desktop, whatever, I don’t use a single password manager. It wasn’t long ago that a password management company was compromised, right? What are the odds that similar circumstances could happen on another password management company? It’d be a disaster.
Whatever happened to just simply having a notepad program/app and documenting your passwords onto there?
Ironic to the contrary, I’ve caught myself using browsers such as chrome to save my passwords for easier log in. But that’s simply out of my decaying memory due to age, not necessarily because I have a bias with Google and I trust them with everything. I still don’t trust them with everything.
Keeping a text file with passwords in clear text is so much less secure than a proper password manager. Even if the company is breached, at least they are encrypted by a master password and take significant time and effort to brute force. That text file is readable by anyone who gets their hands on it, and with the prevalence of malware, it’s a pretty huge gamble to store passwords on your own computer where you are ultimately the only person responsible for your cyber security.
People are assuming I just have my passwords littered out on open desktop and in My Documents? Little naive to assume so, when there exists and I have used programs like TrueCrypt to encrypt partitions of private data including those passwords in. Like, good luck getting through that. And, what more, is that master passwords are stored in expansive media and not just strewn about for anyone to just grab and use. They’re never on my desktop nor any system I use.
Are you suggesting keeping a plaintext file for all your credentials is preferable to an encrypted password vault?
Lastpass was the company breached - I closed my account soon after, but moved to 1Password.
The way it’s supposed to work is the password vaults are encrypted. Only knowing the passphrase should decrypt it. So while Lastpass had a bunch of stuff leak, which I think included some vaults - as long as you have a strong passphrase it shouldn’t be possible to crack.
Conversely, if you get some malware scooping your files, as soon as they have that plaintext file on your desktop they own every single credential in there
Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.
To add to this, I use a self-hosted version of bitwarden. My favourite feature so far would be being able to fill TOTP seamlessly for websites that has TOTP added as 2FA.
The moment I select an account to autofill on any device and login, the TOTP is automatically copied to the clipboard.
It feels seamless as hell to use the auto-generated TOTPs compared to diving in to emails, checking texts, bringing up google authenticator, etc. I can’t go back.
Same. I actually have a family account, which has been an absolute blessing with kids. They know their own passwords now and no longer come to me wanting/needing to know their password for Xbox/Gmail/playstation/whatever everyother damned day. Also, if they need to know the Netflix password, they can check it too, because that’s shared with them. It’s brilliant. I’m honestly not sure how I lived without bittwarden.
I haven’t enjoyed their forced upgrades and pulled features that they do occasionally; 1password 6 on mobile and linux usability.
I mostly only recommend 1password for teams that need to drag and drop credentials into various shared vaults on mobile and desktop and don’t mind paying subscription fees.
I moved over from Lastpass to Bitwarden about 4 or 5 years ago. From a user and UI experience, the apps are almost identical, except Bitwarden is themed blue, instead of red. I use 1pass for work, but I feel their UI is a little more clunky, I still Bitwarden over it, personally.
With that said, any password manager is better than no password manager (except Last Pass… fuck those guys)
Same, switching from LastPass to 1Password within the last year.
Question: does it annoy you how often you have to type the Master Password into 1Password? I feel like they really need to enable a “don’t prompt on this computer” option. Granted it’s less secure, but since the machine I use most is a desktop computer in a secure location, that’s a choice I’d like to make for myself. As it is now, I have my Master Password displaying in an always-open text document which is a terrible alternative.
Also putting in a good word for 1password, got the family plan and it’s honestly not that expensive. Well worth it especially for sharing passwords. Don’t need to text them back and forth anymore.
Been using the keepass format with varying applications for about 14 years. I used to host it in SVN repo for that sweet sweet cloud access! Not that smart im retrospec… I feel like you shouldnt trust your passwords to the cloud, especially if their thing is password management. Last pass for example is under constant battery from attackers.
I personally use KeepassXC on my laptop and KeepassDX on my phone, and keep them synchronized with Syncthing. Works great, and no need for third-party / cloud storage!
For a very long time I only used browser stored passwords; at one point I wanted to use Vivaldi on my smartphone, but at the beginning it didn’t have password sync, so I had to figure out something. I think this is when I first tried LastPass, but got discouraged from using it by 1) their security incidents and 2) them removing mobile device sync from their free tier. This is when I switched over to BitWarden, which I’ve been using ever since; I’m currently even considering hosting my own instance of it.
You need to first pick a password manager, imo bitwarden is the best. You set up which email and master password, and then you start going around to all the sites you frequently use and logging in, so the password manager offers to save the password. Once you’ve got your main sites, usually there is a security option that shows you which sites have weak passwords or where you’ve reused a password a lot (on bitwarden it’s only on the site, not the app https://bitwarden.com/help/reports/). Those are the ones that probably need changed first. You can then add your less frequently used sites over time as you use them.
