OT: Password Managers?

Page 1 of 4  
Do you use a password manager, and if so which one is your favorite?
I've tried LastPass, Dashlane, Keepass, 1password, and a few others I can't remember the name of. I wasn't impressed with any of them. They were all too complicated, didn't autofill more than two fields on most forms, etc.
I liked RoboForm for auto form filling, but the other areas for credit card numbers and whatnot were awkward and complicated.
I am not interested in an online or cloud based password manager. I'm just looking at local programs that store the encrypted data on my own hard drive.
None of the password managers I tried were able to handle the multi-page login's for banking and whatnot (user name on one page, secret phrase on the second page, password on the third page).
Are there other password managers you have tried and can recommend?
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Thanks. I tried that one too, but since it didn't have any autofill features it didn't provide any benefits over my own software I am using now:
http://www.mountainsoftware.com/suite-password-manager.php
Home Suite works well for me, but doesn't have any autofill features (it uses the copy/paste method like pwsafe). I haven't had time to work on Home Suite, so I was looking to see what other password managers are available. So far, nothing has impressed me enough to want to switch.
Anthony
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Oren,

I hadn't seen that one, but it appears to be online AND requires an annual subscription. Thanks anyway.
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Hi Anthony,
On 6/11/2016 8:15 AM, HerHusband wrote:

No. I rely on memory (I'm pretty good at remembering arbitrary, long strings of "random" characters) or a text file (as a "backup").
I'm leary of storing anything "sensitive" in a place that would be easily recognizable as such! ("Ah, I see that this guy has SuperSecretPasswordManager running on his system! He doesn't know it, but I've found a 0day exploit that lets me harvest the secrets he's hiding, there...")
It's also too easy for someone to craft (hijack) a page that would coerce the information from any automated process that was designed to fill in forms.
E.g., last week, I went to close an account on a forum that I'd visited (don't leave open accounts that won't be "active"). I'd always complained that it never properly handled firefox's password management capability (which I use for disposable web site accesses).
When I tried to delete my account, the site kept throwing an error. I had to very carefully examine the "delete account" page to notice that it had "tickled" firefox to autofill my userID into a field that wasn't intended for my userID! Another bug in the page's script prevented anyone from deleting their account if this other field was non-empty (the page was used for a couple of different purposes, account deletion being only one of those).
I'm not sure I could notice all such misuses (abuses?) of such an autofill capability...

You need fewer on-line accounts! ;-)

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 6/11/2016 11:36 AM, Don Y wrote:

perhaps you should run a false password manager full of fake passwords to keep such a nefarious dude busy.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 11 Jun 2016 11:36:43 -0700, Don Y wrote:

Agree. I just keep all my passwords in a spreadsheet, and protect that with GPG encryption.
It's a bit of a pain when I need to get a password (decrypt xls file, open it, copy/paste password, close xls file, delete xls file), and if I want to add to the file I need to re-encrypt it and overwrite the old version.
--
http://mduffy.x10host.com/index.htm

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I did something similar for a while, but found it too awkward and slow to access my passwords and account numbers.
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 6/11/2016 12:52 PM, Mike Duffy wrote:

We just don't keep precious passwords/accounts.
I keep a plain text file with information for the on-line accounts that I have. Periodically, I print a copy and tuck it away in a drawer next to my passports (a poor man's BACKUP in case this computer dies or is inaccessible for some reason).
In some cases, I keep the passwords *with* the protected devices (e.g., trying to remember the BIOS password, account passwords, fingerprint system password, etc. for several laptops is just plain inconvenient. If they can get access to the piece of paper that is stored in the laptop case listing all of these things (along with BIOS versions, settings, etc.), then they can just as easily take the damn laptop and be that much better off!
Some of our accounts rely on knowing where we are calling from and our being able to provide some information that only we (and they) *should* know (e.g., "What was your account balance last month?" "Gee, I dunno, but I sent you a check #1034 dated 5/15/2016 for $329.43 which is *probably* what the balance was...")
Often, passwords are just an inconvenience. How much do I care if a car thief (or valet) sees the addresses stored in *my* GPS address book for the car? Will they know that "rho" is really Rhonda? Will they show up at her doorstep saying "Don sent me"? Does knowing the address of my PCP give them anything of interest (given that there are many practitioners at that address)? Do they even know *my* name (there's no registration information IN the car that they can consult)???
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Don,

Do you remember random web page login's such as "A3j4l9-23uilm#+09"?
Do you remember all of your credit card numbers, verification codes, and expiration dates?
Do you remember your cell phone sim codes and phone numbers?
Do you remember all of your bank account numbers?
Do you remember the serial numbers for your power tools?
If so, you have much better memory than I do. Heck, I can barely remember how old I am.

I understand your point, but a password manager than can be exploited so easily is not very useful.

