[RESOLVED] Password managers - any likely problems?

[broadley]

I've gathered a large number of passwords for websites, files and software. Keeping a record of these and then finding the right one for each use is becoming a problem.

My question is... if I use a password manager, which one is simple and easy to use, yet is secure? Any help will be appreciated.

Another question that nags away in the back of my brain is - what happens if the programme crashes or corrupts. If you need to reinstall the programme is it possible to be locked out of the files, software and websites covered by the password manager? I'm sure this type of software must (surely!?) cover this type of event, but I don't want to find out too late that they don't!

I'd value your thoughts on this matter. Thanks.

[Steve R Jones]

The thought of having all my passwords in one place for a hacker to find doesn't sit well with me

While using a different password for everything is more secure, I only use few passwords....Pen and paper works for me..

[photolady]

I agree with Steve, pen and paper are the best security ideas with passwords and user names than any password manager you could ever have. Most of these keep that info on your harddrive where any hacker can get to if he/she wants. Better to keep those things off the computer.

[Tuttle]

Another question that nags away in the back of my brain is - what happens if the programme crashes or corrupts. If you need to reinstall the programme is it possible to be locked out of the files, software and websites covered by the password manager? I'm sure this type of software must (surely!?) cover this type of event, but I don't want to find out too late that they don't!

Actually, they generally don't. Needing to reinstall the app wouldn't be a problem, but any corruption to the data file would probably be pretty fatal.

When you encrypt something, you're basically making a statement that the risk of losing it (forgotten password, lost key etc.) is more acceptable than the risk of someone else getting hold of it.

If losing it would also be a serious problem, then you need a separate backup, and for this sort of thing the best place for that is offline as suggested. If someone is rummaging through your desk drawer, odds are that you no longer really care if they can post as you here at VDr. Things like bank passwords I'd only ever commit to memory, but for the mundane stuff I think writing them down is quite reasonable.

[HAN]

I guess I'm the rebel! I advocate and use one daily.

My personal choice is a free app called KeePass http://keepass.info/ (Version 1.x only. 2.x is a totally different beastie.) I'll leave the details to the website but it has many safety features. For added security, I keep my databases (but not the program) on my flash drive. They're encrypted (by default) and without the program to run them, good luck to anyone trying to figure out what they have. (The databases (one for work and one for personal) are not clearly identified on the drive. This drive contains several thousand files (over 2 GB), so finding two tiny databases would be the proverbial needle in the haystack.)

As for crashes/corruptions, I make a complete backup of my flash drive on a daily basis (by using a syncronization program.) The backup drive is then stored in a reasonably safe location, not in plain sight. But FWIW, I have never had KeePass crash... ever!

If you are willing to pay for a better (and perhaps, arguably, the best) password manager, RoboForm is also an easy recommendation. http://www.roboform.com/

[broadley]

Thanks, guys. My concerns are obviously on track. My current system is to keep this stuff on an Excel spreadsheet which I keep on a thumb drive guarded by a strong password. I suppose it could be a problem if the thumb drive goes missing, although I can usually remember most of the important passwords… but as I get older… well, I’ll probably forget where the computer is anyway!

I did consider using Keepass but just had this worry. My system works well but is a bit of a nuisance when you have to go looking for a specific password. I do tend to use one blanket password for, say, websites, but individual ones for each banking application.

Thanks for your comments.

[HAN]

broadley: If you use Excel as a password manager, you are at risk for your passwords being discovered. Just Google for recovering Excel data that is password protected and you'll find lots of listings for apps that break Excel's passwords. (Some Excel versions are more vunerable than others.)

KeePass is MUCH easier to use than what you are using (for one, it allows drag and drop for user and password entry into web forms.) But if you don't want to go that route, look into LockNote. https://www.steganos.com/us/products...note/overview/ You could organize entries in rows similar to your Excel approach but it would be less risky in being broken than Excel...

[broadley]

Thanks Han I'll have a look at it.

[broadley]

An after thought to my earlier post: a section of my thumb drive can be encrypted so perhaps I should hold my Excel file in that. Would that overcome the Excel insecurity?

[Tuttle]

It would certainly improve things.

[TrueGreen]

Roboform

[x71s8zTN]

I keep all my important files either on USB memory drives, or on USB HDs. The USB memory contains my password manager, Porable RoboForm, portable Firefox, Open Office and Thunderbird. When I am away from home for any length of time USB memory stick goes in my pocket, the rest goes in the safe.

Is all this 100% safe?. Of course not. But if it all fails at once I got much bigger problems that loss of data. And yes, I have lost my password manager or two because of loss of password protecting it.

[broadley]

Thanks for all of your input - very helpful.