Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

The best and secure password manager

  1. Jun 19, 2018 #1
    Hi,

    I am thinking to use a password manager, but I am not sure 1) if it will help me remember my passwords, and 2) if it is secure.

    If they are useful and secure, what are the best (free and commercial) password managers out there to use?

    Thanks
     
  2. jcsd
  3. Jun 19, 2018 #2

    Wrichik Basu

    User Avatar
    Gold Member

    I generally use Google to save my passwords. It automatically saves all passwords that I enter on chrome. But I never save my bank details in it. In today's world, anything could happen...o_O

    Another option is to write your passwords on a piece of paper and keep it somewhere safe and secure.
     
  4. Jun 19, 2018 #3

    Mark44

    Staff: Mentor

    That's what I do, although the focus is more on "keep it somewhere.."
     
  5. Jun 19, 2018 #4
    I guess storing them on the browser is one option, but what would happen when you clear the history and cookies in the browser? They would be gone.
     
  6. Jun 20, 2018 #5

    Wrichik Basu

    User Avatar
    Gold Member

    Storing anything from chrome means you're storing them on your Google account. When you clear your browser history, there will be an option "Clear saved passwords". Just uncheck that for safety.
     
  7. Jun 20, 2018 #6
    I don't consider password storage in browsers to be a password manager. A password manager is is something like LastPass or OnePass, preferably secured using 2 Factor Authorization techniques (password + something like YubiKey, 2FA Apps, etc).
     
  8. Jun 20, 2018 #7

    vela

    User Avatar
    Staff Emeritus
    Science Advisor
    Homework Helper
    Education Advisor

    It will almost certainly not help you remember your passwords. The main benefit of a password manager is being able to use strong, high-entropy passwords, which you don't have to remember, instead of relying on easily remembered but weak passwords.

    I've been using 1Password for over a decade now, and I still consider it one of the best software purchases I ever made.

    There are many articles comparing various password managers, and most password managers, if they're not free, have a free trial so you can see which one fits your needs the best.
     
  9. Jun 21, 2018 #8

    symbolipoint

    User Avatar
    Homework Helper
    Education Advisor
    Gold Member

    First, do an internet search and also a search on YouTube. Find what you like and investigate further. MY PICK for a good password manager, although I honestly do not know how secure it is, is LastPass. It seems to work very very well (mostly).

    As the other member said, writing your login combination on paper kept in a paper-hard file is a very important thing to do.
     
  10. Jun 21, 2018 #9

    FactChecker

    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    I have used Password Safe for Windows for a while now and recommend it (especially over other non-manager schemes) (see https://en.wikipedia.org/wiki/Password_Safe ). It is free. It allows drag-and-drop of ID, passwords, etc. without leaving a copy in the clipboard or buffer. It can autogenerate passwords if you ask it. Everything is encrypted using Twofish encryption.

    I have separate schemes for different categories of passwords:
    1) High security, daily use, where I what to remember the password: I use the first letter of each syllable of favorite song lines, with a pattern of capitalization and special charactors.
    2) High security, rare use, where bringing up Password Safe each time will not be a burdon: I let Password Safe auto-generate a PW and don't try to remember it.
    3) Low security, where I don't care much if someone hacks it: I use a generic PW that I can easily remember.

    All the passwords are kept in Password Safe except a few of the low-security uses. I also keep notes in Password safe of any verification question answers, phone numbers, etc.

    PS. If anyone recognizes a flaw or risk in this approach, please let me know. I would rather be safe than sorry. Thanks.
     
    Last edited: Jun 21, 2018
  11. Jun 22, 2018 #10

    ZapperZ

    User Avatar
    Staff Emeritus
    Science Advisor
    Education Advisor

    I use 1Password as well, and have been using it for years. I have the app on my iPhone, my iPad, my Windows machine, and my Macbook. Each time I enter a new password entry, or change one of the existing password, it updates all of them. So I always have all of my passwords at any given time.

    It has plenty of other features as well, such as going directly to the webpage from the password entry page, but storing all of my passwords securely in convenient locations when I want them is the most important feature.