Unfortunately, that's not really an option these days. Also, as listed above, there are many more numbers and codes to remember in life.
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 06/11/2016 02:29 PM, HerHusband wrote:

49 cent pocket notebook. Pen. Remember how they work? If anyone gets to my notebook I have a larger security breech to worry about than a few passwords.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That goes back to a convenience issue. Typing in a user name, secret answer, and a random 32 character password from a handwritten notebook is not very convenient and prone to errors.
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 6/11/2016 9:50 PM, HerHusband wrote:

That's always the tradeoff. One of our banks wants us to start using biometrics. Yet, haven't indicated the implementation details.
[I use it, here -- voice and face -- but I *know* that I've considered how it could be hacked. And, as I know who the "authorized users" will be, I know how much I can "burden them" without making it inconvenient. E.g., quizzing them on things that are trivial to remember but hard to guess -- and, hard to coax a recorded/synthetic voice to say *immediately*. No time allowed for an adversary to type the text into a TTS configured with the authorized agents voice (relatively easy to make a synthesizer sound like someone specific -- if you have enough voice samples. And, if the person doesn't suspect that you are COLLECTING them, how can they take precautions against you?]
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 06/11/2016 10:50 PM, HerHusband wrote:

If you want to trade security for convenience, just use qwerty1234 for your password. You'll have lots of company.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sun, 12 Jun 2016 04:50:08 -0000 (UTC), HerHusband

+1 on that.

--
Web based forums are like subscribing to 10 different newspapers
and having to visit 10 different news stands to pickup each one.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Hi Anthony,
On 6/11/2016 1:29 PM, HerHusband wrote:

I keep them in a text file on my desktop, here. I double click, scroll to find the name of the web site, the name that I used to "register", the "personal data" that I provided, the security questions, and the password. Then, highlight, copy and paste.
When I cancel/close an account, I bracket the information with a line of asterisks and add "Canceled, <date>". Then, cut and paste it to the bottom of the file. So, I can tell which accounts are still active -- even if I haven't accessed them in a while (e.g., I have many email accounts)

I keep my credit cards in my wallet. Though I *do* remember all of the account numbers, my 14-digit library card number (and its PIN), social security number, etc. No need to take my wallet out of my pocket to check out a book at the library, etc.
[I *dont* know the number on my driver's license. But *do* know the plate numbers on the cars. When I need to check for airbag recalls, I walk into the garage and jot down the VIN from the car's dash and type that in. If the car was ever stolen, I'd recover the VIN from the title -- in the safe deposit box]

I don't have a cell phone. SWMBO's cell phone number is stored in the cordless phone's "phonebook" if I *ever* need to call her (I suspect SHE doesn't know her own number -- she only MAKES calls with it!)

They are on my statements. The account numbers for all of the "accounts" for which I pay bills (gas, electric, credit cards, other suppliers) are recorded in my check register -- look back < 30 days to the last time you paid a bill for that vendor and the account number will be written, there. So, I can hop on a plane (illness in the family) and have everything I need to ensure I *can* pay my bills /in absentia/ with *just* my check book (been there, done that).

How often do you need to provide a web site with a serial number for a power tool? Is there a reason you can't just look at the number ON the tool? If its stolen, fetch the warranty and purchase information from the file and look up what you recorded, there.

Ah! THAT one I have trouble with! I've had heated arguments with SWMBO over my own age! Usually because I forget what YEAR it is, presently!

How do you know how easily it can be exploited? There are always news of new exploits that had previously been considered safe/secure (e.g., heartbleed, home-grown encryption algorithms, etc.)

We've not had any problem avoiding online accounts. There may even *be* accounts with our names on them (e.g., I order from Digikey, often, yet have no idea what my "customer ID" is; let *them* look it up).
Most of the passwords that I keep track of for on-line stuff aren't precious; they might lock me out of a forum or an email account if I forget them (hence the reason I keep this tickler file with all the information to "prove" my identity ;> ) But, that's just an inconvenience.
E.g., the account that I canceled the other day (referenced in my upthread) I will reopen under a different ID in a few weeks -- now that I've seen how the site works and can decide if I want to be involved.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I open my password manager, "Find" the account by name (i.e. bank), then click the desired field to copy and paste. It's the same basic process, just with a few less steps.

As do I, but if I order something online my wallet is usually in another room. It's a hassle to have to run to the other room and dig through my wallet to find the card number, verification code, and expiration date when I want to pay for something online. Not to mention the potential errors of typing in the numbers manually.

I'm impressed, my memory isn't that good. I remember the last four digits of each account to easily distinguish them, but I couldn't tell you the full account number, expirations, or verification codes of each card.

Actually, I remember my driver's license but not my plate numbers. I used to know the plate numbers, but Washington state now requires us to get new plates every few years. I don't use the number enough to remember them anymore.

I don't know any of our cell numbers either without looking them up.

Yeah, I could open my encrypted drive, find the account statement, and look up the account number. That's not very quick or convenient.

