The best and most secure password manager

  • Thread starter EngWiPy
  • Start date
  • #1
1,367
61

Main Question or Discussion Point

Hi,

I am thinking to use a password manager, but I am not sure 1) if it will help me remember my passwords, and 2) if it is secure.

If they are useful and secure, what are the best (free and commercial) password managers out there to use?

Thanks
 

Answers and Replies

  • #2
1,393
1,191
I generally use Google to save my passwords. It automatically saves all passwords that I enter on chrome. But I never save my bank details in it. In today's world, anything could happen...o_O

Another option is to write your passwords on a piece of paper and keep it somewhere safe and secure.
 
  • #3
33,477
5,167
Another option is to write your passwords on a piece of paper and keep it somewhere safe and secure.
That's what I do, although the focus is more on "keep it somewhere.."
 
  • #4
1,367
61
I guess storing them on the browser is one option, but what would happen when you clear the history and cookies in the browser? They would be gone.
 
  • #5
1,393
1,191
I guess storing them on the browser is one option, but what would happen when you clear the history and cookies in the browser? They would be gone.
Storing anything from chrome means you're storing them on your Google account. When you clear your browser history, there will be an option "Clear saved passwords". Just uncheck that for safety.
 
  • Like
Likes EngWiPy
  • #6
233
97
I don't consider password storage in browsers to be a password manager. A password manager is is something like LastPass or OnePass, preferably secured using 2 Factor Authorization techniques (password + something like YubiKey, 2FA Apps, etc).
 
  • #7
vela
Staff Emeritus
Science Advisor
Homework Helper
Education Advisor
14,613
1,249
I am thinking to use a password manager, but I am not sure 1) if it will help me remember my passwords, and 2) if it is secure.
It will almost certainly not help you remember your passwords. The main benefit of a password manager is being able to use strong, high-entropy passwords, which you don't have to remember, instead of relying on easily remembered but weak passwords.

If they are useful and secure, what are the best (free and commercial) password managers out there to use?
I've been using 1Password for over a decade now, and I still consider it one of the best software purchases I ever made.

There are many articles comparing various password managers, and most password managers, if they're not free, have a free trial so you can see which one fits your needs the best.
 
  • Like
Likes FactChecker
  • #8
symbolipoint
Homework Helper
Education Advisor
Gold Member
5,909
1,060
Hi,

I am thinking to use a password manager, but I am not sure 1) if it will help me remember my passwords, and 2) if it is secure.

If they are useful and secure, what are the best (free and commercial) password managers out there to use?

Thanks
I generally use Google to save my passwords. It automatically saves all passwords that I enter on chrome. But I never save my bank details in it. In today's world, anything could happen...o_O

Another option is to write your passwords on a piece of paper and keep it somewhere safe and secure.
First, do an internet search and also a search on YouTube. Find what you like and investigate further. MY PICK for a good password manager, although I honestly do not know how secure it is, is LastPass. It seems to work very very well (mostly).

As the other member said, writing your login combination on paper kept in a paper-hard file is a very important thing to do.
 
  • #9
FactChecker
Science Advisor
Gold Member
5,522
2,018
I have used Password Safe for Windows for a while now and recommend it (especially over other non-manager schemes) (see https://en.wikipedia.org/wiki/Password_Safe ). It is free. It allows drag-and-drop of ID, passwords, etc. without leaving a copy in the clipboard or buffer. It can autogenerate passwords if you ask it. Everything is encrypted using Twofish encryption.

I have separate schemes for different categories of passwords:
1) High security, daily use, where I what to remember the password: I use the first letter of each syllable of favorite song lines, with a pattern of capitalization and special charactors.
2) High security, rare use, where bringing up Password Safe each time will not be a burdon: I let Password Safe auto-generate a PW and don't try to remember it.
3) Low security, where I don't care much if someone hacks it: I use a generic PW that I can easily remember.

All the passwords are kept in Password Safe except a few of the low-security uses. I also keep notes in Password safe of any verification question answers, phone numbers, etc.

PS. If anyone recognizes a flaw or risk in this approach, please let me know. I would rather be safe than sorry. Thanks.
 
Last edited:
  • #10
ZapperZ
Staff Emeritus
Science Advisor
Education Advisor
Insights Author
35,646
4,418
It will almost certainly not help you remember your passwords. The main benefit of a password manager is being able to use strong, high-entropy passwords, which you don't have to remember, instead of relying on easily remembered but weak passwords.


I've been using 1Password for over a decade now, and I still consider it one of the best software purchases I ever made.

There are many articles comparing various password managers, and most password managers, if they're not free, have a free trial so you can see which one fits your needs the best.
I use 1Password as well, and have been using it for years. I have the app on my iPhone, my iPad, my Windows machine, and my Macbook. Each time I enter a new password entry, or change one of the existing password, it updates all of them. So I always have all of my passwords at any given time.

It has plenty of other features as well, such as going directly to the webpage from the password entry page, but storing all of my passwords securely in convenient locations when I want them is the most important feature.

Zz.
 
  • Like
Likes FactChecker
  • #11
FactChecker
Science Advisor
Gold Member
5,522
2,018
It has plenty of other features as well, such as going directly to the webpage from the password entry page, but storing all of my passwords securely in convenient locations when I want them is the most important feature.
What are your thoughts on the security of storing passwords in the cloud? Because I fear them getting hacked I have always balked at that, but it would be convenient.
 
