I've been using Norton Identity Safe for a few years but I've found their online vault is becoming too unreliable so I might start using LastPass. I do still have a LastPass account and was happy with it last time I tried it but that was also years ago. Anyone with Win10 using LastPass? Yeah, I know it isn't supported on MS Edge.
Chrome extension works fine. I got a lifetime giveaway for Steganos Privacy Suite 15, using that for more important (but non-critical) passwords. LastPass I still use for many everyday or random sites.
Although they haven't been fully compromised, LastPass has been attacked before. Also, you're relying on someone else to store your password (albeit encrypted), and remain online for your lifetime (manual backup is a good idea). If you must use LastPass for more important sites, make sure to enable at least 2-Factor Authentication.
That's essentially the same risk I take with Norton's online ID Safe. At least LastPass have been up front about any breaches. Who knows if Symantec have been breached, or perhaps, how many times.
I assume you either have an extraordinary memory or you use the old fashioned method of pen and paper.
I use the old-fashioned method of pen and paper, but I use some sort of shorthand notes which are impossible to decipher for other people.
I've just installed Sticky Password and am entering some data in it. I did not opt for the Cloud Sync. I will keep everything here. I don't like the idea that my login password to their website has to be the same as the application password on my pc. That totally sucks. During installation of the android product, the password change function kept freezing the app. After 2 uninstalls and reinstalls, I finally got everything working and, so far, the syncs work fine. There are some functional issues. To create a new "group", one is forced to create it inside another group, and then move it out of that group. Some coding is needed to clean that up. What is the latest word regarding the security of Sticky Password? I did some research and didn't find anything that worries me, so far.
Presently use LastPass (Premium), as it is quite adequate for the simple needs I have and is only used on the one desktop computer I have. However, given the recent acquisition of LastPass by LogmeIn and the massive complaints/concerns over LogmeIn's reputation...I will certainly be closely monitoring what happens. From many posts I've read elsewhere, there appear to be a lot of LastPass users who are already looking for a different password manager program to replace it with, despite the "re-assurances" of the LP Dev folks and LP CEO, Joe, himself. The "ball is in LastPass/LogmeIn's court." Regards everyone!
Whether you memorize them or not. Write them down on paper and hide it well like I do, along with remembering most of them... the copy & paste method should be utilized regardless. Even if that means opening a text app and writing the PW on it, then copying & pasting it on the webpage, then closing that text file without saving it. Maybe store such a file in a TrueCrypt container/partition, sandboxed, or otherwise isolated. And I'm on the fence as to whether or not using a program like Keyscrambler would be beneficial or not lately to obfuscate the PW. Or if it's just another app you're giving sensitive info. to, which is why I don't use a PW manager in the first place. Can you trust it to not harvest your true keystrokes then send them out during your next update? Considering I have Keyboard (and screen capture) blocked for every single app via HIPS already I just don't think it's worth taking that chance. And everything functions just fine without having that access, although I've found every single thing requests it for some reason. So let's say I have Keyboard access blocked for Firefox altogether for example... would that protect me from having any site I visit using that browser from capturing my keystrokes?... or is that wishful thinking? Would there be any further point in scrambling my keystrokes, or copying & pasting? I've never been sure of this.
