Password managers, do you use one?

A forum for all your security related discussions. Topics might include security tips, exploits, vulnerabilities, firewalls, permissions, best practices, etc.
Post Reply
User avatar
DistroTube
Site Admin
Posts: 53
Joined: Thu Jan 02, 2020 1:12 am

Password managers, do you use one?

Post by DistroTube » Wed Feb 19, 2020 3:22 pm

I am curious what you guys are doing for password management. I have been using Pass for a few months. It has a builtin dmenu script that copies the password you are needing over to the clipboard for 10 secs. I like the simplicity of Pass.

Are you guys using a password manager? If so, what? And if you are not using a password manager, start using one now. Remember, create a unique password for each and every site/service that you use. Sites get hacked all the time, so minimize the damage by not reusing passwords.

bigpod
Posts: 28
Joined: Thu Jan 02, 2020 7:51 pm

Re: Password managers, do you use one?

Post by bigpod » Thu Feb 20, 2020 8:12 pm

i choose to use LastPass. it is cloud based which is somewhat unsafe but i decided to use it so i have cloud sync between all my devices. Basicly convinience over security. While i also did do and also still do constant research on security of lastpass and other cloud based Password managers and gotta say lastpass appears as far as data suggests to be realy secure

of course i could have rolled my own bitwarden server which i might still do one day i wouldnt get as much convinience since i would want to base it on my own server not some cloud instance which would make cloud sync a bit of a hassle since i dont utilise much Wifi when at home
Use whatever tool makes your job easier.

User avatar
Oddstap
Posts: 14
Joined: Fri Jan 24, 2020 12:37 am

Re: Password managers, do you use one?

Post by Oddstap » Fri Mar 06, 2020 2:50 am

I've been enjoying keepassxc since its cross platform, lightweight and even offers a CLI interface.

kicks
Posts: 13
Joined: Fri Jan 03, 2020 8:21 pm

Re: Password managers, do you use one?

Post by kicks » Wed Aug 12, 2020 2:44 pm

I do not actually use a password manager. I just keep all of my unique professional and personal passwords in my head and slowly lose my sanity.

Thinking about that, not having a password manager could actually be an effective way of securing your accounts. If you can't remember your passwords then you are forced to change them constantly.

Drizzt
Posts: 3
Joined: Thu Sep 03, 2020 5:21 pm

Re: Password managers, do you use one?

Post by Drizzt » Thu Sep 03, 2020 5:41 pm

I was discussing this topic with colleagues the other day as password managers may also be risky (Who manages the password manager's password? What if I lose the password DB ? What if it is leaked ?). I was curious since one of my colleague claimed not to use one and to have a different password for each site. I think what he came up with is really interesting.

He created a sort of "algorithm", a pattern he uses to create a specific password with variables depending on the current site. It can produce long (20 +) passwords with just the simple pattern to remember. Nothing is written, nothing can be lost nor found. He also has a few specific ones that doesn't follow the pattern for his email or bank account, and a "garbage" one for sites he really doesn't care about.

What do you think of this trick ?

kicks
Posts: 13
Joined: Fri Jan 03, 2020 8:21 pm

Re: Password managers, do you use one?

Post by kicks » Sun Sep 06, 2020 5:00 am

Drizzt wrote:
Thu Sep 03, 2020 5:41 pm
I was discussing this topic with colleagues the other day as password managers may also be risky (Who manages the password manager's password? What if I lose the password DB ? What if it is leaked ?). I was curious since one of my colleague claimed not to use one and to have a different password for each site. I think what he came up with is really interesting.

He created a sort of "algorithm", a pattern he uses to create a specific password with variables depending on the current site. It can produce long (20 +) passwords with just the simple pattern to remember. Nothing is written, nothing can be lost nor found. He also has a few specific ones that doesn't follow the pattern for his email or bank account, and a "garbage" one for sites he really doesn't care about.

What do you think of this trick ?
This is essentially what I do. I establish a framework of which I substitute certain variables based on the site. It is effective against credential stuffing however if a clever person were to look at more than one plain text they may be able to guess the pattern. My backup in this situation is to use something unique and wildly different for specific things such as email.

User avatar
Max
Posts: 12
Joined: Tue Jan 07, 2020 8:02 pm

Re: Password managers, do you use one?

Post by Max » Tue Sep 22, 2020 1:43 pm

kicks wrote:
Sun Sep 06, 2020 5:00 am
This is essentially what I do. I establish a framework of which I substitute certain variables based on the site. It is effective against credential stuffing however if a clever person were to look at more than one plain text they may be able to guess the pattern. My backup in this situation is to use something unique and wildly different for specific things such as email.
Consider LessPass

Post Reply