Password Manager

Discussion in 'other software & services' started by Dregg Heda, Sep 4, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Which Password Manager do you guys recommend and why? Which is the most secure? Thanks.
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Might as well give a plug for our Password Manager: RememberMe
    It's free and easy to use. :D :cool:
     
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i use LastPass which has a FF extension as well.
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Is it better to use a standalone password manager or one integrated into the browser?
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I like the 1.x version of KeePass http://www.keepass.info/news/n090606_1.16.html

    I prefer using a standalone password manager. I just feel browsers are under attack more than separate password managers.

    In my case, I keep my passwords on a USB drive with KeePass. Nothing ever permanently on any PC that has my passwords. And the KP database is encrypted (and named very obscurely) so it's safe on the USB drive too...
     
  6. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Roboform - flawless
     
  7. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    All these password managers are capable of generating their own passwords right?
     
  8. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Yes :)
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can it be integrated with all browsers just like their builtin password manager?
     
  10. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    lastpass can and works great for me.
     
  11. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    KeePass can be used with Auto-Type (similar to browser integration), drag 'n drop or by copy/paste via the clipboard. I use what I consider to be the safest approach, which is drag 'n drop. (BTW, for reasons unknown to me, drag 'n drop does not funtion with Opera. Which doesn't bother me as I don't use Opera.)
    http://www.keepass.info/features.html
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Copy/ paste seems not good( remember clipboard loggers).

    BTW I use Opera,s built in one and it works very well. That must be enough as I don,t deal with any secret things and don,t do intrenet banking.
     
  13. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    KeePass seems interesting. Im going to give it a try. Whats the difference between the classic a professional versions? Which one should I try?
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think the most widely used are:

    Roboform
    KeePass

    Plus built in password managers in different browsers.

    I never saw some body putting these managers into some real tests to see how safe they are.
     
  15. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    It would be interesting if someone would test these apps with leading screen, key and clipboard loggers. Anyone up for this?
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, I wish that too but this testing is not easy I think.
     
  17. jumpshot

    jumpshot Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    31
    Location:
    OZ
    There's a wide choice of these.

    My preferred password manager ('tk8') meets all the requirements sought and more, but it isn't free.
    I've used it for years, and it has never failed me.

    http://www.tk8.com/
     
  18. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    I use KeePass. Have been for years.

    As for testing against Keyloggers, I don't think there is really any point. ALL keys can be captured if you hook low enough into the system, because at some point there's a systematic keypress (the system has to accept a keystroke be it hardware, software, or virtual) and has to produce the output of that stroke (the form its going into). The best you can do is prevent compromises on your database(s) when your not in direct control of them.

    KeePass does encrypt your passwords in Memory though, which should help prevent some attacks from reading them right out of memory.

    It's a cat and mouse game, You build a smarter mouse, and there will always be a trickier cat.
     
  19. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Is it even vulnerable if you use the drag n drop method as outlined by Han?
     
  20. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    KeePass 2.x offers/has lots of options I don't want or need. It also requires Microsoft .NET Framework to run. For me, KeePass 1.x is nice and simple. It has all the essentials and is all I was and am looking for. And it's still being actively developed.

    I don't claim to understand Windows to any great depth but from what I've seen, drag 'n drop does not appear to use the clipboard like copy and paste do. And if I make the decision of when to enter my passwords and when not to, then I hopefully won't enter my information on a faked website like AutoType might (or a browser password manager also might do.)
     
  21. mr mister

    mr mister Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    47
  22. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for your response Han. I just realised theres actually a link to a comparison page on the downloads page.

    Also very good point on the dangers of auto-type. Another point in favour of drag n drop.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I don,t know about others but in Opera, it will not enter the password also unless u click to do so. Same is true of Roboform and must be a basic feature of any password manager indeed.
     
  24. wireagent

    wireagent Registered Member

    Joined:
    Sep 7, 2009
    Posts:
    1
    If you want to quickly fill out login forms in your favourite browser Firefox, I vote for Lastpass.

    Besides that, I'm also using Password Safe and Repository, which in my opinion is just great. I store everything in there. From simple login information, over serials, CD-Keys, license information, to mobile phone contract details, PIN, PUK, etc...

    Having the Professional version, I can even create new forms to enter new data.

    In my opinion, thats just the best Password Manager out there.
     
  25. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    I use auto-type, but I do it manually. I open the page, so I know its the right one, then I open KeePass, manually select my password and hit the AutoType button. It switches (to my experiance) The last selected window, and types [USERNAME]<Tab>[PASSWORD]<Enter>. (Thats the default Auto-type script.) You can customize it on a per entry basis (Example: I have my Steam password set to only type my password, since it has problems with the full script.)

    As far as I know, Drag and Drop still has to temporarilly store the data somewhere while its being drug. The where is a good question though.
     
Loading...
Thread Status:
Not open for further replies.