The best and most secure password manager

  • Thread starter EngWiPy
  • Start date
In summary: For a long time, 1Password has been considered one of the best password managers available. It is very secure and has a free trial so you can see if it is the right solution for you.
  • #141
Having one thing and knowing one thing is not inherently better or worse than knowing two things or having two things.

You can still lose or forget things. Many "security experts" are so worried about a bad actor coming in and depriving you of your stuff that they do not think about the risk of losing or forgetting the key, which also deprives you of use of your stuff.

The two solutions for this would be a "master key" which unlocks everything, which now has the risk that the master key can be stolen, and am authentication system that requires M out of N keys. As mention earlier, bank transactions sort of do this already.
 
Computer science news on Phys.org
  • #142
Well, I am likely to switch from LastPass.

It's too secure. :smile: It's locked me out of my account several times. The issue is that it seems to be very fussy about using a YubiKey. You need to give your master password, wait for the YubiKey prompt, tell it not to use the YubiKey (!) but to use a different MFA, then remove and replace the YubiKey, and then enter the PIN and touch the YubiKey. You have five shots to get this right, and in the right order.

My LastPass support ticket has been in the works for a week. I don't think they even understand the symptoms yet. There is a one-day turnaround, and every day they want a screenshot or description of something that has already been described. There is no "try this" from them at this time.

Unless there is a fast turnaround, I think I'll be switching.
 
  • Wow
  • Informative
Likes symbolipoint and phinds
  • #143
I'm wondering if the popularity of Password Security Software is based on angst, personal insecurity, corporate decrees, or actual need... as perhaps national security reasons.

A FIrewall/Virus Scanner/Sandbox approach is quite protective... and A LOT less intrusive!
 
  • Skeptical
Likes fluidistic
  • #144
Tom.G said:
A FIrewall/Virus Scanner/Sandbox approach is quite protective... and A LOT less intrusive!
Huh?

They do different things.

I don't want to use the same password for an online store as my bank. If the store has a security leak, I don't want to give the crooks access to my bank account too. Further, I want to use more secure passwords. Qwerty is a bad passsword. B4y%mnyHCgrcUAWH is better. Well, at least it used to be before this post. A password manager makes it easy to use stronger passwords.
 
  • #145
Update: LastPass asked me if I wanted to give up troubleshooting. They haven't yet said "Try X and let us know what happens". (Other than "reinstall everything and see if it helps" which I did before I contacted them.
 
  • #146
Vanadium 50 said:
Huh?

They do different things.

I don't want to use the same password for an online store as my bank. If the store has a security leak, I don't want to give the crooks access to my bank account too. Further, I want to use more secure passwords. Qwerty is a bad passsword. B4y%mnyHCgrcUAWH is better. Well, at least it used to be before this post. A password manager makes it easy to use stronger passwords.
Ahh, OK.

I interpreted your use of passwords as when you operate locally, as booting or running specific software. I agree passwords are useful and necessary when interacting with various sites that have personal information.

Sorry for the confusion.

Cheers,
Tom
 
  • #147
Vanadium 50 said:
They haven't yet said "Try X and let us know what happens"
Well, they just did. They said to shut all the MFA off except for YubiKey and see what happens. What happens is exactly what you expect - I was locked out.

1Password? BitWarden?
 
  • #148
LastPass tech suppoty tried to blame YubiKey, but YubiKey tests all pass. They are back to "disable MFA"...days pass.." enable MFA"....days pass. It's really hard to conclude that anyone there has a clue.

Any suggested alternatives?
 
  • #149
Vanadium 50 said:
Any suggested alternatives?
Don't do anything on-line that is sensitive enough to require a password!

(I know, not real practical/convenient for many folks.)
 
  • #150
Yeah, that's not really practical.
 
  • #151
Vanadium 50 said:
LastPass tech suppoty tried to blame YubiKey, but YubiKey tests all pass. They are back to "disable MFA"...days pass.." enable MFA"....days pass. It's really hard to conclude that anyone there has a clue.

Any suggested alternatives?
What about keepassxc? It's open source. I understand that you won't get a quick response if at all in case of a problem, no ensured technical support, but you might not need it.
Also, I don't understand how people can ''trust'' Yubikeys (closed source hardware in a security scheme? What could go wrong...?). There are examples where millions of people trusted the company who later betrayed them shamelessly (Ledger, I am looking at you).
 
  • #152
Vanadium 50 said:
Any suggested alternatives?
I have been using Bitwarden Premium for three years now. It was (and still is) the cheapest among all the cloud password managers available — USD 10.00 annually is a great price IMO. You get the option of YubiKey OTP for 2FA if you have premium. The best thing is that I can also store all the authenticator codes along with the logins, so I can easily access 2FA codes from the browser even if I do not have the mobile. Being open-source adds another layer of security — hundreds of eyes have probably gone over their code, so loopholes, if any, are definitely found faster than a closed-source password manager. Premium also allows you to take advantage of their data breach monitors to see if any of your current passwords have been leaked.

N.B.: I don't use the YubiKey 2FA, so can't say anything about just that particular feature. Otherwise, it works good, at least for me.
 
  • #153
fluidistic said:
What could go wrong
What could go wrong?

Not using the YubiKey is like leaving a door (one of several in series) open. Is that better or worse than having your locksmith keep a copy of your key to that one door?
 
  • #154
Vanadium 50 said:
What could go wrong?

Not using the YubiKey is like leaving a door (one of several in series) open. Is that better or worse than having your locksmith keep a copy of your key to that one door?
My point is that there are alternative open source hardwares with an equivalent security, where you do not have to trust a 3rd party.
 
  • #155
Update. LastPass support told me to...and I am not making this up... install a keylogger and then enter my master password.
 
  • Wow
Likes DaveE and berkeman

Similar threads

Replies
12
Views
806
  • Computing and Technology
3
Replies
84
Views
4K
  • Computing and Technology
Replies
27
Views
4K
Replies
6
Views
7K
  • Computing and Technology
2
Replies
44
Views
4K
Replies
7
Views
2K
  • Computing and Technology
Replies
14
Views
1K
  • Computing and Technology
Replies
31
Views
3K
Replies
73
Views
6K
Replies
20
Views
1K
Back
Top