Password Manager Discussion.

Discussion in 'other software & services' started by Mayahana, Jan 28, 2015.

  1. guest

    guest Guest

    1Password no longer automatically submits passwords on Macs
    October 12, 2018
    https://www.engadget.com/2018/10/12/1password-mac-night-mode/
     
  2. guest

    guest Guest

    Results of Bitwarden security audit published
    November 13, 2018
    https://www.ghacks.net/2018/11/13/results-of-bitwarden-security-audit-published/
    "Bitwarden Security Assessment Report" (PDF): https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assessment%20Report%20-%20v2.pdf
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, is it true that extensions that password managers offer do not communicate directly with their desktop apps? And are there any password managers that don't store the password database in the cloud? I'm still trying to find a good password manager, but some things are bugging me.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Endpass.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    You probably mean Enpass, but does this mean that the browser extension uses this local database? Because it seems that with all other extension based password managers you first have to sign in, and then they will retrieve your passwords from the cloud, it just feels weird. I still don't understand why on earth none of the big browsers have implemented a robust password manager, it's quite weird.

    https://www.enpass.io
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Yes, I meant Enpass. Yes it is local but you can sync it, although I never have.
     
  7. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    628
    Location:
    Terre Haute, IN
    Just found out RoboForm version 8.5.5.5. doesn't work with Windows XP. Would have been nice knowing that before I updated RoboForm. Be that as it may, are any Windows XP users currently using a Password Manager? If so, I would appreciate knowing which one. I know I should ditch the Windows XP computer; I primarily use my Laptop, it has Windows 10, and I would if it wasn't for the old programs on it. As always I appreciate all replies and would thank you in advance.
     
  8. guest

    guest Guest

    1Password 7.3 for Windows unveils new secure desktop feature, numerous other improvements
    January 11, 2019
    https://betanews.com/2019/01/11/1pa...-desktop-feature-numerous-other-improvements/
    1Password v7.3 (January 10, 2019)
    Release Notes
    Download

    1Password blog entry: 1Password 7.3 for Windows - More polished than ever
     
  9. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    374
  10. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    I use Roboform on W10 and W7. The major changes in v8 which secure your login passcards from casual observation is probably where they excluded XP. You could still use v7 on XP and update your logins manually on that system, it's a PITA but it would work. I don't use any cloud storage for my logins, so I have to update each of my systems via USB anyway so doing the manual update for an XP system on v7 would just be another task. I've seen many systems in corporations and government that have legacy systems to run older programs, they require more effort to maintain but it's cheaper than buying (or writing) new programs.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Totally forgot about Roboform. Seems like they also don't store passwords in the cloud (free version) and it seems to work with Sandboxie, while Enpass does not. With that I mean, you can't install Enpass in the sandbox.
     
  12. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Yea, works well with Sandboxie & Keyscrambler, along with HMPA & Windows Defender. Also has an extension for Edge, if you use it. Cloud storage does cost but I have never used it anyway so the new free model suits me well. I've been using Roboform since it first came out and have always been happy, well except for their FU on lifetime licenses but I forgave them for that :)
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:
     
  14. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    I still have the Lifetime License, 2 for Mac's and 4 for PC's (all non-cloud). I've been using it for many years without any problems. Now I'm using LastPass (free) as my main Password Manager and RoboForm as a backup.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I still need to do some testing, but for now it seems like the best choice. I actually do not want passwords to be stored in the cloud. BTW, I've stopped using HMPA because on my Win 8.1 machine it's not compatible with Sandboxie, but no big deal.
     
  16. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Ouch! I would really hate to lose Sandboxie on any of my systems. I have a W7 system that is fine with the latest beta release, I wonder what's up with 8.1? I know I have to disable Local Privilege Mitigation in HMPA to get things working smoothly. Check out this post from the Sandboxie forum:
    https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25174 .
    About Roboform, it's really nice that the standalone version (non=syncing with the cloud) is free. If you allow Roboform unfettered access to the internet you will get some pop ups, I block all of that with WFC.
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Must say I haven't seen those ... all I've ever seen is notifications re availability of new updates.
     
  18. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    The German security researcher Mike Kuketz critisizes Bitwarden because of weaknesses regarding security and privacy. He finds fault with the following details:

    1. On the Bitwarden web interface the de- and encoding of the password database is done with javascript. Moreover, the Content Security Policy (CSP) allows loading of javascript code from various 3rd-party sources (which might become compromised and could take control).
    2. The Bitwarden Android app contains three trackers which is confirmed here.
    3. The master password is obviously sent to Bitwarden using some kind of hash. Kuketz is not sure why that is done - he would orefer a clear distinction between authentication and encoding of the database.

    All in all, Bitwarden didn't leave a good impression.
     