It can be some work to initially set up, but once it’s done you’re pretty much set. I went from reusing the same 3-4 passwords everywhere to having a unique login for every site. Seeing 210 saved logins really puts into perspective how much a password manager helps tbh.
No, just install it and every time you use a password that isn’t in the database you’ll get prompted to add it. One of them major benefits though is being able to use large, complex, random passwords. So, it is strongly recommended to switch your passwords over. You can do it as fast or slow as makes sense for you.
I just switched recently from using insecure passwords to using KeePass. I was dreading the change, but it’s very easy.
I changed all my important passwords to highly secure, randomly generated ones and saved them to my KeePass database. That’s it. Took me like 30 minutes. Frankly I didn’t bother with accounts that don’t have any important info on them.
The upside and downside of KeePass is you have to keep track of your database file - it isn’t stored on the cloud, so unlikely to get hacked, but if you lose the file or your master password then it’s gone forever. If the cloud hosting isn’t an issue for you and you like that level of convenience, then maybe Bitwarden is a better choice.
I don’t use a PM because I’m too paranoid about losing access to it (hardware failure, file corruption), thus losing access to all accounts it protects. I end up writing down my passwords on paper. Not the full thing, just a personal reminder.
The real irony is that an “easily stolen” piece of paper is safer than anything i leave on my computer or phone
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.
I use both bitwarden and chrome.
I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.
I’m a longtime free user, what does the premium service offer?
If I’m being honest, I couldn’t even tell you. Maybe emergency access for a family member? That sounds right.
Hardware keys like Yubikey
I do not trust password managers. There’s a saying that goes ‘do not put all of your eggs in one basket’ and that’s what I don’t do. Mobile, Desktop, whatever, I don’t use a single password manager. It wasn’t long ago that a password management company was compromised, right? What are the odds that similar circumstances could happen on another password management company? It’d be a disaster.
Whatever happened to just simply having a notepad program/app and documenting your passwords onto there?
Ironic to the contrary, I’ve caught myself using browsers such as chrome to save my passwords for easier log in. But that’s simply out of my decaying memory due to age, not necessarily because I have a bias with Google and I trust them with everything. I still don’t trust them with everything.
Keeping a text file with passwords in clear text is so much less secure than a proper password manager. Even if the company is breached, at least they are encrypted by a master password and take significant time and effort to brute force. That text file is readable by anyone who gets their hands on it, and with the prevalence of malware, it’s a pretty huge gamble to store passwords on your own computer where you are ultimately the only person responsible for your cyber security.
People are assuming I just have my passwords littered out on open desktop and in My Documents? Little naive to assume so, when there exists and I have used programs like TrueCrypt to encrypt partitions of private data including those passwords in. Like, good luck getting through that. And, what more, is that master passwords are stored in expansive media and not just strewn about for anyone to just grab and use. They’re never on my desktop nor any system I use.
So please, don’t just assume I am that careless…
And no I will still not use a password manager.
deleted by creator
Are you suggesting keeping a plaintext file for all your credentials is preferable to an encrypted password vault?
Lastpass was the company breached - I closed my account soon after, but moved to 1Password.
The way it’s supposed to work is the password vaults are encrypted. Only knowing the passphrase should decrypt it. So while Lastpass had a bunch of stuff leak, which I think included some vaults - as long as you have a strong passphrase it shouldn’t be possible to crack.
Conversely, if you get some malware scooping your files, as soon as they have that plaintext file on your desktop they own every single credential in there
Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.
To add to this, I use a self-hosted version of bitwarden. My favourite feature so far would be being able to fill TOTP seamlessly for websites that has TOTP added as 2FA.
The moment I select an account to autofill on any device and login, the TOTP is automatically copied to the clipboard.
It feels seamless as hell to use the auto-generated TOTPs compared to diving in to emails, checking texts, bringing up google authenticator, etc. I can’t go back.
Same. I actually have a family account, which has been an absolute blessing with kids. They know their own passwords now and no longer come to me wanting/needing to know their password for Xbox/Gmail/playstation/whatever everyother damned day. Also, if they need to know the Netflix password, they can check it too, because that’s shared with them. It’s brilliant. I’m honestly not sure how I lived without bittwarden.
I can safely say that I lived poorly, and far less securely, before I started using one.
Ive used 1password since almost the beginning. Cant say I have any complaints at all!
I haven’t enjoyed their forced upgrades and pulled features that they do occasionally; 1password 6 on mobile and linux usability.
I mostly only recommend 1password for teams that need to drag and drop credentials into various shared vaults on mobile and desktop and don’t mind paying subscription fees.
KeePassXC is the only password manager i trust, and the only place I’d store actually important passwords
I’m curious, how do you manage passwords in your web browser? Do you use the keepassxc browser extension? Or just copy-paste from keepassxc manually?
I use Keepaas for PC and KeepassXC on Android, sync with FTP. I use autotype feature of Keepass when I want to login on the browser
Using Bitwarden here. All is good but sometimes the auto-fill feature doesn’t work well.
