Best password manager?
Discussion
colin79666 said:
Filling in fields without user input is actually a bit of a security risk. It has been found to fill in hidden form fields and therefore details can be stolen (at least in theory).
It is only 2 clicks to populate with Bitwarden.
Does it actually fill in the real data? I had assumed it was some kind of proxy placeholder until you submit. If not that does sound dodge yes. It is only 2 clicks to populate with Bitwarden.
How certain?
Lim said:
Does it actually fill in the real data? I had assumed it was some kind of proxy placeholder until you submit. If not that does sound dodge yes.
How certain?
Unsure if they every fixed it, I just turned the feature off. How certain?
https://www.theregister.com/2017/01/10/autocomplet...
colin79666 said:
Unsure if they every fixed it, I just turned the feature off.
https://www.theregister.com/2017/01/10/autocomplet...
Jeez.... disabled, thanks!https://www.theregister.com/2017/01/10/autocomplet...
I just assumed it was so slow, because they couldn't be so lax to prefill the actual data, and something clever was going on.....
Edited by Lim on Sunday 21st February 10:10
Tye Green said:
It seems those who use password managers have huge trust in those that provide the service
you have to, obvs.....IMHO, using a "reputable" PM offers the best security, other than writing down stupidly complex PW;s.........andthen what happens if you get burgled and thye find your list ?
Given the amount of logins we all need now, I suspect its almost impossible to maintain strong and very different PWs'.
Tye Green said:
It seems those who use password managers have huge trust in those that provide the service
The National Cyber and Security Centre says you should be using one - and they're right. Even more so when the password manager is secured with 2FA etc as well.https://www.ncsc.gov.uk/blog-post/what-does-ncsc-t...
In fact anyone NOT using a password manager of some sort is highly likely to be more at risk due to chronic password re-use or ones that are susceptible to brute force/dictionary attacks. A password manager allows you to have a single, unique and strong password for every site you use. If you want one run locally without a third-party involved then yes, you can do that but even cloud-syncing ones like LastPass don't store anything in a way that can be decrypted in the cloud - all decryption is done on the device.
You are MUCH more secure with one than you are without, despite your brain trying to tell you the opposite.
Tye Green said:
It seems those who use password managers have huge trust in those that provide the service
Not necessarily. I use keepass, so nothing in the cloud.The computer's firewall doesn't allow keepass to access the internet, and has never logged an attempt to access the internet.
Unless it starts printing notes with my passwords and posting them, I'm reasonably relaxed.
ZesPak said:
Was planning on it this afternoon, but can you elaborate?
Basically this YC thread. https://news.ycombinator.com/item?id=21172569
But to be fair, I'm not informed enough to verify the more speculative comments on their privacy policy, so I should probably reign in my evangelicalism.
Can anyone more informed confirm?
The speed stuff is more easily verified. I just tested my browser speed with speedometer.
Lastpass - 79.4
1password - 117
No password manager - 132
Don't have bitwarden but from benchmarks, I guess it would be in the 120s
Perhaps it is all legit, but I'm not going to sift through the privacy policy to find out, when it's so easy to export.
Edited by Lim on Tuesday 23 February 12:06
xeny said:
Not necessarily. I use keepass, so nothing in the cloud.
The computer's firewall doesn't allow keepass to access the internet, and has never logged an attempt to access the internet.
Unless it starts printing notes with my passwords and posting them, I'm reasonably relaxed.
Does that mean you can only use it on one device though?The computer's firewall doesn't allow keepass to access the internet, and has never logged an attempt to access the internet.
Unless it starts printing notes with my passwords and posting them, I'm reasonably relaxed.
KeePass has just the one file, but if you want to you can keep it on cloud storage and access it from there. My key file is in my dropbox account and accessed from my PC, laptop, phone (android) and old tablet (iPad). You can go two factor with a key file and potentially host that on another cloud account.
davek_964 said:
Does that mean you can only use it on one device though?
Depends - I actually run three databases - one is on a machine with no remote access and is to the really high value credentials - broker passwords and the like. Another is on a machine I can remote to, and if need be can go with me on an encrypted USB stick, or encrypted on my phone with a local keypass app.Things like a PH password lives in one drive, but obviously MS simply see it as another file to sync.
Mr Pointy said:
Well Bitwarden has turned out to be a disappointing bag of crap for me. I've downloaded the Firefox extension, logged in & gone Settings/Tools/Import & it just opens up the Import help web page, with no further dialogue box to select the .csv file to import. If I click on Export it opens up another dialogue but of course there are no sites in the vault. For some reason it also thinks it's entitled to close the bookmarks sidebar & open up it's own sidebar instead.
ste.
Right, it seems the fktards who wrote this software didn't bother to explain that you can only import when you're logged into the website, not from the browser extension.
So that will be the help web page that saysste.
Right, it seems the fktards who wrote this software didn't bother to explain that you can only import when you're logged into the website, not from the browser extension.
Edited by Mr Pointy on Wednesday 24th February 17:04
To import your data into a personal Vault:
1. Log into the Web Vault
where the words Web Vault are a link to the login page?
Seems pretty clear to me
stemll said:
So that will be the help web page that says
To import your data into a personal Vault:
1. Log into the Web Vault
where the words Web Vault are a link to the login page?
Seems pretty clear to me
Click on the browser icon. It says Log In to your vault. Not a crippled version of your vault.To import your data into a personal Vault:
1. Log into the Web Vault
where the words Web Vault are a link to the login page?
Seems pretty clear to me
Click on the browser icon. Go Settings/Tools/Import. It doesn't work. Nor does it tell you why it doesn't work.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff