It’s a must.
Any security researcher worth there salt says to use one .Not sure what the question is. Bitwarden and 1pass are general good recommendations.
Bitwarden.
Does a sheet of paper count as a password manager?
Not as a secure one at least.
Unless you use invisible ink!
Wait? how is a page in my pocket not secure but a software password manager is?
deleted by creator
“you accidentally put it through the wash.” - Yes this is a risk, same as your password software company is sold/closed
“someone pick pockets you.” - Really this is not my concern if I am robbed (my cards and ID are more then enough to not need my passwords)
“you have a house fire.” - The password is in my pocket so as a dead person my password is not a concern anymore. Also if my house burns down I have bigger issues.
“it smudges.” - What is written are just reminders and I can rewrite them.
“you use weak passwords so theyre easier to type and write (instead of copy/paste),” My passwords follow the same rules as any good password, just because you hate typing them out does not mean I don’t do it.
“you spill coffee in your lap.” - OK, I am not seeing how burning myself does something to my password. if the paper gets wet? I guess if I was sitting in the coffee for a while it could make the ink run, but Eww that sounds like not a good time.
“why would you put access to all of your accounts on/in something so vulnerable day to day?” - I don’t nor anybody should use the same password for everything, Paper is great for notes and is a lot more secure then any software. I would ask why people are ok storing sensitive information on someone else’s machine. When did this become normal to trust a 3rd party over a physical item on your possession?
deleted by creator
Who exactly says you have to store it on another computer?
Sorry I assume you are using a program that is not air gapped. Most of the time I associate the “cloud” to these managers.
KeePass can be used locally. Often you’d want to store your vault in something like dropbox simply so you can use it on multiple devices for ease of use, but you don’t have to. And arguably you don’t need to worry if someone gets your vault. The encryption cannot feasibly be broken in any way but brute force. If your password is hard enough to guess, you’re fine even if an attack has your vault.
As well, if your complaint is just letting third parties handle your data, Bitwarden is open source and can be self hosted.
Risks aren’t all equal though. How often do you smudge something or run it through the wash vs your password manager somehow shutting down without any notice? I’ve accidentally washed things tons of times, myself. Not a single password manager I’ve ever used has unexpectedly shut down. Heck, LastPass got sold and you can still use it (though I don’t recommend them). Importing my LastPass file into Bitwarden was trivially easy. You also can and should export your passwords occasionally to a local, encrypted file.
And while being pickpocketed/robbed already sucks, I don’t see why you’d want it to be worse. And it absolutely can get worse. Lots of people have passwords for financial services that will allow a thief to steal even more money or valuables from you than they can with just your credit and debit cards. Plus that’s more things to have to rush to lock.
What is written are just reminders and I can rewrite them.
I’d argue that if you’re a typical person with the dozens of unique online accounts that many people have, you generally won’t be able to remember your passwords, as that suggests your passwords are at risk for being guessed or too easy to crack.
That said, you often only truly need to remember your email password and computer/phone logins. Generally you can reset everything with your email. Of course, that’s not a reminder and is extra hassle.
I think people are taking the pocket example too literally. When I used to have to remember and manage way, way to many passwords I had a small notebook with the different parts to my passwords. Never was a whole password written out but I could recreate any password I needed from the little book. Was it a prefect solution? No. But it worked well for me for more then a decade and I worked with people who did similar. I did once put my little book in the wash when very tired, but interestingly little notebooks hold up well.
A lot of people joke about how postit notes on your computer are super insecure etc… But the fact is that the vast majority of threats are from people in other parts of the world, attacking your computer over the internet. So although a piece of paper with your passwords right next to your computer is very insecure vs people who are in your house; those are generally not the people you are worried about anyway! So that isn’t so bad.
As for a piece of paper in your wallet… That’s legitimately a high-security approach. There and some obvious downsides; but from a security point of view, it’s very good - especially if your ‘enemies’ don’t know about it. (Which they probably don’t; because unless you’re some high-profile political target or a spy or something like that, probably no one is watching you closely enough to care how you store your passwords.)
I think people get stuck on the software angle because they like the cool factor and we all like to think we are super important. In reality most accounts are broken into not with the password but the password recovery anyways.
Hot take here: Password managers are a solution looking for a problem.
Not realy. The problem they solve is that people have accounts many on many websites, and the these sites need unique passwords to avoid people getting access to all your accounts when any of those sites get hacked.
Are password managers the only solution? no.