I'm not always near the tool or appliance I need to order a part for. For example, my tools may be in the garage, or I might need a part for an appliance at my in-laws. I try to keep these in my password manager so I can easily look up parts when I need them.

That's one advantage of using a widely known encryption algorithm like 256 bit AES and writing the software yourself so you know there are no back doors.
In any case, I learned long ago that ANYTHING is breakable and accessible to someone who is really determined to get that information. Even if they can't break the encryption, there are easier ways to get the information (pretending they are someone else on the phone, the waiter who takes your card at a restaurant, mail theft, etc.).
I only worry about the casual person who has a bit too much curiosity. Those people usually aren't going to try decrypting an encrypted database, even if it's relatively easy to hack. The more determined hackers will find other ways to obtain the information if they really want it. Simply put, I'm not that interesting... :)

I'm sure, but many of us DO use online accounts frequently for banking, retirement, bill paying, online shopping, etc.
I could still pay cash for everything and hide cash in my home somewhere, but there's always a tradeoff.
Anthony Watson www.watsondiy.com www.mountainsoftware.com
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 6/11/2016 10:13 PM, HerHusband wrote:

I can have my wallet in hand in a matter of seconds (if I am *in* the house). It "lives" in a predefined place in the bedroom (as do the house keys, etc). My credit cards are in a fixed order (mainly because of how I use them) so I can probably pull the correct CC out of my wallet with my eyes closed -- just by counting down the stack.
[I tend to be compulsive about these sorts of things -- so I don't have to *think* about them]

I can't recall the verification codes as I don't use them often. But, most of my cards I've carried for ~40 years. After a while, the numbers just kinda fuse into your mind!
I tend to have a bigger problem *forgetting* numbers when they are past their usefulness. E.g., a phone number will pop into my head, "clear as day" and I'll spend hours trying to figure out who/what it belongs to and why it popped into my head!
I can remember all of the phone numbers of my aunts and uncles -- despite not having used any of them in 20 years (I'm not sure if the area code is the same, anymore).
It took me decades to forget the combination to my high school locker! (talk about a useless piece of information!)
Birthdays, anniversaries, etc. Too much cruft in there! :<

My DL is rarely out of my wallet. When it is, I tend to be in a heightened state of anxiety (fear that I will *forget* that it is currently not in my wallet!). E.g., moving some money around the other day and I had to present it for identification... I kept a finger on it the entire time it was out of my wallet (sitting on the desk) while the guy examined it and copied down <whatever>. I suspect that if I had to take it out more often I'd be more aware of it and what's on it (I can guess it carries my name, address, DoB and some sort of identifier. Probably eye/hair color, too?) I know there is a 2D barcode on it that presumably encodes all of that information, as well. No idea what's on the back side! (amusing in that I've never realized that before now!)

Our statements are paper. Open the lower right drawer of the desk, find the folder for the account. Remove the topmost sheet (most recent invoice/bill).

Ah, so you're using the "password manager" as more than a "password manager". More like a notepad?

Exactly. If they want something I have, they can always break into the house and TAKE it!
A second cousin owned a bunch of expensive furs (no kids, high income couple, "hoity toity" -- the kind of folks who don't let you *sit* in their living room ("for show and special guests"). Came home one day to find tire tracks on the side of the house and a hole in the wall where the side door had been. The closet containing the furs was just inside (no idea why she didn't keep them stored at a furriers!)
A guy I worked with had a fancy gun collection. Always talking about it and the alarm he had bought/designed to protect it. Until the day he stopped talking about it -- as it had been stolen the night before.

I used to think that the case. OTOH, if an attack can be mounted remotely and widespread, there may be enough uninteresting people to make it worthwhile for an attacker!

SWMBO uses plastic for most things (much to my annoyance: do you really need to charge that $3.27 of produce??). I, OTOH, tend to use cash (unless a big purchase or something that I have to document more formally).
We keep a decent amount of cash on hand "for emergencies" (e.g., natural disaster where accessing our accounts might not be possible). But, not in any place that is easily accessible (a thief could tear up the carpets "toss" all the furnishings and cut open the walls and still not find it!). Likewise, keep copies of the latest bank/securities accounts on a thumbdrive (PC may not always be accessible if we have to leave in a hurry -- or if the house is destroyed!)
Of course, there's still no absolute protection against loss/inconvenience. But, a lot less "exposure".
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 11 Jun 2016 23:04:08 -0700, Don Y wrote:

Funny. Mine always seem to be arranged so the one I want is the last one.
--
http://mduffy.x10host.com/index.htm

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 6/12/2016 7:55 AM, Mike Duffy wrote:

I plan on inventing a travel purse for my gal: two zippers, top and bottom. Replace items in the top, turn over to retrieve items to use from the bottom.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sun, 12 Jun 2016 07:57:05 -0700, Taxed and Spent

I saw a leather passport case for sale the other day, with each credit card sticking out a half inch higher than the one below it. When I travel, I keep my money and credit cards where others don't see them.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.