What's new

Password Manager app SP3

spinachpie

Member
Anyone know of any password manager apps for SP3 that are reputable and trustworthy?

I haven't changed my passwords in a very long time and I know you're supposed to have a different one for each site, but I fail on both counts because I just can't remember them.

Is there a decent password manager which would allow me to do this?
 
Hi.
I have found Keepass to be very solid.
Download the professional edition, which is still free.

What I like:
  1. You can start very basic -with just a local file.
    As such it's very easy and relatively secure to use -It doesn't force you to use some cloud provider.


    But should you want to be more advanced you can do all sorts, like:
  2. If you do want to put your file on Dropbox/Onedrive/Ubuntu One or whatever (remote backup is good!), the file is encrypted there
  3. There are a wide range of apps for other platforms that can read it (on your tablet or phone)
    There's also a portable version that you could keep with a copy of your file on a USB stick for use on other people's computer
  4. You can set up autotype in your browser and any other desktop apps
    This is way more awesome than it sounds, as you can set up obfuscation to avoid keyloggers.
  5. For extra security, you can explore using a key file as well as a master password
    The key file can be any file, anywhere on your computer (that won't get changed!). So you have a master password (something you know) and tell it where to find a file like Pictures\Pets\myfurrycat.jpg (which is something you have and something you know).

  6. ..and so on.
 
Hi.
I have found Keepass to be very solid.
Download the professional edition, which is still free.

What I like:
  1. You can start very basic -with just a local file.
    As such it's very easy and relatively secure to use -It doesn't force you to use some cloud provider.


    But should you want to be more advanced you can do all sorts, like:
  2. If you do want to put your file on Dropbox/Onedrive/Ubuntu One or whatever (remote backup is good!), the file is encrypted there
  3. There are a wide range of apps for other platforms that can read it (on your tablet or phone)
    There's also a portable version that you could keep with a copy of your file on a USB stick for use on other people's computer
  4. You can set up autotype in your browser and any other desktop apps
    This is way more awesome than it sounds, as you can set up obfuscation to avoid keyloggers.
  5. For extra security, you can explore using a key file as well as a master password
    The key file can be any file, anywhere on your computer (that won't get changed!). So you have a master password (something you know) and tell it where to find a file like Pictures\Pets\myfurrycat.jpg (which is something you have and something you know).

  6. ..and so on.

Thanks. This is a desktop app. Do you know of any MUI app? I looked through the MS Store, but I could not find anything - maybe I missed it.

Edit: Of the ones that I could find, Keeper seems to look good, but there is no information of the kind of encryption that is used etc. Has a good rating, but only 7 of them. I am really leery of such things unless they come highly recommended. So, looking for suggestions.
 
Last edited:
I use Password Safe which is open source and has builds available for most platforms. It's not quite as full featured as some of the other models, but it's very secure and quite simple to use. It has changed my life.
 
Hi.
I have found Keepass to be very solid.
Download the professional edition, which is still free.

What I like:
  1. You can start very basic -with just a local file.
    As such it's very easy and relatively secure to use -It doesn't force you to use some cloud provider.


    But should you want to be more advanced you can do all sorts, like:
  2. If you do want to put your file on Dropbox/Onedrive/Ubuntu One or whatever (remote backup is good!), the file is encrypted there
  3. There are a wide range of apps for other platforms that can read it (on your tablet or phone)
    There's also a portable version that you could keep with a copy of your file on a USB stick for use on other people's computer
  4. You can set up autotype in your browser and any other desktop apps
    This is way more awesome than it sounds, as you can set up obfuscation to avoid keyloggers.
  5. For extra security, you can explore using a key file as well as a master password
    The key file can be any file, anywhere on your computer (that won't get changed!). So you have a master password (something you know) and tell it where to find a file like Pictures\Pets\myfurrycat.jpg (which is something you have and something you know).

  6. ..and so on.

+1 vote for KeePass. I put the file on my Google drive so it syncs to my phone / SP3 and home machine so I have updated access wherever I am.
 
Every time I think about this I get concerned over how screwed I'll be if my Password Manager gets hacked, cracked, or leaks. Nothing is impervious, nothing.
 
Every time I think about this I get concerned over how screwed I'll be if my Password Manager gets hacked, cracked, or leaks. Nothing is impervious, nothing.

Nothing worthwhile is not without risk. The only true way to combat this is to carry around your passwords with you at all times written in a notebook.
 
Thanks. This is a desktop app. Do you know of any MUI app? I looked through the MS Store, but I could not find anything - maybe I missed it.

Edit: Of the ones that I could find, Keeper seems to look good, but there is no information of the kind of encryption that is used etc. Has a good rating, but only 7 of them. I am really leery of such things unless they come highly recommended. So, looking for suggestions.
Hi - technically Keepass is the container format, with many apps for different platforms.
A quick search in the store brought up 'Metropass' and 'Passkeep', which both claim to be interoperable with Keepass 2.x files. Haven't tried either though.
 
Nothing worthwhile is not without risk. The only true way to combat this is to carry around your passwords with you at all times written in a notebook.
There a several things the Keepass desktop client supports for the extra paranoid:
  1. You can disable remembering the locations of your password files
  2. Your password file can be called anything, and located anywhere.
    In particular, I don't use a .kdbx extension, as you can just as easily store it in a file named 'taxaudit2015.xlsx' or 'reallybadsong.mp3'.
  3. As I noted above, use a Key File as well as a master password, and if you sync through a cloud service, keep the key file in an unsynced location - then just manually copy the key file to any devices you need it on.
  4. Use the Portable Keepass version, and store the app in an obscure location or on a USB key.
  5. You can use a Yubikey (haven't tried, but they're an external hardware token)
I do steps 1-3 of these, and while it's a bit of security-by-obscurity, when combined with step 4 it leaves your device itself with no obvious signs that you use Keepass at all.
Of course malware that watches your activities could technically gather all that info, and a hack that totally busted the protocol would still have the protection of your database being called reallybadsong.mp3.
I think they're solid protections against large scale attacks which would target common configs.

Extra : Use Keepass for 'Estate Knowledge Escrow'
My sister-in-law died several years back, and we had a beast of a time finding everything we had to wrap up for her.
Enlightened by this, the Keepass file that my wife and I share also contains things like insurance policy details, and utility account numbers, as well as passwords.
The idea is that if we both keel over suddenly, our lawyer and executor have access to a list of everything they need to sort out.
For safety we gave separate parts to our Lawyer, Executor and a (technically adept) friend:
  1. Lawyer
    a/ Copy of initial database, and means to access live copy
    b/ Password
  2. Executor
    a/ Copy of Key File
    b/ Password
  3. Friend
    a/ Copy of initial database, and means to access live copy
    b/ Copy of Key File
The theory being that any two of the parties can get to the info, but none can one their own.
Hasn't been tested -and if there is cause to, I won't be here to post the outcome!
 
Every time I think about this I get concerned over how screwed I'll be if my Password Manager gets hacked, cracked, or leaks. Nothing is impervious, nothing.

Pick an extremely strong password that is unique to the safe alone, and don't write it anywhere, don't tell it to anyone. The chance that it will be hacked is essentially zero if your password is reasonably strong, and the additional security you'll gain by not having any passwords shared across accounts, and none written or saved anywhere else will far outweigh that small risk. Hackers, like most thieves, look for the easy targets. With a decent password safe you are not an easy target.
 
Back
Top