1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. We've had very few donations over the year. I'm going to be short soon as some personal things are keeping me from putting up the money. If you have something small to contribute it's greatly appreciated. Please put your screen name as well so that I can give you credit. Click here: Donations
    Dismiss Notice

Is there a good password holder program out there?

Discussion in 'Tilted Gear' started by Freetofly, Jul 15, 2013.

  1. Freetofly

    Freetofly Diving deep into the abyss

    I have been looking at a few different password holder programs and would like to know if anyone has one they can suggest.

    I just don't know what is really safe or will take different characters. ect...I'm getting a headache.

    I have all these accounts and passwords, what the heck...

    Place a micro-chip under my skin? :)

    Any ideas would be appreciated.
     
  2. rogue49

    rogue49 Tech Kung Fu Artist Staff Member

    Location:
    Baltimore/DC
    Are you using it personally or professionally?
    Singular or shared?
    How encrypted do you want it?
    Free or are you willing to pay for it?
    What Operating System? (Win, Mac, Linux...versions)
    Do you want it on your system, network or in the cloud?

    There are quite a few out there.

    Here's a sample password review - Link
    At least this will get you started on the various features available.

    There's also Password Safe and so on...the free version of LastPass is in the cloud...

    Sorry to be ambiguous, but everyone has their requirements.
    There's just too many.
     
  3. the_jazz

    the_jazz Accused old lady puncher

    Personally, I don't like this kind of program. I think that it's ultimately vulnerable and problematic if you're using multiple machines like me.

    There tricks that I use, though, that serve the same purpose. For instance, I have a 6-digit number memorized (effectively a random number, although there's a story behind it) that I use as the basis for about 2/3rds of all my passwords. I then use something unique to that website, usually initials of the name, at either the front or the back of the password. Where depends on whether it is for work, personal business, fun or research. For sites that require special symbols, I have two that I use at a specific point in the password, and I consistently use one or the other in the exact same place every time.

    So for TFP, it could be TFP123456! or 123456*TFP, although I use the alternate here. That's a numerological phrase that's burned into my memory from a previous life.
     
    • Like Like x 3
  4. Remixer

    Remixer Middle Eastern Doofus

    Location:
    Frankfurt, Germany
    SO uses KeePass for all of our passwords.

    There's simply too many to keep track of them otherwise.
     
    • Like Like x 1
  5. snowy

    snowy so kawaii Staff Member


    I use a similar trick. I have three names of people it could be coupled with one of two sets of numbers and one of two sets of symbols, if necessary. I also have a basic password I use for everything that I don't really need to be super-secure.
     
  6. cynthetiq

    cynthetiq Administrator Staff Member Donor

    Location:
    New York City
    Yes waaaay too many to remember. I keep reading that as Keep ASS.

    I use LastPass



    Anyways, I use LastPass because it is cross platform with plugins for all browsers. It has 2 factor/multi factor authentication.

    1. Google Authenticator - a free multifactor option that uses your smart phone as the 2nd factor.
    2. Grid - a free multifactor option styled after a battleship grid
    3. Sesame - a part of our Premium package, a program that generates a one time password when logging in
    4. YubiKey - a part of our Premium package, a separate physical device, purchased through Yubico, that generates a random one time password when logging in.
    5. Fingerprint Reader support on limited devices as a part of our Premium package.
    6. Smartcard authentication on limited devices as part of our Premium package.
    7. Support for Windows biometric framework.

    It also allows me to share passwords with skogafoss and keep them in sync when I change them, she gets the change.

    It is free, if you want to take your passwords with you, $12/year and you can use the App on your phone.
     
    • Like Like x 1
  7. Freetofly

    Freetofly Diving deep into the abyss

    cynthetiq This is what I believe I need. I use multiple systems, sometimes my IPad mini, IPhone and my dell from work. I'm looking to buy a new laptop in the near future since I didn't take the old when I left the house.

    Will let you know how it works out.

    Thanks rogue49 and @thejazz and snowy.
     
    • Like Like x 1
  8. snowy

    snowy so kawaii Staff Member


    Man, you made me thankful for the Android environment. Chrome saves all my passwords on my laptop, my Nexus 7, and my Galaxy S4.
     
    • Like Like x 2
  9. rogue49

    rogue49 Tech Kung Fu Artist Staff Member

    Location:
    Baltimore/DC
    Sorry for all the questions Freetofly , I mostly have to get one for professional environs...so there's often many specs.

    Plus, coming up with tricks for passwords (which I do) is no good in a shared environ where many admins and other users of some authority need to share logins & passwords.
    And usually since these people are logging in on a task on the fly, through various capacities and interfaces, they don't have time to memorize or even run to their systems.
    Typically the companies don't feel comfortable storing them on the cloud, due to security paranoia and proprietary rights.

    Usually we store them in user groups with privilege roles. (according to their need/auth level)

    Actually, I'm surprised at how many entities still use the "old-school" method...passing it out verbally. Or recording them on a piece of paper (locked in a safe :rolleyes:)
    This promotes the passwords from not changing. (until it is too late...)

    Don't even get me into all the password stories I've seen (and had to correct) over the years. Oi Vey.
     
    Last edited: Jul 15, 2013
    • Like Like x 1
  10. Indigo Kid

    Indigo Kid Getting Tilted

    Mine is really cheap and works every time. It's called "the Post It Note."
     
    • Like Like x 1
  11. Freetofly

    Freetofly Diving deep into the abyss

    Really or are kidding?
     
    • Like Like x 1
  12. spindles

    spindles Very Tilted

    Location:
    Sydney, Australia
    I use KeePass. I have the password file on my computer and regularly sync it to my android phone, so I can lookup passwords there too.
     
  13. cynthetiq

    cynthetiq Administrator Staff Member Donor

    Location:
    New York City
    It's super secure yo. They gotta get in front of the monitor to see it since it's posted right there...
    --- merged: Jul 15, 2013 at 7:25 PM ---
    I considered that to be a solution at one point too, but because I am sometimes on someone else's machine, I wanted to make sure that it was "transportable" Also in the event of death or incapacitation, I can give the main password to someone to recover the others. This was a consideration because my parents are getting older and having to wait for probate or lawyers, or them keeping a book up to date was just impossible.

    It also generates random passwords based on your requirements. This means that many of my passwords I can't even divulge even if I was duped or tricked into giving it. BOSCO!
     
    Last edited by a moderator: Jul 22, 2013
    • Like Like x 1
  14. Speed_Gibson

    Speed_Gibson Hacking the Gibson

    Location:
    Wolf 359
    I use an .ODT file stored locally on my system, there are no copies anywhere else on my websites or online. It is the least secure option but if someone has stolen my desktop system then I have bigger problems than that to be concerned about.
    --- merged: Jul 15, 2013 at 7:29 PM ---
    Exactly my line of thinking. If I was working with my system in an environment that gave potential access to just one more person I would be changing my method to one of these type of programs already mentioned.
     
    Last edited by a moderator: Jul 22, 2013
    • Like Like x 1
  15. Prince

    Prince New Member

    I'm using 1Password and it works well, although I'm not used to the hassle of not having every site use the same password, so that part of it is the downside. It's multi-platform, which is a must for me. I use it on iOS, OSX, and Windows. I was going to just use iCloud Keychain, but after the Apple Developer hacking I'm a little uncomfortable with the idea of putting all my eggs in one basket... If something happened to my iCloud account, not only would I lose all the passwords, but the email account associated with those accounts as well. Never been a huge security nut, though.
     
  16. There's millions out there... PasswordVault, PasswordAgent, LastPass, KeePass...

    I don't use any of them. I don't like the idea of all of my personal passwords being in one place for someone to be able to access (even with a Master Password, because then someone could extort one password out of me and then have access to all of them). I'm also staunchly against my browser(s) remembering passwords for me for that reason; if someone gets access to my computer and manages to get in, not only do they have my computer but they have access to virtually all of my online presence as well.
    So I just hunker down and remember them all, doing password resets as necessary if I forget.

    I have a couple of schemes that I use, though. One is to take the first letter of a phrase and to change around some letters to numbers or symbols (So Long, and Thanks for All the Fish would be something like 5l&Tf47f!, for instance). Another is to just use a short passphrase that relates to the website. At one point my Facebook password was "My Facebook password" (though I've gotten a bit more crafty since then).

    That said, at work we use the (commercial) PasswordVault because everything is randomly generated, and with 20 or so domains to look over things can get out of control pretty quickly.
     
  17. skitto

    skitto Harmonic chaos redundancy limiter

    Location:
    Deschutes, Oregon
    Has anyone suggested a low tech solution?

    I have an usb floppy drive with a few disks, and disconnect from the internet to access it.
     

  18. Y'know, normally I'd advocate that storing your passwords on something immediately accessible like a flash drive, or a CD is a bad idea, but storing stuff on floppies? Who's gonna think that people are still using floppies?

    Genius.

    Just make sure that someone doesn't throw them out thinking they're garbage. ;)
     
    • Like Like x 1
  19. the_jazz

    the_jazz Accused old lady puncher

    Here you go. About as low tech as it gets. All you have to do is remember the trick and it's pretty easy to set up unique passwords with good security.


     
  20. martian

    martian Server Monkey Staff Member

    Location:
    Mars
    Last edited: Aug 6, 2013
    • Like Like x 3