# Best password manager? What are you using?



## MannDude (Jul 9, 2013)

What do you think the best password manager is? I know a lot of people use LastPass, while convenient it's still worries me a tad that it's all web-based. Are there any non-web based password managers that work with browsers to automatically insert and generate strong passwords?

What do you use, and why?


----------



## KuJoe (Jul 9, 2013)

KeePass is my favorite and I can use it on my PC and my phone. I like the auto-type feature for entering username + password in any window or you can double click on the password field and it will stay in your clipboard for X seconds or until you paste 1 time.

The 2.x version has a lot of nice features like keylogger avoidance (will type your username and password in weird configurations) but it's not compatible with Android to my knowledge so I'm using 1.x still (both get updated and patched).


----------



## mikho (Jul 9, 2013)

Keepass is what I use, save it to dropbox and sync it with phones, tablet, computers.


Always with me and versioned via dropbox.


----------



## jarland (Jul 9, 2013)

A paper notebook wrapped with barbed wire and I keep a gun on me at all times. You think your passwords are safe. Mine leaves a trail of blood, mostly my own.


----------



## jcaleb (Jul 9, 2013)

MannDude said:


> What do you use, and why?


My wife's head.  She doesn't forget dates of birthdays and anniversaries.  And so does in remembering passwords


----------



## vanarp (Jul 9, 2013)

I have been using LastPass for a while and in love with it. Recently started using KeePassX (little different from KeePass) too. For now keeping both of them in sync as I might discontinue to use LastPass some day on security grounds.


----------



## vanarp (Jul 9, 2013)

jcaleb said:


> And so does in remembering passwords


 
Is she always with you?


----------



## mikho (Jul 9, 2013)

vanarp said:


> Is she always with you?


Atleast her head.


----------



## Aldryic C'boas (Jul 9, 2013)

Encrypted microSD card with USB adapter. My general rule of caution is - anything I can access remotely, someone else can also access remotely. No exceptions.


As far as generation, I've found that *`pwgen -yB 20 1`* works fine.


----------



## SeriesN (Jul 9, 2013)

Notepad, synched with googledrive and my gmail requires double auth. Now if I lose my phone........


----------



## threz (Jul 9, 2013)

jcaleb said:


> My wife's head.  She doesn't forget dates of birthdays and anniversaries.  And so does in remembering passwords


I'm in awe. I've got ~45 passwords in my password manager... how does she remember that many unique passwords? 

I use Dashlane and received their sync-for-life benefit that they rolled out with version 2.0 for those who were around during their beta.


----------



## fapvps (Jul 9, 2013)

+1 for KeePass


----------



## Ivan (Jul 9, 2013)

jcaleb said:


> My wife's head.  She doesn't forget dates of birthdays and anniversaries.  And so does in remembering passwords


That was rather unexpected. Oh well, +1!


----------



## egihosting (Jul 9, 2013)

We recommend Password Safe and it seems to work quite well.


----------



## perennate (Jul 9, 2013)

GUI is annoying, I recommend command-line tool like "pass" -- http://zx2c4.com/projects/password-store/

You can copy to clipboard with -c or something.


----------



## D. Strout (Jul 9, 2013)

I used to use KeePass, and if 2.0's Linux support actually existed beyond Wine and Mono, I would still use it. It has all the features I want, and I've actually talked over e-mail with the guy who writes it, Dominic, and he's very nice. Now I use LastPass instead, but I really don't like it much, _especially_ the Chrome extension. Chrome extensions can't create separate windows for dialogs like adding a site or generating passwords, so LP for Chrome does it hack-ishly by using new tabs, and for the prompt for filling in a password on sites it recognizes, it creates an element in the HTML that is stuck to the top of the page. This element is often interfered with by the CSS on the page, does a poor job of staying at the top, and sometimes refuses to close when you click the X button. Furthermore, LP puts a little icon in the textboxes/password boxes it fills, interfering with the CSS that was applied to them. All around, it's very ugly, and I really wish there were a better solution with true cross platform support, and which leaves me in complete control of the password file. But there isn't, so I have to use LastPass.


