I keep seeing people highly recommend them, but I’ve always thought it wasn’t very secure.
More secure than write to your notepad or text file, for sure.
If you can keep password from your computer (best: just remember it without reuse 1 for everywhere, second best: write in your notebook, don’t reuse password).
Bitwarden and keepass are. Don’t use lastpass or the other bullshit youtube sponsors.
I think they can be much more secure than:
-
remembering your ( probably weak ) passwords
-
writing passwords on paper, which is slow, you can lose paper, break it, or someone can steal it
-
storing passwords in unencrypted text file
-
reusing passwords/password!
I use KeepassXC, which is offline, encrypted password manager. Every password is stored in one file, which to access, I must enter the one password I do remember. I recommend having backups of this file.
It has password generator included, so all my password are long, strong and unique. It also can auto fill password/login which saves time.
To increase security of your account even further you should also use multiple factor authentication, for example app which generates one time codes on your phone offline. It will protect you, even if your password gets leaked, or cracked.
If you write it on paper, include the same short word on the end of all your passwords that you don’t write down. Password is Hunter2duck but you only write down Hunter2.
*Actually this might be a good idea for password managers too. Brb. **I wonder if hackers thought of this too. If so this could be easy to crack if they get past the password manager. Maybe inserting a letter into the password after the nth character would work better.
All I see is *******
I just see
*******duck
I write my passwords on paper in code, like my dad taught me to do.
However, just a personal anectdote, my uncle passed suddenly and he had written all his passwords (not in code) on a spreadsheet with each account, which he then printed. I promise you, this single piece of paper was one of the most helpful things I could’ve asked for in sorting out all of his assets. It was a genuine lifesaver. Now I often think that maybe I should be sharing my password with an S.O. or someone else close to me just to make their life easier if I were to die tomorrow.
See you can tell your family the “duck” part. Then anyone that steals the paper still can’t do it.
And that’s how your uncle Billy starts a new life in Mexico using your identity. A tale as old as time.
-
Without password managers: You either have weak passwords, or you constantly forget passwords and get locked out of your accounts.
Or you can remember the password to your email then use that to reset passwords every time and slam your head on the keyboard to generate a random password that you won’t need to remember because you’ll just reset it next time, but then its a hassle and you are relying on one point of failure, and you could get locked out if you email stops working.
So in conclusion: Password Managers
Yupp, just away from Lastpass. 🤮
I like to keep all my eggs in one basket, that way you can really keep an eye on them.
To oversimplify:
Very secure, unique passwords written on paper and stored safely > Local password manager using secure passwords > cloud/synced password manager with secure passwords > anything with insecure passwords.
The trick is, will you actually maintian these security practices or will you start getting lazy if its too inconvenient (such as using a long password, and having to manually type it out).
Remember to think about your backup strategy if you use locally managed password software. I’ve helped (and been unable to help) some non-technical folks who relied on popular magazine/new site articles for software selection without good knowledge of how to properly backup their data.
What makes you think they aren’t secure?
Most will tell you how the password is stored and assuming they implemented the encryption algorithm correctly it should be rather difficult to break the vault open.
I’ve always thought it wasn’t very secure
Why? They are way better than you anyway (to generate random stuff, to recognize URLs, to store data encrypted, etc.)
I won’t say which manager I use, but I used a ‘tool’ on it which cracked my access password in very little time revealing all my passwords. - a bit worrying.
Do I still use that manager? Yes, it’s convenient and fits my risk profile.
Have I upgraded my master password? Yes. Less convenient, but is all a trade off.
If I was a higher profile target, my assessment may be different.
I don’t trust the online one, I only use https://pwsafe.org/
Upvote for this software. I’m yet to try it on multiple devices at once, but it seems like it’s as easy as copying a database between devices that have their respective platform’s version installed.
And it got me out of the habit of using variants of the same password everywhere. I don’t actually know most of my passwords now.
Edit: clarification
Keepass is as secure as you make it to be, you can use derivatives like keepassXC but some have had insecure bugs (they still need access to your password db file)
It’s better than using the same few passwords everywhere. Passwords are being phased out though. The future is passkeys.
deleted by creator