  • #12
ZapperZ
Staff Emeritus
Science Advisor
Education Advisor
Insights Author
35,646
4,418
What are your thoughts on the security of storing passwords in the cloud? Because I fear them getting hacked I have always balked at that, but it would be convenient.
Here's the thing about getting hacked : the losers who are doing the hacking to gain personal info on people, such as getting credit card numbers, often want to get to things easily! That's why they try to get as many as they can, so that they'll be able to profit from as many as they can, as quickly as they can. In most cases, they won't waste time on the higher-hanging fruit. And these passwords are encrypted even when they are stored in the cloud. It will take effort to break the encryption, something they'd rather not waste their time on.

No encryption is infallible, the same way no security measures you have for your house will prevent a break-in for a very determined burglar. But unless someone is targeting you personally, he/she will usually not waste their time trying to hack encrypted passwords when he/she can easily go elsewhere and get other things with less effort.

Zz.
 
  • Like
Likes Wrichik Basu and FactChecker
  • #13
FactChecker
Science Advisor
Gold Member
5,522
2,018
But unless someone is targeting you personally, he/she will usually not waste their time trying to hack encrypted passwords when he/she can easily go elsewhere and get other things with less effort.
That sounds logical. I'll buy that. Thanks.
 
  • #14
harborsparrow
Gold Member
534
108
I am a sysadmin AND a developer, working multiple consultancy jobs, and I have to remember many passwords, some very important. I was on the verge of buying and using a password manager a few years ago, when suddenly I read that that product had been broken into, and all the info people had stored in it became compromised.

So. Instead, I resorted to using patterns. I have about 3 different schemes, and I'm not about to describe them, but I can represent a specific password with a set of hints, and I don't think anyone on earth could jump from my hints to the actual password so long as I don't tell any living human what my system is. And then, I write down a hint for every single password. And I keep a backup of my written-down hints. This has worked very well. The hints are even reachable over the web (I won't say how) because I need that capability on occasion.
 
  • #15
2
0
I use lastpass firefox and chrome addon to store password and it is secure and reliable.
 
  • #16
phyzguy
Science Advisor
4,483
1,436
I use a system similar to @harborsparrow. I think any password manager is susceptible to being hacked, so I don't trust them. So I write down hints in a physical notebook. It's not accessible over the internet, so it can't be hacked. If someone finds or steals the notebook, the hints are not enough to let them come up with the passwords.
 
  • Like
Likes harborsparrow
  • #17
symbolipoint
Homework Helper
Education Advisor
Gold Member
5,909
1,060
I use lastpass firefox and chrome addon to store password and it is secure and reliable.
I find LastPass fails to handle multiple logins for single sites. Usually fine for one site with one login combination; but more than one account login for one site and failure to be reliable LastPass. Trouble has been at Yahoo, and AOL. Sometimes LastPass asks, "Want to revise or update or change this...?"; but I already did those as affirmatives and LastPass destroyed the account at that site, so I had to manually redo two login combinations.
 
  • Like
Likes FactChecker
  • #18
Vanadium 50
Staff Emeritus
Science Advisor
Education Advisor
2019 Award
24,285
7,098
What are your thoughts on the security of storing passwords in the cloud?
LastPass does not store your passwords in the cloud. The thing they store can generate the site-specific password from the master password, but they store neither the master password nor any site specific password themselves. The advantage of this is that nobody can get your passwords without the master password. The disadvantage of this is that this includes you if you forget your master password.
 
  • Like
Likes FactChecker
  • #19
1,393
1,191
Recently chrome has started providing random passwords when you sign up for any site. The passwords are generated, and automatically saved to the Google account. I haven't tried it yet, but if you have 2-step verification switched on for your Google account, then it might be a good idea, except for net banking. Though I don't know how strong those passwords are.
 
  • #20
18,122
7,616
I'm fine with Chrome remembering all my passwords for me.
 
  • #21
LastPass, without any doubt.
 
  • #22
symbolipoint
Homework Helper
Education Advisor
Gold Member
5,909
1,060
I'm fine with Chrome remembering all my passwords for me.
And it works very well for this.


LastPass, without any doubt.
Yes, until you have multiple logins for one sign-in site - but then until you know what to do about this, which I am just recently learning.
 
  • #23
165
35
My professional opinion is to never allow a browser to store any passwords (or any other non-secured application), at least for anything you want to keep as secured and protected as possible.

If you're going to store your passwords anywhere, I'd suggest anything that encrypts both your login and the data it stores. Browsers (Firefox, Chrome, etc) aren't the most secure spots, and are often incredibly easy to extract (Chrome used to save them across all user profiles, and Google stores their passwords in clear text for speed while relying on other measures of security, so I'd never recommend using Chrome for anything that requires secure transmission).

There's no perfect solution, unfortunately. Me, personally, I just remember all my passwords and don't have them written down anywhere. While not perfect, it works for me.
 
  • Like
Likes harborsparrow
  • #24
8,460
5,336
Me, personally, I just remember all my passwords and don't have them written down anywhere. While not perfect, it works for me.
How many passwords must you remember?
Do you use the same password more than one place?
How often do you change them?
 
  • #25
165
35
How many passwords must you remember?
Do you use the same password more than one place?
How often do you change them?
I use similar passwords for things that I wouldn’t care if they got compromised (junk email accounts, certain forum accounts, etc).

I juggle about 30 passwords that get changed and updated every 6 months. Each major account (banking, PayPal, website, databases, etc) all have different passwords.
 
  • Like
Likes harborsparrow and anorlunda

Related Threads on The best and most secure password manager

Replies
3
Views
2K
  • Last Post
Replies
8
Views
6K
  • Last Post
Replies
1
Views
6K
  • Last Post
Replies
1
Views
2K
  • Last Post
Replies
1
Views
1K
Replies
21
Views
4K
  • Last Post
Replies
7
Views
3K
  • Last Post
Replies
4
Views
2K
  • Last Post
Replies
18
Views
3K
  • Last Post
Replies
3
Views
4K
Top