I just don’t like how they have been sold and marketed as THE fix for passwords. Well that and using the same password manager across devices always seemed like a vulnerability.
To be fair it does not matter as much as people think as the chain is only as strong as the weakest link and most backend/physical infrastructure has been rotting from underdevelopment for years.
deleted by creator
And having all those eggs in one basket is a risk. What is the plan for when 1password has any issues?
deleted by creator
I think it is better to plan for the breach/issue/villain then to assume it will not happen. I don’t think 1password will stop a rogue employee or a protected info breach (I think everyone has had their info got by this point). I get people like these programs but I hope the same people have a backup plan.
I’ve just started using 1Password is there anyway I can copy my passwords from Firefox and Samsung Pass to it automatically?
Thank you, luckily I seem to have my passwords mostly in Firefox.
No problem! Enjoy 1Password :)
I use EnPass since it came out. Bought the lifetime license back when it cost about 8€.
Bitwarden is just fantastic, it works so well. After migrating from LastPass years ago to BW I haven’t looked back once and have encouraged friends to switch over as well.
Genuinely supprised how much better BW works right of the bat.
I also use Bitwarden. I would recommend it to anyone who can benefit from a cloud-based password manager because the basic functionality is free and the more advanced features (premium, family) are very affordable.
Using Bitwarden safely will make your digital life safer, but it will most likely be more complicated than it is now. You will need to:
- Use a randomly generated password for the master password, which is unintuitive but increases your safety
- Enable two-factor authentication (2FA) for all of your accounts that offer it.
- Make an encrypted backup of your Bitwarden vault.
- Create an emergency sheet with your master password, 2FA recovery key, and other important information.
- Plan for what will happen to your passwords if you become sick or die.
You can think about increasing your safety/convenience step by step by keeping a book of password (which can be lost, so has to be kept secure and probably make backup) with
- Random password/passphrase generator
- Yubikey + recovery numbers
- Drop the book, use an offline password manager (which some consider safer)
- Switch to cloud-based cross-platform password manager, which maximizes convenience
Thanks for your input! I’ve been using Bitwarden for some time now, but recently broke my phone and thereby lost my 2FA keys. That made me realize that I could lock myself out of all my accounts overnight and I don’t have any backup plan. (luckily I could fix the phone) What’s worse if this happens to people I’ve recommended to use Bitwarden D: I will follow the steps you’ve mentioned and make sure to help friends and family to impliment them aswell!!
Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.
To add to this, I use a self-hosted version of bitwarden. My favourite feature so far would be being able to fill TOTP seamlessly for websites that has TOTP added as 2FA.
The moment I select an account to autofill on any device and login, the TOTP is automatically copied to the clipboard.
Yes, 100%… In fact, I often do recommend it to others. Personally I use Bitwarden (paid account even) but I’ve also recommended 1pass to apple only users because it fits well in that ecosystem.
You can use them to generate a different password for each and every login. And it’s really just random letters, number and special characters. That one site gets compromised? They can’t then use those credentials to login anywhere else.
You don’t have to remember those passwords. Passwords that are easy to remember are probably found in dictionary attacks. You know what’s not?
$a@Nzeq7*8UwSJ7sTsMKdC!HSGZZ7JnzCtxhfCfFCiXP&FD!yM!c^$DisSR@2(which I just generated with bitwarden)2-factor auth is also really easy with most password managers and makes logging in with 2-factor auth easy. I hit one hotkey to fill in the web form with my username/password, hit enter to login and then it auto-copies my TOTP code so I can just paste it and go. Super secure but super easy.
You go to a phishing site? Guess what, a good password manager will store the url and if it doesn’t match, that should be your first red flag. If I end up at g00gle.com instead of google.com, it won’t show as having a login available.
Personally I use Bitwarden (paid account even) but I’ve also recommended 1pass to apple only users because it fits well in that ecosystem.
Bitwarden works perfectly “in the apple ecosystem” these days, but personally I prefer 1Password - it’s quite a bit better on all platforms. It has a few features I couldn’t live without and a million little things that are just… nicer.
On the other hand, Bitwarden is either free or very cheap, and it’s a great password manager.
Bitwarden is fine with me, but a company needs to earn my trust before I let them have that kind of information. Most companies out there just aren’t trustworthy enough to hand that kind of data to.
deleted by creator
I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.
I’m a longtime free user, what does the premium service offer?
As others have said, bitwarden. I’ve also heard good things about roboform.
I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you’ve got the knowledge to do so.
Of course, if you’re self hosting it make sure you have a solid backup strategy for your vault.
