Hi everyone,

One question is constantly popping in my head and I keep fighting to figure out how to answer.

So here it is:
Are you for or agains a password manager to store all your passwords?

I am using a paid password manager, but keep asking myself is it really worth it, and am I compromising all my passwords if someone is willing to spend some time and hack my vaults. On the other hand the convenience and benefit of having all passwords in one place and also using different strong passwords for each of my accounts protects me from a weak security implementation on any third party service I use, because I am not re-using the same password everywhere.

  • 3
    I tend to use a lot the browser password manager, but where I can't use that, I tend to use similar passwords, like only 2-3 chars differ.

    Some of my passwords are in the form of:
    _{{ name }}{{ year or random numbers }}{{ ! or ? }}
    Other times I just use the same exact password as above, but with numbers instead of letters, like 3 instead of E, 4 instead of A and so on...

    This way, it's easy enough to keep track of passwords and they're safe enough and I don't have to pay a PW manager
  • 1
    Would you remember what random number you happened to use on a particular service if let's say you haven't logged in for months?

    I always happen to reset my password, change it for something that looks simple to remember and every time I come back I can't remember what I've used as a password.
  • 0
    @PappyHans the sequence of numbers is not really that random, like:
    - 123
    - 369
    - 1248

    it's a math sequence of some sort
  • 1
    You don't need to use a paid service, KeePass2 is free (and open source, and thoroughly audited, and works both for browsers, desktop programs, smartphones, and even has an ssh agent plugin).

    As far as 'hacking' your password database, all that is necessary is one keylogger running while you input your password to unlock your db (hence why more secure forms of authentication have been implemented).

    But if your setup is secure enough, it can be a good deterrent against a lower-level hack. By raising the bar, you reduce the pool of people interested in (and competent enough to) hacking you, thus improving your odds of not getting hacked in the first place.
  • 0
    @endor KeePass2 seems to be Windows only, and I am a mac user. However what password manager is used is not that important as this could vary based on many factors. I was more interested to see what people think about this in general. I am leaning more towards the use of them, but at the same time there is a trade offs as well.
  • 1
    @PappyHans lolwut, scroll down that download page, it supports macOS and linux as well (and there are even android and ios apps). Look in the "Keepass Packages" section.

    As for my thoughts on pros and cons, see my previous comment.
  • 1
    I mean you said it yourself. Your using strong passwords, and they're different for every service you use. It doesn't get more secure than that.

    It doesn't matter at all what you do, if you try to remember your passwords yourself, you are an easier target than those using a password manager. Let me put it this way: The worlds most famous hacker Kevin Mitnick, has stated multiple times over the years, that you should absolutely use a password manager. Whether it has to be a paid one is a completely different conversation
  • 1
    For. I use bitwarden, it's foss. My vault password is 40 characters. I went for the easiest way to increase entropy and that is length. It's all lowercase characters but tell me, what looks like a more secure password?
    Hint: option 2 is better
    every password stored in bitwarden is 64 or 128 charscter with everything, symbols, lower case, upper case mumbers.
    The only account where that isn't the case is battle.net since they have a 16 character limit
  • 1

    If your system is compromised, all your passwords are compromised anyway (or probably your email account is, which will allow to reset passwords...). If you want even more security, there do exist hardware password managers, where the password will be only typed in after entering a pin into a dedicated hardware pin pad.
  • 1
  • 2
    I use keepassXC in Linux as it's open source and well tested. I have the database in my nextcloud so it's available on all my devices. Also I use a keyfile or smth in addition to my master password...

    I couldn't live without it
  • 1
    Heres something to think about. If you store your passwords in a vault or other third party, someone just needs to find a single weakness in the third party and he has them... If you remember your passwords they are volatile and you have to type them out everytime yourself, which means a dirt simple keylogger can get them...

    So in short? Pick your poison, but I like to go for a mixed approach cause I really dont care, all computer security essentially sucks
Add Comment