Password vaults
Discussion
Given the advice to change all passwords due to this Heartbleed bug, I'm wondering if it's worth getting a password vault to keep them all in. I'd want something that I can access from either my PC or my Android phone, so I guess a file that's stored on my dropbox and accessible from both?
Any suggestions?
Any suggestions?
I use KeePass (and the Android app, I think it's called KeePassDroid or something similar) to do this, it integrates into Firefox quite nicely too.
It creates a file that you can store where you like (I have a copy on my phone, OneDrive and my phone) that you access using a password, it then copies the password to the clipboard so you can paste it into the password box. On the computer it clears the clipboard in 12 seconds, on the phone it clears when you clear the drop down screen thing.
Obvious downside is that if someone gets hold of this file and gets into it they have all your passwords, but as you only have to remember one it can be much longer.
Upside is that you don't have to remember them so the passwords can be random letters, numbers and punctuation and you can get the program to generate them for you.
It creates a file that you can store where you like (I have a copy on my phone, OneDrive and my phone) that you access using a password, it then copies the password to the clipboard so you can paste it into the password box. On the computer it clears the clipboard in 12 seconds, on the phone it clears when you clear the drop down screen thing.
Obvious downside is that if someone gets hold of this file and gets into it they have all your passwords, but as you only have to remember one it can be much longer.
Upside is that you don't have to remember them so the passwords can be random letters, numbers and punctuation and you can get the program to generate them for you.
megaphone said:
Yep, excellent product.megaphone said:
I have that for macs, ipad, android and windows plus browser extensions - very good, though costs a bit more than the others.RizzoTheRat said:
How does the autofill in web browser bit that several of these mention work then? Do you get a separate popup where you type in your vault password and then it inserts the relevant password for the page?
Yes.. Or you go straight to the site via the app after entering your master password.Another vote for lastpass. Auto fill on android as well if you pay for the premium version (< £10/year).
There are a few things I don't store in there : Bank password / Email password but everything else goes in there.
Also their response to heartbleed has been very good
http://blog.lastpass.com/2014/04/lastpass-and-hear...
http://blog.lastpass.com/2014/04/lastpass-now-chec...
There are a few things I don't store in there : Bank password / Email password but everything else goes in there.
Also their response to heartbleed has been very good
http://blog.lastpass.com/2014/04/lastpass-and-hear...
http://blog.lastpass.com/2014/04/lastpass-now-chec...
Another vote for KeyPass here.
There's one thing KeyPass doesn't do, which I have addressed with a standalone Windows application and that I'm planning on rewriting as a KeePass plugin, is the Verified by Visa / MasterCard SecureCode thing where it asks you for letter x, y and x from your password.
Also, be aware that some websites will actively prevent you from pasting in your password from a password vault. They feel that by forcing users to type in their password they are increasing security. Despite having a massive debate / argument with a friend on my Facebook about this, I maintain that all this does is to encourage a user to use a shorter and simpler password.
There's one thing KeyPass doesn't do, which I have addressed with a standalone Windows application and that I'm planning on rewriting as a KeePass plugin, is the Verified by Visa / MasterCard SecureCode thing where it asks you for letter x, y and x from your password.
Also, be aware that some websites will actively prevent you from pasting in your password from a password vault. They feel that by forcing users to type in their password they are increasing security. Despite having a massive debate / argument with a friend on my Facebook about this, I maintain that all this does is to encourage a user to use a shorter and simpler password.
FWIW I tried abine MaskMe which masks your email address and creates/saves passwords. I was unable to subscribe to the premium service but whilst the program happily stored my newly generated secure passwords, it forgot the websites and usernames. I now have an impressive list of secure passwords and no idea where they belong.
RizzoTheRat said:
How does the autofill in web browser bit that several of these mention work then? Do you get a separate popup where you type in your vault password and then it inserts the relevant password for the page?
With KeyPass you have a keyboard shortcut (default is ctrl alt a) which selects the correct entry from the vault based on the title of the window you are viewing (so a window with "Pistonheads" in the title will auto-type your PH user/password).You can also change the sequence and what is typed (the default is user [tab] password [enter] ) as well as adding delays etc (eg if you enter your username, click next, then enter your password on the next screen).
Finally, if you have multiple entries tied to the same window (eg multiple users for the same site/system etc) it will popup with a list of matching users and you select the one you want to use.
I've used LastPass for quite a while now and use it to store everything apart from banking and email. Recently tried 1Password too which is visually better but not as fast to use IMO. I think out of the two I prefer Lastpass.
In response to heartbleed Lastpass have a security checker that tells you which of your stored sites that you should change password. Very handy.
In response to heartbleed Lastpass have a security checker that tells you which of your stored sites that you should change password. Very handy.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff