6
e1m0
32d

What password manager/ generators do you suggest?

Also would anyone please clear my possibly misconceptions on the password manager/generators?

I’m that type of guy that only uses few password combinations at different websites.

tl;dr: my account out leaked, I didn’t want to use any password manager because I don’t want to give password to the company. Some do generate complex password for me but if they become defunct I’ll be locked out from those accounts.

A while ago, aptoide got attacked and my password(same as google account) was leaked. I’ll have to thank google for this, google blocking a stranger accessing account using a “less secure app” So now I’ll doing a emergency password changing process to all of my accounts with the password.

I like the whole aspect of the password manager, but I always thought that I shouldn’t give my password to other companies. And I got to use some website long term, if the password management company ever just become defunct, I might lose access to my account forever.

Comments
  • 9
    That is why you go for an open source solution and if possible (I highly recommend) a local one. That way, you are in control of your data which means you'll be the only one to blame in case something were to happen to it.

    I invite you to take a look at KeePassXC.
  • 0
    @Jilano Thank you very much, I’ll have a look at it.
  • 2
    @Jilano Just had a quick read from their website. I haven’t really touched any password manager. Is it the whole “encrypted password database file” .kdbx is a file that I can have it in my usb stick and I can bring it across different devices and access it from KeePassXC in different operating systems?
  • 3
    Even if you use cloud sync in password managers like bitwarden, they don't have access to your passwords as they are end-to-end encrypted.
  • 1
    @electrineer Thank you for your reply, so I only need to worry about the reliability aspect.
  • 3
    You can access it from anything KeePass-compatible, basically. KeePassXC is a KeePass 2's C++ port, it uses a format compatible with the original one. You can even store the KDBX file in the cloud because it's encrypted.
  • 1
    @gronostaj Thank you for your reply, KeePassXC seem to be quite a good choice for me.
  • 2
    I'm using Bitwarden and I love it, take a look at it, if you don't mind a cloud-based solution
  • 0
    @ManicRobot-- Thanks for the reply, I’ll check it out
  • 6
    I use lastpass, you know a software is good when its ui looks awful
  • 0
    @yellow-dog Thanks for the reply, I’ll have a look.
  • 4
    Bitwarden here,

    I used to use last pass which had geo locking, something I kinda miss a bit but what ever as for the change in service, lastpass kept getting worse after they were bought out.

    Also use 2FA / MFA regardless of it being cloud or self hosted, hell use 2FA on any service that offers it for some price of mind.
  • 1
    @C0D4 Thank you for your reply, I also see some recommended Bitwarden. I’ll definitely have a look at it and try to find what I’d need.
  • 1
    I have previously tried local password managers but I wasn’t happy with them and then switched to LastPass. It’s not the best one but i can have my work vault linked to my private one which is nice
  • 0
    @dsteiner Thank you for your reply. All of the suggestions are quite good imo, I don’t know what to choose. I’ll definitely take a while to compare them
  • 3
    @e1m0 Start with what type of solution you want:
    - local
    - online

    And go from there with what features are the most important to you (e.g. autotype, 2FA support, etc.)
  • 1
    @Jilano Thank you, this would be quite useful for me to make a comparison chart.
  • 1
    I use a combination

    I use lastPass for my daily navigation and non important accounts, the extension is super usefull and i have it on my phone

    All my email, banking ect i une Keepass on windows. The db is backup on my nas for safety.
    I dont trust any cloud free sas with important stuff. Short term im planning to have my lastpass backup into keepass
  • 0
    @Neo- That’s interesting, I’m in some way similar like you but I’m fine with letting the service provider to get the password because they’re encrypted. I just worry about if they went defunct I’m basically locking my self out. I’d like to either host my own server,or any big, reliable cloud platform to store the info. Plugging a usb with the encrypted passwords file is bit more hassle than that. Thank you for the reply.
  • 1
    @e1m0 there is a password manager available as a nextcloud App - they also have an android app & it seems to be working quite okay. Haven’t looked further into it.

    LastPass is available offline (in the browser) as well so in case they go offline without a prior announcement, you can still export your passwords
  • 0
    @dsteiner I’m setting up my own nas very soon, that’d be a really great addition. Thank you
  • 4
    I second KeepassXC
  • 1
    Keepassxc is a really good solution. Use it for almost everything. Do also use lastpass.

    Any cloud based solution that does not provide recovery of master password should be good (check though) as they do the basically the same as you do with keepass. Send over the entire encrypted password database. They store it but can't access the secrets inside. The decryption, acces and encryption only happens client side.
  • 2
    @Root Thanks, quite much people have been recommending KeePassXC. I’ll definitely have a try.
  • 1
    @hjk101 Thank you very much for the reply. As a lot of people suggested KeePass, I’ll probably get it. And I’ll also take some time to compare the other services.
  • 1
    I am using KeePass 2 on windows and KeePassX on mac with a shared file in the cloud. Privately and for work.

    Very nice tool with custom password generator and other features. Never had problems with it.

    I've never used anything else so I can't say about other providers or tools.

    Also, I wonder if I can use my keepass file on ios as easily as on desktop... Maybe I should try the apps on the store.
  • 1
    Lastpass suck with time ...
  • 0
    @jak645 There’s also some other suggested that it’s worse now. So I think I’m going to not consider lastpass.
  • 1
    @Lensflare Oh, I forgot that aspect of using it on mobile. I do see some on iOS but I’m not sure how do that import the file. That might become quite an hassle. Bitwarden came with its mobile app and I could host it soon so that might be a plus for Bitwarden.Thanks
  • 1
    I haven't used them personally, but I know there are iOS apps for KeePass support.
  • 2
    @JamieMGS That's neat, once a password leaks you can simply change your name!
  • 2
    @e1m0 @Lensflare I've heard of KeePassium, but no idea how it compares to it's android counterparts since I don't have any device running iOS.

    https://keepassium.com/
  • 0
    @Jilano Thanks
Add Comment