help me find a great password manager
#17
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Come to think of it, any "cloud based" solution would be stored on the company's servers. The OP actually seems to want a local solution whose database he can copy to Dropbox or another cloud-storage service.
#18
Join Date: Aug 2010
Location: LAX
Programs: AA 2MM, SPG Gold, HH Diamond
Posts: 110
My understanding is that 1password actually uses dropbox to sync rather than it's own company servers.
#19
Join Date: Jun 2005
Location: Tri-State Area
Posts: 4,728
I don't any banking or credit card payments, paypal, etc. on my iDevices, only on MacBook and always with VPN opened. But I do shop on amazon, book plane tickets, etc. on my iDevices with VPN. I don't even know what the passwords are for most of the sites, I let 1Password generate them, and all I remember is my master password.
#20
Join Date: Sep 2010
Location: Bali, Indonesia
Programs: AA, DL, AK, UN, CN
Posts: 967
I went thru this a few months back. I couldn't find anything I liked. I found them insecure - they didn't ask for a master password to get access to sites.
I asked people about this and they said you need to secure your computer. This is silly, we all share our computer from time to time.
In the end I stuck with the Mac keychain which does ask for a password to access your other passwords.
Did I just get it wrong in my limited testing?
I asked people about this and they said you need to secure your computer. This is silly, we all share our computer from time to time.
In the end I stuck with the Mac keychain which does ask for a password to access your other passwords.
Did I just get it wrong in my limited testing?
#21
Join Date: Oct 2010
Location: On the road in North America....
Programs: UA 1MM, *G, Global Entry
Posts: 579
I went thru this a few months back. I couldn't find anything I liked. I found them insecure - they didn't ask for a master password to get access to sites.
I asked people about this and they said you need to secure your computer. This is silly, we all share our computer from time to time.
In the end I stuck with the Mac keychain which does ask for a password to access your other passwords.
Did I just get it wrong in my limited testing?
I asked people about this and they said you need to secure your computer. This is silly, we all share our computer from time to time.
In the end I stuck with the Mac keychain which does ask for a password to access your other passwords.
Did I just get it wrong in my limited testing?
I use 1Password, and it requires a password to access the password store. You can set a timeout for how long it'll stay unlocked each time you provide the password. I expect the others do something similar.
#22
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
You can set LastPass to require a password every time, too.
#24
Join Date: Apr 2000
Posts: 739
I trust the LastPass cloud a LOT MORE than I trust DropBox. DropBox is
the poster child for inept security.
I do wish that LastPass would provide an option to disable cloud storage
and sync on a site-by-site basis. There are some passwords that I simply
do not trust to any piece of software/storage.
My opinions of various password managers. Fine if you disagree. Everyone
gets to make their own decision.
The Good:
. . . . LastPass
. . . . Strip Lite Password Manager
. . . . Safe Wallet Password Manager
. . . . mSecure Password Manager
. . . . 1Password:
The latest edition has been changed to address the
problems of the earlier editions. Avoid the earlier
editions because .... they pad the master password
rather than hashing it, before encrypting it.
. . . . DataVault Password Manager
Hashes the password using SHA-256 and stores (only) the
hash (a good thing) in the iOS keyring (another good thing).
The Bad - Not Quite Good Enough:
. . . . My Eyes Only Secure Password Manager:
. . . . . . . . Maybe "good" - but only if you encrypt your backups.
. . . . . . . . Uses unsalted 512-bit RSA - not good-enough given that
. . . . . . . . rainbow tables exist for 512-bit and 768-bit primes
. . . . . . . .
. . . . Password Safe:
. . . . aka: iPassSafe
. . . . . . . . Can be cracked too easily because they pad the
. . . . . . . . master password rather than hashing it (before
. . . . . . . . encrypting it).
. . . . Keeper Password & Data Vault:
. . . . . . . . Does not "salt" the password; therefore vulnerable
. . . . . . . . to rainbow table attacks (instant and/or offline cracking).
. . . . SplashID Safe:
. . . . . . . . The master password is hard-coded in the application.
. . . . . . . . Not user changeable. Perhaps this belongs in the next
group ... . . . .
The Ugly:
. . . . Safe
. . . . aka: Safe Password
. . . . aka: Awesome Password Lite
. . . . aka: Password Lock Lite
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . iSecure Lite:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . Ultimate Password Manager:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . Secret Folder Lite:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
the poster child for inept security.
I do wish that LastPass would provide an option to disable cloud storage
and sync on a site-by-site basis. There are some passwords that I simply
do not trust to any piece of software/storage.
My opinions of various password managers. Fine if you disagree. Everyone
gets to make their own decision.
The Good:
. . . . LastPass
. . . . Strip Lite Password Manager
. . . . Safe Wallet Password Manager
. . . . mSecure Password Manager
. . . . 1Password:
The latest edition has been changed to address the
problems of the earlier editions. Avoid the earlier
editions because .... they pad the master password
rather than hashing it, before encrypting it.
. . . . DataVault Password Manager
Hashes the password using SHA-256 and stores (only) the
hash (a good thing) in the iOS keyring (another good thing).
The Bad - Not Quite Good Enough:
. . . . My Eyes Only Secure Password Manager:
. . . . . . . . Maybe "good" - but only if you encrypt your backups.
. . . . . . . . Uses unsalted 512-bit RSA - not good-enough given that
. . . . . . . . rainbow tables exist for 512-bit and 768-bit primes
. . . . . . . .
. . . . Password Safe:
. . . . aka: iPassSafe
. . . . . . . . Can be cracked too easily because they pad the
. . . . . . . . master password rather than hashing it (before
. . . . . . . . encrypting it).
. . . . Keeper Password & Data Vault:
. . . . . . . . Does not "salt" the password; therefore vulnerable
. . . . . . . . to rainbow table attacks (instant and/or offline cracking).
. . . . SplashID Safe:
. . . . . . . . The master password is hard-coded in the application.
. . . . . . . . Not user changeable. Perhaps this belongs in the next
group ... . . . .
The Ugly:
. . . . Safe
. . . . aka: Safe Password
. . . . aka: Awesome Password Lite
. . . . aka: Password Lock Lite
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . iSecure Lite:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . Ultimate Password Manager:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
. . . . Secret Folder Lite:
. . . . . . . . All user account & password data is stored as plain-text.
. . . . . . . . No encryption whatsoever.
#25
Join Date: Sep 2010
Location: Bali, Indonesia
Programs: AA, DL, AK, UN, CN
Posts: 967
Thanks for the thread and advice! I went with LastPass cuz it's free (for my Mac anyway). It's great - although I don't see the timeout that maybe 1Password has. But I do have it setup to require passwords on login.
#26
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Look under Preferences -> General. The top of the page has two options: Auto logoff when all browsers have been closed for x minutes, and Auto Logoff when idle for X minutes.
#27
Join Date: Oct 2012
Posts: 6
+1 for Dashlane
I'm using Dashlane with Windows and Android devices. I have no idea if it meets your needs.
https://play.google.com/store/apps/d...dashlane&hl=en
https://play.google.com/store/apps/d...dashlane&hl=en
#28
Join Date: Oct 2012
Posts: 2
How do you like Dashlane?
I'm using Dashlane with Windows and Android devices. I have no idea if it meets your needs.
https://play.google.com/store/apps/d...dashlane&hl=en
https://play.google.com/store/apps/d...dashlane&hl=en
#29
Join Date: Oct 2012
Posts: 6
I'm using Dashlane with Windows and Android devices. I have no idea if it meets your needs.
https://play.google.com/store/apps/d...dashlane&hl=en
https://play.google.com/store/apps/d...dashlane&hl=en