    Zz.
     
  12. Jun 22, 2018 #11

    FactChecker

    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    What are your thoughts on the security of storing passwords in the cloud? Because I fear them getting hacked I have always balked at that, but it would be convenient.
     
  13. Jun 22, 2018 #12

    ZapperZ

    User Avatar
    Staff Emeritus
    Science Advisor
    Education Advisor

    Here's the thing about getting hacked : the losers who are doing the hacking to gain personal info on people, such as getting credit card numbers, often want to get to things easily! That's why they try to get as many as they can, so that they'll be able to profit from as many as they can, as quickly as they can. In most cases, they won't waste time on the higher-hanging fruit. And these passwords are encrypted even when they are stored in the cloud. It will take effort to break the encryption, something they'd rather not waste their time on.

    No encryption is infallible, the same way no security measures you have for your house will prevent a break-in for a very determined burglar. But unless someone is targeting you personally, he/she will usually not waste their time trying to hack encrypted passwords when he/she can easily go elsewhere and get other things with less effort.

    Zz.
     
  14. Jun 22, 2018 #13

    FactChecker

    User Avatar
    Science Advisor
    Gold Member
    2017 Award

    That sounds logical. I'll buy that. Thanks.
     
  15. Nov 27, 2018 #14

    harborsparrow

    User Avatar
    Gold Member

    I am a sysadmin AND a developer, working multiple consultancy jobs, and I have to remember many passwords, some very important. I was on the verge of buying and using a password manager a few years ago, when suddenly I read that that product had been broken into, and all the info people had stored in it became compromised.

    So. Instead, I resorted to using patterns. I have about 3 different schemes, and I'm not about to describe them, but I can represent a specific password with a set of hints, and I don't think anyone on earth could jump from my hints to the actual password so long as I don't tell any living human what my system is. And then, I write down a hint for every single password. And I keep a backup of my written-down hints. This has worked very well. The hints are even reachable over the web (I won't say how) because I need that capability on occasion.
     
  16. Dec 5, 2018 #15
    I use lastpass firefox and chrome addon to store password and it is secure and reliable.
     
  17. Dec 5, 2018 #16

    phyzguy

    User Avatar
    Science Advisor

    I use a system similar to @harborsparrow. I think any password manager is susceptible to being hacked, so I don't trust them. So I write down hints in a physical notebook. It's not accessible over the internet, so it can't be hacked. If someone finds or steals the notebook, the hints are not enough to let them come up with the passwords.
     
  18. Dec 5, 2018 #17

    symbolipoint

    User Avatar
    Homework Helper
    Education Advisor
    Gold Member

    I find LastPass fails to handle multiple logins for single sites. Usually fine for one site with one login combination; but more than one account login for one site and failure to be reliable LastPass. Trouble has been at Yahoo, and AOL. Sometimes LastPass asks, "Want to revise or update or change this...?"; but I already did those as affirmatives and LastPass destroyed the account at that site, so I had to manually redo two login combinations.
     
  19. Dec 6, 2018 at 3:13 PM #18

    Vanadium 50

    User Avatar
    Staff Emeritus
    Science Advisor
    Education Advisor
    2017 Award

    LastPass does not store your passwords in the cloud. The thing they store can generate the site-specific password from the master password, but they store neither the master password nor any site specific password themselves. The advantage of this is that nobody can get your passwords without the master password. The disadvantage of this is that this includes you if you forget your master password.
     
  20. Dec 6, 2018 at 3:41 PM #19

    Wrichik Basu

    User Avatar
    Gold Member

    Recently chrome has started providing random passwords when you sign up for any site. The passwords are generated, and automatically saved to the Google account. I haven't tried it yet, but if you have 2-step verification switched on for your Google account, then it might be a good idea, except for net banking. Though I don't know how strong those passwords are.
     
  21. Dec 6, 2018 at 4:12 PM #20
    I'm fine with Chrome remembering all my passwords for me.
     
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted