https://www.pwsafe.org/
I have never used one before but am getting to the point where it seems like it might be a good idea. I did a cursory look on TenForums but it was inconclusive:
https://www.tenforums.com/search.php?searchid=11357568
Anyone have an opinion on a password manager? I came up with Password Safe but was curious what you all thoguht. TIA.
I have always and only used keepass from KeePass Password Safe
I checked out pwsafe from your link and it is very similar.
I've used Roboform for many years- available on Windows, Android, able to share the same data across devices via 'the cloud'.
It has one feature I've never found on others I've tried - the ability to display a text box (prompt) - useful where variable characters must be manually filled e.g. in drop-downs. (Example financial sites, chars 1,3,4 one time, 2,5,6 another etc).
Works in many browsers- Chrome, Edge, Firefox...
A general word of warning on security and two-stage logins for important (e.g. bank) sites:
Keep data for one stage of security data NOT in your password manager but somewhere else. That way you are better protected.
I use Lastpass on desktop and mobile devices. I like the idea that you can log in using your fingerprint on mobile devices making them reasonably secure.
Thanks to all who responded thus far this New Years Day. Including the one that I referenced that's 4 different apps mentioned from 4 different people : )
That should narrow it down!
¯\_(ツ)_/¯
Personally, I put everything in a [password-protected] Excel spreadsheet that lives on a USB stick that lives on a keyring that is always with me & which clips onto another ring sewn inside my jacket.
- I back it up onto an SD card that is otherwise blutacked to the wall behind my boiler.
- I never connect this USB while I am online.
- I never connect this USB even offline whilst a browser is showing any webpage other than one within my bank's secure area [if that is infected then all bets are off anyway].
- I can also read this spreadsheet by connecting the USB to my phone.
- If I need to get a password I copy it whilst offline then remove the USB again before going back online.
- I do not have the convenience that you would have if you used a password manager.
Denis
Very good policies, but you might loose USB or someone might steal it from you. There are ways to get excel files to open. I hope, you are using the latest version, since old versions did not encrypt.
You might consider Keepass. You need a password and a key file to open it, entered on a secure desktop, so no keyloggs or screenshots can be taken. Also it can input a password randomly, since copy/paste can be hijacked. For example: Password123 would be entered like: a3d1swPor2
@TairikuOkami & the OP,
If I used a password manager utility instead, I would want its datafile to be 'portable' and to run in both Windows & Android. My Excel solution [referred to in my last post] runs in Windows, Android & Mac probably without any need to install additional software.
1 If I lost the passwords USB I would respond as though it had been stolen unless I knew for certain that it had merely been destroyed [in an accident] in which case I would make a new one using the boiler wall backup. It would require two unlikely faults in my jacket for the USB to be accidentally lost.
2 If a burglar or a mugger gets hold of my USB / its backup or if either is lost to an uncertain fate I will give myself a maximum of 100 hours to change all financial logins and all key non-financial ones [such as email logins]. I imagine that I'd take longer changing things that cannot be used as stepping stones to fraud.
3 If I accidentally connected the USB whilst online or whilst a browser was on any webpage other than my bank's secure area or if I discovered that my computer was infected, I would react as though it had been stolen.
I adopted Excel .xlsx as the file structure to use because I have it on all my computers and I have applications on my phones that can open password-protected Excel files [from the USB i.e. without having to use the cloud]. Just as conveniently, if I was away from home then I could use the computer of a trusted friend if my own had been lost/stolen/destroyed.
- Excel 2007 was the first to achieve good protection of its passwords and later versions are even better.
- I have found no evidence that the relevant security structures in Excel 2007 or later versions can be bypassed so I believe that social engineering or brute-force attacks are the only way to get into these files. 'Dictionary' attacks are no quicker than brute-force attacks.
- Word would be no more or less secure but I'd have to structure the data within it so that would incur additional design & maintenance effort.
- By contrast, Excel 2003's internal protection structures can simply be bypassed so its passwords are worthless.
- I sent some password-protected Excel 2007 test files through some tools & online services that claimed to be able to crack them but they could not. I suspect that their claims had merely had Excel 2003 crossed out & Excel 2007 written in.
- MS Access 2007 contains an alleged vulnerability that, so it was claimed, allows databases smaller than about 25MB to be cracked by methods other than brute-force attacks. I could find nothing to prove or to refute these claims but my attention had already turned to the portability of Excel files [Windows, Mac, Android] so I just ditched the Access idea without investigating any further.
- All these comments apply to passwords needed for opening files not to those for being able to change files or to those relatively easily bypassed passwords for protecting access to VBA modules.
My personal password policy
- I use long random-character passwords that would give hackers a 1/1,000,000 chance of opening a password-protected Excel 2007 file within the 100 hour processing period that many hackers offer to others as a standard service.
- This is actually a bleak view because I extrapolated to potential processing speeds in thirty years time by assuming a doubling of processing power every year [instead of the more realistic doubling every 18-24 months that is often quoted from Moore's law & David House's codicil] and I assumed a hacking botnet of 2 million GPU-equivalents.
- I worked out my policy in discussion with Rohn007, a highly-regarded Excel user & contributor to the MSAnswers forum, - see How secure are Office 2007 password-protected files
- A consolidated & more concise [alright, less long-winded] explanation is given in my 20th & 23rd June 2015 posts at http://answers.microsoft.com/en-us/w...8-cf7a9b399774
- I generally use 18-21 character passwords.
I also have my Windows user passwords & a select few [non-financial] others written down within a large array of characters on a piece of paper kept within a Dog collar ID tag that also lives on my keyring. This is really just for convenience during system troubleshooting.
Denis
Quote