Enabled the “accessibility” option?
Lots of love for Bitwarden in this thread; I’d also like to pitch in with 1Password. It’s got a great UX and I even got my mom on board.
Used to use Lastpass since ~2013; really glad I switched last year. Lastpass has turned to absolute shit.
I moved over from Lastpass to Bitwarden about 4 or 5 years ago. From a user and UI experience, the apps are almost identical, except Bitwarden is themed blue, instead of red. I use 1pass for work, but I feel their UI is a little more clunky, I still Bitwarden over it, personally.
With that said, any password manager is better than no password manager (except Last Pass… fuck those guys)
Same, switching from LastPass to 1Password within the last year.
Question: does it annoy you how often you have to type the Master Password into 1Password? I feel like they really need to enable a “don’t prompt on this computer” option. Granted it’s less secure, but since the machine I use most is a desktop computer in a secure location, that’s a choice I’d like to make for myself. As it is now, I have my Master Password displaying in an always-open text document which is a terrible alternative.
You can configure when 1Password auto-locks and there by requires login again.
It will still requires periodic login, but you can minimize it to 1 time per reboot if you want.
Regarding the android app, then they should be working on a pincode solution.
AH! Thank you so much! I think this may be an option they’ve added recently. So glad to have that ability now!
I removed the setting that required login if the computer was locked and configured it to be unlocked for 8 hours.
Also putting in a good word for 1password, got the family plan and it’s honestly not that expensive. Well worth it especially for sharing passwords. Don’t need to text them back and forth anymore.
Been using the keepass format with varying applications for about 14 years. I used to host it in SVN repo for that sweet sweet cloud access! Not that smart im retrospec… I feel like you shouldnt trust your passwords to the cloud, especially if their thing is password management. Last pass for example is under constant battery from attackers.
I personally use KeepassXC on my laptop and KeepassDX on my phone, and keep them synchronized with Syncthing. Works great, and no need for third-party / cloud storage!
For a very long time I only used browser stored passwords; at one point I wanted to use Vivaldi on my smartphone, but at the beginning it didn’t have password sync, so I had to figure out something. I think this is when I first tried LastPass, but got discouraged from using it by 1) their security incidents and 2) them removing mobile device sync from their free tier. This is when I switched over to BitWarden, which I’ve been using ever since; I’m currently even considering hosting my own instance of it.
Using Bitwarden for password manager, Aegis for 2fa, been working great for me so far.
How do I get started to use one? Do I need to change the password for everything for the first time?
Edit: Thanks for such detailed responses everyone. Installed Bitwarden.
You don’t need to, but it probably wouldn’t be a bad idea unless you were already using fairly complex passwords.
For a lot of them, you set up the service, then as you log into things, it asks if you’d like to save the login credentials you just used.
You need to first pick a password manager, imo bitwarden is the best. You set up which email and master password, and then you start going around to all the sites you frequently use and logging in, so the password manager offers to save the password. Once you’ve got your main sites, usually there is a security option that shows you which sites have weak passwords or where you’ve reused a password a lot (on bitwarden it’s only on the site, not the app https://bitwarden.com/help/reports/). Those are the ones that probably need changed first. You can then add your less frequently used sites over time as you use them.
It can be some work to initially set up, but once it’s done you’re pretty much set. I went from reusing the same 3-4 passwords everywhere to having a unique login for every site. Seeing 210 saved logins really puts into perspective how much a password manager helps tbh.
No, just install it and every time you use a password that isn’t in the database you’ll get prompted to add it. One of them major benefits though is being able to use large, complex, random passwords. So, it is strongly recommended to switch your passwords over. You can do it as fast or slow as makes sense for you.
I just switched recently from using insecure passwords to using KeePass. I was dreading the change, but it’s very easy.
I changed all my important passwords to highly secure, randomly generated ones and saved them to my KeePass database. That’s it. Took me like 30 minutes. Frankly I didn’t bother with accounts that don’t have any important info on them.
The upside and downside of KeePass is you have to keep track of your database file - it isn’t stored on the cloud, so unlikely to get hacked, but if you lose the file or your master password then it’s gone forever. If the cloud hosting isn’t an issue for you and you like that level of convenience, then maybe Bitwarden is a better choice.
First step is just installing one and using it. Let it save your accounts and current passwords as you use them.
As you add accounts, if you know you reuse the same password for some accounts, change those passwords to a randomly generated one with the manager.
As others have mentioned Bitwarden integrates really well on desktop and Android. Highly recommend it.
I don’t use a PM because I’m too paranoid about losing access to it (hardware failure, file corruption), thus losing access to all accounts it protects. I end up writing down my passwords on paper. Not the full thing, just a personal reminder.
The real irony is that an “easily stolen” piece of paper is safer than anything i leave on my computer or phone
It’s 1Password for me. Looks good, works good and is available for every platform that I use.
For work I use KeepasXC and Bitwarden+Vaultwarden as well.