Which Password Manager are you using for windows

Discussion in 'polls' started by cet, Feb 6, 2009.

?

Which Password Manager are you using for Windows

  1. Roboform Free/Pro

    26 vote(s)
    12.3%
  2. LastPass

    51 vote(s)
    24.2%
  3. IE built in password manager

    1 vote(s)
    0.5%
  4. FF built in password manager

    9 vote(s)
    4.3%
  5. Opera Wand

    5 vote(s)
    2.4%
  6. KeePass

    56 vote(s)
    26.5%
  7. PassPack

    0 vote(s)
    0.0%
  8. Other

    27 vote(s)
    12.8%
  9. None

    36 vote(s)
    17.1%
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I just dont "feel" safe. Hahahaha
    Dont get me wrong.
     
  2. guest

    guest Guest

    Lastpass personally, do what i expect it to do
     
  3. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
    None! - I log into as few sites as possible.
     
  4. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    166
    Location:
    Earth
    Well, keepass is encrypted and you can only open my safe with my Yubikey. Some of my passwords are very strong. I wouldn't want to type them in on my keyboard. Copy & paste does it for me (no auto fill in).
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I stopped using the browsers built in password manager. Now I copy and paste passwords from one of 6 "source files". The source files were created by encrypting large text files with various PGP keys. I keep tract of them using a location file that contains the source file used, the line and character number where the copy begins, and the line and character number of where it ends.
    source example.gif
    In this instance I used source file 4, started on line 62, character 16, and ended on line 62, character 45.
    The copy/paste can start and end on different lines as well. The site names and source location are stored in a sortable file, but with a slight twist that makes it unusable to others. I mentally offset every character by a certain amount that isn't written down, such as subtract one or add two to each. 4-62-16-62-44 would get written down as 2-60-14-60-42 with everything shifted -2. The numbers could be stored in any order you choose as long as it's consistent. One could add additional numbers that have no meaning at all. One could use a different amount of shift on each number just by remembering a 5 digit number that would apply to all the entries. There's an almost unlimited number of ways you could vary it. My source files contain about 800 lines each, 64 characters in each line. Without knowing the exact way that you record the locations and the shift that you apply to the numbers, what's the odds that anyone could determine what your passwords are, even with all the files in front of them?
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    If we assume that password is 1-16 characters long then there are 819.080 possible passwords (with 51.200 char long file). The file could be used in dictionary attack and it probably wouldn't take too long to be cracked. I hope there is no password on that picture. Otherwise you should change it :)

    EDIT: if you would use password with 1-255 length there would be 13.023.615 possible passwords. Still not that much.

    EDIT2: the numbers are not exact as there definitely are duplicates. So there are even less combinations.
     
    Last edited: Apr 24, 2014
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Nope, just an example. Your math accounts for one source file. I'm currently using 6. The user could also copy/paste more than one segment from more than one source to create a password. A dictionary attack using the source files would require the attacker to have those files, local access or a total hack, and that they know what files are being used for source material. If the user drops the source files into a directory with a few hundred files of encrypted gibberish, the job gets much more difficult.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes you're right, they have to get that files. They might use last access time stamp to determine which files were recently used, if you have that enabled.
     
  9. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    The password length is a relative thing. Try a dictionary attack on Gmail and see what's happening. Even with a 5 characters long password you would need all your life to break into an account.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, that's true. Unless you manage to pull MITM attack.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    My primary reason for using copy/paste was to avoid using password software, whether it's separate or part of a browser. IMO, password software and the files/devices that store the passwords are natural targets. All software has flaws, which may be directly exploitable or bypassed by an exploited system. In a growing number of countries, the user can be compelled to open password managers and encrypted material. With no passwords stored by a browser and no password manager to be exploited or opened by coercion, there are no obvious passwords the user can be compelled to reveal. The user could explain the source files as experimenting with encryption, especially when the source files decrypt to normal text files that are nothing of interest. There's lots of plausible deniability. "It's an experiment that didn't work like I wanted."
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you make a good point there.
    i also liked the way you hide your password in a text file.
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    I use LastPass. Extremely convenient and very safe. I can have a peace of mind with it.:)
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Just using copy/paste is a little dangerous, in case of a possible keylogger, (even javascript based). Keepass scrambles password during autofill.
     
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I write them down with intentional typos only I know, almost like runes, lol. So that even if someone found it it'd be gibberish to them. Then stick them in a random page of one book I have of many on a bookshelf that nobody would ever grab. So I need only remember that book and one page number. But really I pretty much just remember them. I just don't completely trust password managers.
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Same here, for important things i dont store them in my PC.
    I memorize them.
     
  17. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    *.txt file in a Truecrypt container.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I use KeePass, however it´s a bit annoying that it´s not integrated with the browser, so I´m thinking about installing RoboForm for Opera v12. If I´m correct it´s freeware. I´ve also read that letting your browser manage passwords is not safe.
     
  19. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    Keepass does have various plugins for integration you may want to look at if you haven't already.

    RoboForm free is limited, I believe you can only store a very limited number of passwords. In any case I wouldn't use a program to store my passwords that is put out by a company that has proven to be untrustworthy.
     
  20. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Still with Sticky Pro for IE11, Mitro for Chrome.
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    KeePass is what I use.
     
  22. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    556
    Location:
    USA
    I'd use a password manager even if I never entered the passwords. Even if I could memorize the passwords, could I remember:

    All of the sites with which I have accounts, including which ones have multiple accounts?
    The username and email address associated with each site?
    All of the quirks for certain sites, like character limitations and notes about truncated characters?
    The date each password was last changed? And could I reliably remind myself to change them periodically?
    Security question "answers?" (I suppose these would just be like more passwords, but even then you have to remember the questions so you can match them up with the right "answers.")
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    It's not only all or nothing. A hybrid approach of using password managers only for the vast majority of non-important passwords works best IMO.
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Just like i do.
    Hahahahaha i also store other info like security questions, email i used etc.
     
  25. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    I suggest you try LastPass. It's amazing. It's safe to let LastPass manage passwords.:)
    Couldn't agree more.:thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.