Password Managers

  • 16 Replies
  • 5341 Views
*

Offline andrews

  • Bronze Member
  • 15
Password Managers
« on: February 15, 2013, 09:15:07 AM »
Hello,

     I am looking into the benefits of utilizing a password manager, in order to make it easier to build stronger passwords for the sites that I visit without having to remember them each time I log in.  I searched for"password manager" on your site, but there were no entries listed, so hopefully I am not seeking help for soemthing that is repeated ad nauseum on your site.  The one freeware product that I saw highly recommended was called Keepass, I believe.  Do you have any suggestions on whether these kinds of programs are truly safe and which are the better ones out there?  I try not to pay for any software, so I'd be looking for something free.  Thank you,

Andrew

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Password Managers
« Reply #1 on: February 15, 2013, 09:57:53 AM »
Hi,

Here's a place I highly recommend to use as a source of freeware and shareware.  It is completely clean, and scans all software posted on the site for malware.  I've used it for years and recommended it to many members without any reported problems.  http://www.snapfiles.com.  If you search there for password manager, you will find a lot of free and low cost shareware.  http://www.snapfiles.com/downloadfind.php?st=password+manager&action=s&offset=10&search_action=&lc=4&searchsort=  You might want to browse there and check out the free ones.  Among those is KeePass, and it is highly rated, so you might want to try it.  I've been a long term user of Roboform, and originally purchased my license so many years ago that the cost was truly nominal at the time, and the license was "lifetime".  One of the things I like about that package is it is cross platform, and I can use it in Windows as well as Linux, an iPad, a smart phone, and a Kindle Fire.  I am pretty certain that KeePass is available at least for Linux as well as Windows.

One of the things you do need to be careful with is browser compatibility.  Many of the free ones are limited to a single browser, whereas one like Roboform works across browser platforms.  It would be really inconvenient to have a bunch of passwords saved in one package and then change browsers and discover that the password manager you are using won't work with your new browser.  So, watch for that issue.
« Last Edit: February 15, 2013, 10:06:12 AM by PCBruiser »
Don't Read?  Can't learn!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27175
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Password Managers
« Reply #2 on: February 15, 2013, 03:34:55 PM »
I do use Keepass and recommend it highly. I have my Keepass files on a SD card and it is protected with a password that is over 20 characters long and a 256 bit (If I remember correctly) master key file. The pair keeps my passwords safe. The SD card makes it portable.

I don't worry about browser compatibility because I use the drag and drop feature of Keepass instead of the autotype options.

If there is one problem with Keepass it is that I tend to use very long passwords, and some sites do not allow more than a dozen characters or so.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: Password Managers
« Reply #3 on: February 15, 2013, 05:48:11 PM »
Correct me if I'm wrong, but with Roboform, if someone gets access to your device, they can log into anything?
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Password Managers
« Reply #4 on: February 16, 2013, 09:50:11 AM »
Correct me if I'm wrong, but with Roboform, if someone gets access to your device, they can log into anything?

No, they can't.  Roboform uses a master password to protect the password data.  There is no access to any of the data it contains unless you have that password.  And, all the data is encrypted.  I think it uses AES.
« Last Edit: February 16, 2013, 09:54:24 AM by PCBruiser »
Don't Read?  Can't learn!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27175
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Password Managers
« Reply #5 on: February 16, 2013, 11:15:17 AM »
It sounds as if Roboform has a similar security system to Keepass. If you get access to whatever it is stored on, chances are you will not be able to get into the passwords. It would probably require more computing power to get into them than it would to just try hacking whatever it is storing passwords for.

But if someone where to leave their password program open and unlocked, then it would probably be easy to get the passwords out of it.

That brings up a whole other issue. Security on your system when you are sitting in front of the keyboard. Do you leave everything unlocked, or do you secure it when you are done with it? Do you have your browsers remember the passwords? If you do, then having a program for maintaining your passwords is meaningless.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: Password Managers
« Reply #6 on: February 16, 2013, 03:30:36 PM »
What I meant was, since there is a toolbar on your browser, can anyone who gains access to your PC, just open the browser, use the drop down to log onto all of your password protected sites?

Currently what I use is a simple Word file, that I encrypt using AxCrypt. 

It is a hassle, however, to have to open the Word file and search it every time I log onto a site, so a PW manager would make life a lot easier, if it was secure.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27175
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Password Managers
« Reply #7 on: February 16, 2013, 03:53:52 PM »
With Keepass you can set it to relock after so many seconds. This lets you logon to a page then it relocks.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: Password Managers
« Reply #8 on: February 16, 2013, 06:07:30 PM »
That is very nice.  I'm gonna look at it.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline andrews

  • Bronze Member
  • 15
Re: Password Managers
« Reply #9 on: February 16, 2013, 06:57:23 PM »
It sounds like KeePass is safe to use, even if kept on my computer, especially as long as it is closed after use.  I'll download that.  Thank you also for the Snapfiles rec.

Andy

*

Offline andrews

  • Bronze Member
  • 15
Re: Password Managers
« Reply #10 on: February 17, 2013, 09:01:02 AM »
As a side note, when I started this thread I had installed LastPass free edition and used it to save some login info.  I would be able to go back to the site and be able to login easily.  After I ran ATF Cleaner, however, the info for logins did not seem to be readily available and I had to retype it manually.  The little red circles in the field boxes were gone, so there was nothing to click on to retrieve info that I could see.  I run ATF Cleaner regularly, so this would be a problem unless I am missing something easy.  I am seeing some reviews describing KeePass as being more technical and difficult to use than some of the other programs.  I am just wondering if the programs that store the data in the cloud get circumvented when you clear TIFs or something like that?  Not sure this all works.  Thank you,

Andy

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27175
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Password Managers
« Reply #11 on: February 17, 2013, 09:57:08 AM »
From what you are describing, you had your browser set to remember your login info. When you used ATF to clean your machine, that info was erased. Having your browser remember your passwords is not a real safe way to do it.

As for Keepass being technical, I suppose it is. But it is also very easy to use. Once you have entered in your username and password, for most pages you can just drag and drop. It also has a way to save answers to those security questions, so you can use whatever answer you want, not just the correct one.

Just be aware there are two versions, the classic version (which is much easier to use) and the profesional version (which has all the nice features in it). Both are free, and both are easy to use if you want to put a little time into learning to using it.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: Password Managers
« Reply #12 on: February 17, 2013, 03:36:22 PM »
I've been playing with it since yesterday.  Pretty poor tutorial and help files and a bit of a slow learning curve, but once past that, it is an excellent program.  Very slick and convenient to use.  I recommend the pro version as it does make some things easier.  Also, if you need help using it, just post here.

Hoov, a question for you.  On sites that use the miniature keyboard to enter passwords, can KeePass be used?
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27175
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Password Managers
« Reply #13 on: February 17, 2013, 04:33:29 PM »
So far I have not found a site that you could not use it on. Most will allow the drag and drop, but some you have to do the copy and paste route.

I have not run into any sites with the miniature keyboards so I am not 100% sure.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: Password Managers
« Reply #14 on: February 17, 2013, 04:49:32 PM »
Thanks Hoov.  Can you give me a quick tut on how to sync the database on multiple pcs on the same network?
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte