I am in the process of managing all my many passwords to different sites. I've been using DashLane but it doesn't sync across multiple devices without paying for a subscription. I also don't like how the program seems to have a different interface for both windows and mac Anyone got any suggestions for good free ones?
I personally like pass and use QtPass as gui on my KDE installation... but I guess that's not an option for you.
I guess not! I feel like setting up my own syncing system and just reuploading/downloading the spreadsheet file each time I need the latest version. Problem is storing it online on a server is just going to be a security risk.
that's why I like pass... it gpg encrypts by default... you get access through ssh/cli or gui client... integrated git to sync among several devices...
the problem is probably with windows.... not sure if it works through cygwin. https://www.passwordstore.org/ On debian: apt-get install pass ok, their site says there's a windows client... and qtpass also seems to work for windows: https://github.com/IJHack/qtpass
I use KeepassX on Ubuntu 16.04 and macOS, they use the same interface. They sync with DropBox and the work really well.
I've been pondering, Win 10 supports now a Linux Subsystem (still has to be enabled though)... but with that linux subsystem one should gain easy access to pass and stuff. So pass (Password Store) shuld now also be easy to use on Windows.
you can look into their formula , something like this is nice but hard to remember strongpasswordgenerator{.}com i personally usually use some number i know + a word with capital & lower case + special characters never had an issue with that
Are these password managers reliable? I just don't feel safe having all my passwords in one place. Nothing is 100% secure when something is on the internet.
define reliable? Pass is a "simple" bash scripts that creates gpg encrypted files in an easy and convenient manner. Git can be used to sync passwords among different devices.... the only drawback is, that the filenames are not encrypted but cleartext.... so you might not want to track them with public git.
I don't want my externally stored encrypted data to be breakable when stored on servers I don't control, which is why I use LastPass. Yes, also on linux. It's also free. I've personally tested and experienced the fact that NSA or others cannot possibly access the blob containing your encrypted passwords and other data. I did try others, like keepass, dashlane, many of them, but there wasn't one that worked well enough in Firefox, and not one that stood the crypto-tests for me. I trust lastpass with my ssh, bank-account-keys and company docs too. There's nothing like it. They've suffered some minor audit breaches, like all passwd managers, the thing you have to watch out for is *how* software and its devs handle such breaches. It's (partly) closed-source software, but I personally know and trust Jeff, its founder and lead dev, which is why I trust them. They know their responsibility. And they understand I also would like to be able to access my data offline.
LastPass is confortable but IMHO a security risk. There's too much going on in a browser as that I would trust a browser plugin with all my data. I stick with the cli tool "pass" and QtPass for Gui. Also, you seem to contradict yourself: "I don't want my externally stored encrypted data to be breakable when stored on servers I don't control, which is why I use LastPass." You don't control LastPass servers. You don't know if an update deactivates encryption. In the past, LastPass did store everything unencrypted. It's easy for LastPass to get your master key.
I'm not contradicting myself at all. Like I wrote: It's not breakable. Others have turned out to be using breakable crypto, lastpass has not. In fact, you can control much of the crypto strength yourself when using LastPass. It offers multi-factor auth, so whenever you type your Master pass, you'll get warned. I don't see how that would ever make it through security-flaws anywhere, to be honest. Yes, you need to be able to secure your browser, but I don't feel threatened there myself. I have never been infected through browsing once, with anything, since, well, ~1994. https://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html/
It's a contradiction: You don't know how they store the data or if they even encrypt it or if the intercept the master key form your input. Your data is in the hands of a 3rd party. btw, https://bugs.chromium.org/p/project-zero/issues/detail?id=1209 and https://hackernoon.com/psa-lastpass-does-not-encrypt-everything-in-your-vault-8722d69b2032
I have been using KeePassXC for my Windows/Mac and Ubuntu set up. It made my life so much easier than carrying around a notebook that I can lose. Works great for me.
I thought about using a password manager but I wonder how easy it is for a hacker to get in and steal all your passwords.
you can split the ciphered db file in two files for 2 different locations. Make some bash or .bat routine to join both before start the pass manager and to split again at the end. Not need to send the whole file to some cloud service.