  19. guest

    guest Guest

    one guy report doesn't mean it is valid.

    i can safely say that based on my serious researches, than MS has a backdoor using svchost.exe !!!!!

    would you believe me?

    if more researchers confirms it, then yes it will start getting my attention.
     
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Well, if had opened that site you would have seen that he provides evidence for his claims. And that the app contains trackers is confirmed on Exodus.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, the choice is quite simple, HMPA can be replaced by other tools, while Sandboxie can not. I still need to test Roboform, but I'm also a bit worried about extension security. I just wish there was another way that browsers handled passwords, like a central "Windows Vault", that could interact with browsers.
     
  22. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    94
    Location:
    United States
    I tried Safe In Cloud PW manager over the last 3 days with Windows 10 and Android. I got myself a Dropbox account to test to see if it would work the way it says.

    SIC manager is free for Windows desktop and something like $7.99 for lifetime on Android. Upon starting it up you'll notice you don't give them any email address. You just make a password and start your encrypted file on your device. You can leave it on the device and it never leaves if you want. or you can test the cloud. I tried sync with Dropbox. Basically it hand walks you the whole way to your Dropbox and then Dropbox takes over and you grant access to the folder for SIC. It worked and my Android was easy as that as well.

    Now I don't really want passwords on my phone tbh but I played with it anyways. Syncing was fast and you can manually press the sync button.

    On Windows I watched my Glasswire Firewall and noticed upon start up it reached out to Facebook. What? I found out my hunch was right... it was trying to que up the sample Facebook Icon. I turned that off now no icons will be dl'd and it won't reach out to anything.

    The one bothersome thing about it is once you login on windows you need to have their plugin loaded in a browser for any auto filling. The problem is you have to login to the plugin as well. So I am logging in two times now and the options to never have to login or 1 hour, 2, or once a day do not work within the plugin settings. Once you close the browser you'll find yourself having to login again to the plugin. So I am logging in two times which I don't want to have to do.

    Now the cloud placement. Is it better to have your data base in your own cloud or stacked with all of the others like Bitwarden or many others do with their own cloud service? The good thing is nobody will try to hack you directly because they are after an encrypted password file for they wouldn't know it would even be there. But they know these files exist on Lastpass and Bitwarden servers and make a target. If you have a long mixed up password then you'll be fine in the hands of anyone really with the file. Good luck opening it.

    I kind of like SIC because it is really a super lite program, and when you install it you don't feel like it entangled your whole operating system with its greedy claws..unlike some other PW programs. It's made by a Russian dude who used to work for Paragon I believe in the past. I emailed him about why is it phoning home to Facebook at start up and he told me its reaching out for the icon. He emailed me back in 2 hours.

    At this point I can't see a reason to jump from Bitwarden to SIC other than I don't like how Bitwarden uses a google connection. If you want to stay away from that try out SIC. Or if you like to tinker around try it out. It's definitely usable.

    But for me even better than both of these is Keepass2 as I am not a fan of the cloud. Yes SIC can go cloudless but I like the many more options in Keepass2. BUT, I am going to play with it some more to see if maybe I may start to like it more because it is pretty cool.
     
    Last edited: Feb 5, 2019
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It sounds like it works well, but why choose this over LastPass which has stood the test of time (and resisted a number of attacks as well)?
     
  24. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Last edited: Feb 20, 2019
  25. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    94
    Location:
    United States
    Hi. I use 3 managers. Keepass2 as a base storage and distribute some passes to Bitwarden and SafeInCloud.

    If you read the reviews in Bitwarden add on for Chrome and Firefox you will see people coming from lasspass thrilled how its faster and more intuitive and also cheaper than Lastpass. Bitwarden has been scrutinized by a german company and passed with some issues having been dealt with by Bitwarden.

    Safeincloud has a following too but not as big. I like it because I control where the encrypted file is. if I want I can leave it on my PC and block SIC with a firewall.

    I also don't like to jump on bandwagons which if I used Lasspass that would be the case. This is why my first PC was AMD as well.

    I don't see a problem with these managers. Although I'd never use one on a PC that wasn't mine unless I knew it was clean from malware.

    A family member of mine spends so much time searching for passwords in a little book and her passwords were almost all the same. I finally got her to learn how to use Bitwarden and she is very happy. I changed her passwords and I also locked it down with a FIDO key card. I unlocked it on her two computers in her house with the key but when she closes the browsers the password is still needed. but not the card as its remembered. but if a login is attempted outside of her 2 computers it will need the pass and the key card and an email will be sent to her telling her an attempt was made on a new device.

    i tried to get her to learn Keepass2 but it was too difficult for her. As it turns out Bitwarden is working great anyways.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.