----------



## threz (Jul 9, 2013)

D. Strout said:


> I used to use KeePass, and if 2.0's Linux support actually existed beyond Wine and Mono, I would still use it. It has all the features I want, and I've actually talked over e-mail with the guy who writes it, Dominic, and he's very nice. Now I use LastPass instead, but I really don't like it much, _especially_ the Chrome extension. Chrome extensions can't create separate windows for dialogs like adding a site or generating passwords, so LP for Chrome does it hack-ishly by using new tabs, and for the prompt for filling in a password on sites it recognizes, it creates an element in the HTML that is stuck to the top of the page. This element is often interfered with by the CSS on the page, does a poor job of staying at the top, and sometimes refuses to close when you click the X button. Furthermore, LP puts a little icon in the textboxes/password boxes it fills, interfering with the CSS that was applied to them. All around, it's very ugly, and I really wish there were a better solution with true cross platform support, and which leaves me in complete control of the password file. But there isn't, so I have to use LastPass.


Dashlane uses a similar model as LastPass, except it doesn't completely reside in the browser. There is a separate Windows of OSX application that pops up if the browser plugin wants to interact with it. You can disable the logo showing up in form fields, though it still does pop up a window asking if you want to generate a password or save credentials and such. 

It's not perfect, but I found it nicer than LastPass. They seem to be updating things on a fairly regular schedule too.


----------



## drmike (Jul 9, 2013)

Aldryic C said:


> As far as generation, I've found that `pwgen -yB 20 1` works fine.


Slick and small   I like it. 

Now where to store the darn things...

Store mine increasingly more often locally in KeepNote.


----------



## D. Strout (Jul 9, 2013)

threz said:


> Dashlane uses a similar model as LastPass, except it doesn't completely reside in the browser. There is a separate Windows of OSX application that pops up if the browser plugin wants to interact with it. You can disable the logo showing up in form fields, though it still does pop up a window asking if you want to generate a password or save credentials and such.
> 
> It's not perfect, but I found it nicer than LastPass. They seem to be updating things on a fairly regular schedule too.


Without using it, Dashlane seems nice, but there is no Linux support and I've seen complaints about high memory usage. A no-go, unfortunately.


----------



## jcaleb (Jul 9, 2013)

Just joking with my wife. But I do call her sometime when I forget the PIN of my ATM card


----------



## drmike (Jul 9, 2013)

jcaleb said:


> I do call her sometime when I forget the PIN of my ATM card


Sounds like the wife likes using the card


----------



## sv01 (Jul 9, 2013)

I use KeePassX


----------



## LeurMin (Jul 9, 2013)

i use Roboform for a long time similar to LastPass where you can use it anywhere on the go. It has mobile app as well


----------



## LeurMin (Jul 9, 2013)

KeePass is good as well, my company where i work for is using it.


----------



## mpkossen (Jul 9, 2013)

I've been using LastPass for a while now, combined with by YubiKey (and a strong password). However, lately I've been having performance issues with the browser plugin, where it freezes the browser for like 5 to 10 seconds on most action. Really hope it gets fixed soon, otherwise I need an alternative.


----------



## XFS_Brad (Jul 9, 2013)

MannDude said:


> What do you use, and why?


I don't typically store passwords in any form. I use about 5 different passwords and I just keep trying to login If I can't remember off the top of my head. if anything I just change the password in the event of any blockage.


----------



## HostVenom - Brandon (Jul 10, 2013)

Keepass and Roboform. 

I used to use excel, but it got hard to stay organized when I started using a new password for everything.


----------



## jcaleb (Jul 10, 2013)

buffalooed said:


> Sounds like the wife likes using the card


no. she is very stingy. giving her money is like putting money in tightly sealed safe.


----------



## threz (Jul 10, 2013)

XFS_Brad said:


> I don't typically store passwords in any form. I use about 5 different passwords and I just keep trying to login If I can't remember off the top of my head. if anything I just change the password in the event of any blockage.


And this is generally why you need to have a password manager. Recycling passwords is a Very Bad Thingtm.  What if one of the sites you used a password on is compromised, and now an attacker has your email/password combination? They've got a 1/5 chance of logging into whatever service they try your password on. 

Even if you find out that your password was compromised, how would you know to go back to which sites to change it to something else?


----------



## WelltodoInformalCattle (Jul 10, 2013)

Lastpass integrated with my browser and Keepassx for everything else.


----------



## Adwait_Leap (Jul 18, 2013)

I use Revelation Password Manager.


----------

