Password manager
#17
Join Date: Jan 2003
Posts: 3,785
I have been using LastPass for a while, but I just want to give a warning about the password to Lastpass: Make sure you remember it. I remember mine because I type it to log in every day. But I set one up for my wife where she just left it logged in on her laptop browser. It was fine until the laptop dies... I put in a hint that was so cryptic that I can't even figured out what it was. And you cannot recover the password unless you have a browser that was used to connected to Lastpass, and her computer died. It doesn't matter if you have control of the email that registered with the account, you won't be able to recover the password. We were lucky because I finally able to find the password that I have stored on my computer.. took lots of digging. I think if you have a paid account, you could set up a recovery method or something, but you have to do it ahead of the time.
#20
Join Date: Feb 2011
Location: Virginia
Posts: 110
I have a Keepass file that I manage on my computer, store on two different cloud services, and download to my phone. I get all the benefits of password security without being tied to a service/fees.
The main downsides are that there is some manual uploading/downloading of the file, and that passwords don't get automatically entered in my browser.
The main downsides are that there is some manual uploading/downloading of the file, and that passwords don't get automatically entered in my browser.
#21
Join Date: Oct 2001
Location: Pittsburgh, PA
Posts: 324
I do something similar. I use KeePass and sync my encrypted file to my Google Drive. I feel pretty confident about the security of my Drive (very strong password, and 2FA is set up with a YubiKey). Even in the unlikely event of a breach, the KeePass file itself is encrypted (with another, and very different) strong password.
#24
Join Date: Nov 2006
Programs: Seniors Bus Pass
Posts: 5,529
#25
FlyerTalk Evangelist
Join Date: May 2006
Location: DTW, but drive to/from YYZ/ORD
Programs: Chase Ultimate Rewards 2MM, Diner Club points
Posts: 31,911
If you have 2FA for an account, what additional security is provided by using a password manager?
how do you manage password managers on multiple devices
how do you manage password managers on multiple devices
#27
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Password managers make it trivially easy to use a unique random password on each website. That way people can't use a password from your account on a compromised website, on a new website where you may have used the same password (as most people do). Therefore they won't even get as far as getting a MFA prompt.
Multiple devices depends on the password manager. If you use something like the Apple password manager it will work seamlessly on iPad/iPhone/Mac but nowhere else. Chrome's password manager works only on Chrome. But other third party ones (1Password, Lastpass, Keepass, Bitwarden etc) also work seamlessly when you install them. I use 1Password on my iDevices with the 1Password app, and on Chrome with the Chrome extension.
Multiple devices depends on the password manager. If you use something like the Apple password manager it will work seamlessly on iPad/iPhone/Mac but nowhere else. Chrome's password manager works only on Chrome. But other third party ones (1Password, Lastpass, Keepass, Bitwarden etc) also work seamlessly when you install them. I use 1Password on my iDevices with the 1Password app, and on Chrome with the Chrome extension.
#28
Join Date: Apr 2022
Programs: AA: EXP Delta: DM
Posts: 61
I'm a solid 1Password user.. I've tried them all.
I did look at Dashlane, their attachment implementation is horrible. In 1Password, I can create an entry for my Passport, with all fields and I can actually link an image of my actual passport to that same record, such a novel concept! Dashlane keeps documents in their own section.
Bitwarden looks like Windows 3.1, horrible UI and requires a paid sub for attachments, so at that point you lose the "it's free" data point
Bitwarden does not support passkeys on mobile devices
Bitwarden does not support password auditing in the app, only on website. Checks for dupes, weak passwords, lists sites that can use 2FA and passkeys
LastPass is a security nightmare
I'll add.. since this is a forum for travelers, 1Password includes unique vaults that can be put in a "travel mode" so they will not appear in your 1Password app.. if you were to have sensitive material, you could put them in one of these vaults to avoid inspection. I've never been too concerned, but I do keep a vault for my business and my mother's details. They are not accessible on my phone when traveling. if I need them, I can use a browser and re-enable them when I am at my destination. Bitwarden does not have this functionality
I don't mind paying for a service that works for me, hands down 1Password is my best solution.
I did look at Dashlane, their attachment implementation is horrible. In 1Password, I can create an entry for my Passport, with all fields and I can actually link an image of my actual passport to that same record, such a novel concept! Dashlane keeps documents in their own section.
Bitwarden looks like Windows 3.1, horrible UI and requires a paid sub for attachments, so at that point you lose the "it's free" data point
Bitwarden does not support passkeys on mobile devices
Bitwarden does not support password auditing in the app, only on website. Checks for dupes, weak passwords, lists sites that can use 2FA and passkeys
LastPass is a security nightmare
I'll add.. since this is a forum for travelers, 1Password includes unique vaults that can be put in a "travel mode" so they will not appear in your 1Password app.. if you were to have sensitive material, you could put them in one of these vaults to avoid inspection. I've never been too concerned, but I do keep a vault for my business and my mother's details. They are not accessible on my phone when traveling. if I need them, I can use a browser and re-enable them when I am at my destination. Bitwarden does not have this functionality
I don't mind paying for a service that works for me, hands down 1Password is my best solution.
Last edited by Igene; Jan 12, 2024 at 3:17 pm
#29
Join Date: Apr 2022
Programs: AA: EXP Delta: DM
Posts: 61
#30
Join Date: Jan 2015
Posts: 2,918
Many web-based password managers sync via cloud. Personally I use KeePass which is not (by default) web-enabled. I manually sync my password whenever I make a significantly change in the DB (this also encourages me to make backups). But I also do this out of paranoia as a breach of the PW manager site is virtually impossible (cloud based say that their DBs can't be breached but you never know).
I'll add.. since this is a forum for travelers, 1Password includes unique vaults that can be put in a "travel mode" so they will not appear in your 1Password app.. if you were to have sensitive material, you could put them in one of these vaults to avoid inspection. I've never been too concerned, but I do keep a vault for my business and my mother's details. They are not accessible on my phone when traveling. if I need them, I can use a browser and re-enable them when I am at my destination. Bitwarden does not have this functionality