Password managers

[DarkAudit]

The browsers all have them. Your phone has one. There are countless standalone apps at whatever price point you like. Chrome has started warning me about my password habits, so I'm spending my down time the next couple of nights taking care of that. The only problem with that is I have other browsers standing by in case something craps the bed on one, I can test on another. Meaning I've got a whole other stack of passwords to keep track of. And none of those browsers are on my phone.

When 1password had their "Oops, the app is free instead of $60!" moment a few years back, I gave it a try. Wasn't great, but it came in handy for when I needed certain passwords that the browsers wouldn't save on their own (looking at YOU, Chrome and Google!). But the browser extension was mostly crap.

So now that Tom Scott has come out in favor of Dashlane, I thought I'd give it a try. It imported all my Chrome, Firefox, and Edge passwords, and now I can get to work culling duplicates and fixing security holes. I've found a lot of compromised passwords on my list are for sites that are long since dead, or have changed to a new model that doesn't take logins. So that saves a bit of work, I guess?

So... are you letting the browser of the moment do all the work, with the duplication of effort that can cause, or are you putting all your eggs in one password manager basket? Is that a bad metaphor?

 

[GasBandit]

I'm using lastpass.

 

[drifter]

I use KeePass

 

[PatrThom]

I don't trust anybody to hold my passwords for me, so I just... remember them all.
Yes, I know that's not the norm. But it's certainly cheaper.

--Patrick

 

[Bubble181]

I keep all my passwords in my head, too. Most sites I regularly use, I have a set system to determine the PW for that site, involving the URL and a bunch of other stuff.
For pages I rarely or never use, I just use a bunch of random noise, and reset it every time I need to log in.

 

[Tinwhistler]

I picked up 1Password before they switched to a SAAS model. The firefox plug is is a little clunky sometimes, but it works for me...I've got my password DB on dropbox (and a 2FA keyfob for my dropbox) so I'm able to access it across multiple environments.

 

[ncts_dodge_man]

I used to use LastPass, but considering who they are owned by these days, the number of breaches said owner has had, and their closing of XMarks (it was nice to have different profiles of bookmarks for work and home), I moved on to BitWarden for my password saving.

The thing I like most about BitWarden is taken directly from their website: "Bitwarden is 100% open source software. The source code for Bitwarden is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase." Also, if you don't want them to host it, you can use your own Docker solution and host it yourself. They have free and paid tiers, but the free tier allows you to save all your passwords.

There are a few minor things that I wish it did (ex: the ability to hide the number of matches of passwords on a site like LastPass), but I like it overall.

Also, since I mentioned XMarks' closing, I have moved to TeamSync for my bookmark sync, but there are no profiles like XMarks used to have, so I get all of my bookmarks when I sync, but I am able to sync between three different browsers (FireFox (IE replacement for work), Chrome (primary work usage), and Brave (personal usage)) on two different computers (work and home).