Password Manager

Which Password Manager do you guys recommend and why? Which is the most secure? Thanks.

 

Might as well give a plug for our Password Manager: RememberMe
It's free and easy to use.

 

i use LastPass which has a FF extension as well.

 

Is it better to use a standalone password manager or one integrated into the browser?

 

I like the 1.x version of KeePass http://www.keepass.info/news/n090606_1.16.html

I prefer using a standalone password manager. I just feel browsers are under attack more than separate password managers.

In my case, I keep my passwords on a USB drive with KeePass. Nothing ever permanently on any PC that has my passwords. And the KP database is encrypted (and named very obscurely) so it's safe on the USB drive too...

 

Roboform - flawless

 

All these password managers are capable of generating their own passwords right?

 

Yes

 

Can it be integrated with all browsers just like their builtin password manager?

 

lastpass can and works great for me.

 

KeePass can be used with Auto-Type (similar to browser integration), drag 'n drop or by copy/paste via the clipboard. I use what I consider to be the safest approach, which is drag 'n drop. (BTW, for reasons unknown to me, drag 'n drop does not funtion with Opera. Which doesn't bother me as I don't use Opera.)
http://www.keepass.info/features.html

 

Copy/ paste seems not good( remember clipboard loggers).

BTW I use Opera,s built in one and it works very well. That must be enough as I don,t deal with any secret things and don,t do intrenet banking.

 

KeePass seems interesting. Im going to give it a try. Whats the difference between the classic a professional versions? Which one should I try?

 

I think the most widely used are:

Roboform
KeePass

Plus built in password managers in different browsers.

I never saw some body putting these managers into some real tests to see how safe they are.

 

It would be interesting if someone would test these apps with leading screen, key and clipboard loggers. Anyone up for this?

 

Yes, I wish that too but this testing is not easy I think.

 

There's a wide choice of these.

My preferred password manager ('tk8') meets all the requirements sought and more, but it isn't free.
I've used it for years, and it has never failed me.

http://www.tk8.com/

 

I use KeePass. Have been for years.

As for testing against Keyloggers, I don't think there is really any point. ALL keys can be captured if you hook low enough into the system, because at some point there's a systematic keypress (the system has to accept a keystroke be it hardware, software, or virtual) and has to produce the output of that stroke (the form its going into). The best you can do is prevent compromises on your database(s) when your not in direct control of them.

KeePass does encrypt your passwords in Memory though, which should help prevent some attacks from reading them right out of memory.

It's a cat and mouse game, You build a smarter mouse, and there will always be a trickier cat.

 

Is it even vulnerable if you use the drag n drop method as outlined by Han?

 

KeePass 2.x offers/has lots of options I don't want or need. It also requires Microsoft .NET Framework to run. For me, KeePass 1.x is nice and simple. It has all the essentials and is all I was and am looking for. And it's still being actively developed.

I don't claim to understand Windows to any great depth but from what I've seen, drag 'n drop does not appear to use the clipboard like copy and paste do. And if I make the decision of when to enter my passwords and when not to, then I hopefully won't enter my information on a faked website like AutoType might (or a browser password manager also might do.)

 

password agent
i've tried it, very good

http://moonsoftware.com/pwagent.asp
(free lite version also available)

 

Thanks for your response Han. I just realised theres actually a link to a comparison page on the downloads page.

Also very good point on the dangers of auto-type. Another point in favour of drag n drop.

 

I don,t know about others but in Opera, it will not enter the password also unless u click to do so. Same is true of Roboform and must be a basic feature of any password manager indeed.

 

If you want to quickly fill out login forms in your favourite browser Firefox, I vote for Lastpass.

Besides that, I'm also using Password Safe and Repository, which in my opinion is just great. I store everything in there. From simple login information, over serials, CD-Keys, license information, to mobile phone contract details, PIN, PUK, etc...

Having the Professional version, I can even create new forms to enter new data.

In my opinion, thats just the best Password Manager out there.

 

I use auto-type, but I do it manually. I open the page, so I know its the right one, then I open KeePass, manually select my password and hit the AutoType button. It switches (to my experiance) The last selected window, and types [USERNAME]<Tab>[PASSWORD]<Enter>. (Thats the default Auto-type script.) You can customize it on a per entry basis (Example: I have my Steam password set to only type my password, since it has problems with the full script.)

As far as I know, Drag and Drop still has to temporarilly store the data somewhere while its being drug. The where is a good question though.