Does anybody else not use a Password manager?

Discussion in 'privacy technology' started by zapjb, Oct 13, 2021.

  1. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    Not my first choice but it works.
     
  2. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    In answer to the question:
    Yes.
    (I do have the browser remember paswords / logins for non critical websites. Wlders for example)
    Otherwise I use an encrypted spreadsheet w/ 3 tabs:
    Passwords: for all financial, investment institutions, credit cards, etc.
    Web: for web logins. Forums, vendors, etc.
    Software: to store registration keys and the like.
    Overall, there are well over 100 entries.
     
  3. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    For those that don’t use a password manager (to store passwords):

    How do you create your passwords?

    (most security researchers will tell that passwords created by humans are way less random than their creator like to think)
     
  4. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    This, and the rest.
    Good post, I could have written it.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This was a subject I was thinking of, people often use tools like KeePass to generate passwords, but isn't this risky?

    BTW, do you also use the sync feature? I see that browsers like Chrome and Vivaldi allow you to sync settings, bookmarks and passwords across all devices. But I feel it's a bit risky.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    For a short time I did, but I've since stopped using it, for pretty much the same reason as yours. I just didn't feel comfortable using it.
     
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    I also don't use banking online. I don't trust it.
     
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    It does. I personally use it but to use it throughout my company would just not work.
     
  9. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    I was slightly surprised when somebody from the USA replied this, but I’m even more surprised this is still possible in the EU.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Why ? In UE we have online banking. I work with pc and internet, no problem. But I don't need online banking and I don't trust it as safe .
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, if I'm correct they are using the same cloud security measures as third party password managers. But I have never understood why browser developers never decided to beef up password management security.

    I have recently tested it, and to my surprise, password decrypting tools have got no difficulty accessing passwords stored by browsers. Weren't they supposed to be encrypted? I have tested it on Vivaldi, don't know about Firefox, perhaps you can check it out.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Well I found this:

    https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords
     
  13. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    I use a combination of linguistics and math. I won't go into detail but the math part is based on the fact that a simple formula can generate a long numerical string from a couple of simple variables. No need to memorize the result, it can be calculated anytime it is needed from the easily memorized formula and input variables. It is also scalable, you can up the complexity and security of the result just by varying the formula a bit. That would be just one component of what I consider to be a secure password.
     
  14. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    For those that want to learn more about why you could/should use a password manager: 1Password University

    (of course these tutorials are also commercials for 1Password, but they do explain in lay terms why using a password manager can be of value)
     
  15. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    If it's not a secret & a procedural is available. Please post a link.
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I am still greatly disappointed that Firefox had caught up with everyone else when they made you enter your Windows password to look at the contents of their built in password manager,,, and then reverted after some complaints. If your PC is unlocked anyone can sit down and look at your Firefox passwords. I know the response will be "don't step away from your PC without locking it" but life happens.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Weird, they mention that they use simple cryptography when you store passwords inside the Firefox browser. So I wouldn't be surprised if password decrypting tools will be able to crack them.

    Actually, perhaps I misunderstood, you can also make use of the Primary Password, formerly known as the Master Password, which should protect third party apps from getting access to stored passwords, I guess I will need to test it.

    https://support.mozilla.org/en-US/kb/use-primary-password-protect-stored-logins
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Since I don't share my computer with anyone, I don't bother with a Primary Password.
     
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Why would u not use a password manager?
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes but that's the thing. I believe when you don't add a Primary Password, it's easy for malware to decrypt passwords stored in the browser. As soon as you add a Primary Password, then more advanced encryption kicks in, the way I understood it. But with Vivaldi it seems NOT to work like this, very weird.

    Perhaps you can check it out with the PasswordFox tool:

    https://www.nirsoft.net/utils/passwordfox.html
    https://www.nirsoft.net/password_recovery_tools.html
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    Thanks, but I'm confident my security setup would prevent this type of exploit from happening.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I understand this, but it's interesting from a technical point of view. You could simply run the tool and see if it can succesfully display your username and passwords.

    Like I said, ChromePass had no difficulty displaying all of my passwords stored by Vivaldi. Eventhough Vivaldi will ask for my computer password if I want to see passwords via Vivaldi myself.

    Of course when I blocked access to my Vivaldi profile folder with the Secure Folders tool, ChromePass couldn't access the browser passwords. So this is a nice mitigation.

    https://www.nirsoft.net/utils/chromepass.html
     
  23. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Any algebra or calculus text will do. Find a formula you like that can take two or more small input variables and generate a much longer result. Mix it with the word/alphabetic part of the password as you like, beginning, middle or end or in several places. I don't have any links, this is something I came up with because I used to tutor math.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I rely on a password manager to remember my passwords. I didn't need to use that password manager to create the password. I could multiply pi by n and add numbers and symbols, but I doubt I'd remember it x n.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.