Lastpass or Keepass (or something else?)
-
The idiots running our time entry website[1] have mandated "secure" passwords that they claim will have to be changed every 90 days, and fuck that. I just locked myself out of the site, so I guess this is the thing that pushes me over the edge to get a password manager. Which should I use? I am aggressively interested in the cloud having my password, but it would be useful if I had a keyring I could carry around on a flash drive. At this point, I only care about stuff that works on Windows, and it needs to work both in Chrome, and in IE/Edge.
The sooner you people give me good advice the sooner I can install it, log in, reset my password, and enter my time for this week.
Also, I'd make a poll here but I've ignored how the new plugin works.Let's see if I can do this:
[poll name=the_real_deal_]
- lastpass
- keepass
[/poll]
No FILE_NOT_FOUND/"I'll troll in the comments"/etc because I'd actually like a usable answer.
Ah, what the heck, have at it here:
[poll name=for_all_your_trolling_needs]- FILE_NOT_FOUND
- Brillant!
- I am actually going to mention a viable option in the comments
[/poll]
[1] it's a third-party thing, not something we wrote.
-
Vote for KeePass here, although I've never used Lastpass. Used PasswordSafe before KeePass.
-
KeePass + Dropbox user here. All day, every day. I know ~4 of my passwords.
Windows - http://ninite.com/keepass
Android - https://play.google.com/store/apps/details?id=com.android.keepass&hl=en
iPhone - https://itunes.apple.com/us/app/minikeepass-secure-password/id451661808?mt=8
-
KeePass + Dropbox user here. All day, every day. I know ~4 of my passwords.
Windows - http://ninite.com/keepassAndroid - https://play.google.com/store/apps/details?id=com.android.keepass&hl=eniPhone - https://itunes.apple.com/us/app/minikeepass-secure-password/id451661808?mt=8
That. Except I'm still using the old KeePassX on windows.
-
I use KeePass on Windows, and KeePassX on OSX.
-
I use LastPass on Windows, Windows tablet and Android. Works like a charm.
-
I voted for KeePass, but it's the only one I've ever used, so I don't really have a basis for comparison. Works fine from a USB stick.
-
Ok. Going with Keepass then. I used @WernerCD's ninite link so I hope you didn't give me a virus.
-
KeePass + Dropbox user here. All day, every day. I know ~4 of my passwords.
Seconded. If you are an Android user, KeePassDroid (linked by @WernerCD) works beautifully.
-
90 days
Lucky bastard, our domain passwords have 30 day expiration date. And I don't think you can even use KeePass for that...
I should start using the thing, but I dunno. I'm not too comfortable with locking myself out of my accounts on any device where I can't use it for some reason.
-
You can do a Copy on any given password and then paste it into Notepad, if you know ahead of time.
-
KeePassDroid
I had problems with KeePassDroid not wanting to use Google Docs as a sync location and freaking out and saying the file was always locked. It's what convinced me to switch to LastPass. And LastPass has an android app now that works just as nicely, but without needing a third party cloud storage location to sync with.
-
PasswordSafe
I'm still using PasswordSafe after having seen Keepass. Basically their format has been stable for a while whereas Keepass comes in two major versions...
-
Keepass comes in two major versions...
Yeah but every client I have supports the newer version.
To be fair, the switch was because work swapped from PasswordSafe to KeePass.
-
And LastPass has an android app now that works just as nicely
+1
The LastPass android app is very nice indeed...
-
I had problems with KeePassDroid not wanting to use Google Docs as a sync location and freaking out and saying the file was always locked.
Never tried it with Google Docs. But it works fine with DropBox, and I've seen good reports regarding OneDrive, too.
-
Keepass.
Not ready to trust someone else to keep my passwords in their file. Aside from the fact that I have nothing but their assurance the passwords are actually encrypted, what happens if they fold? Maybe I just don't know all the details, but when I was looking at their FAQ's, that was my #1 question.
OTOH, if I were a cynic, I'd worry that even if they encrypt my passwords, they can decrypt them at broad government hint. But it really doesn't matter since I am well beyond cynic and therefore am sure the government key logs me anyway.
-
Tell me how well it works when you need to type a password into your Xbox or Roku.
-
It works great! I just need to press up up left left left left a down right right right right a up left a down left left........
Yeah that's a painful UX no matter what your password is. At least unless it's "hunter2"
-
Happy KeePass, KeePassX and Dropbox user here. I use KeePass 1.x on Windows because I don't need any of the extra features that the 2.x database format allows for, because 1.x is a small native code application that starts much faster than the .Net based 2.x, and because KeePassX still doesn't support the 2.x database format (both 1.x and 2.x are under active development and 2.x does not supersede 1.x).
In theory, KeePass 2.x works on Mono. In my experience all that means is that you can have something on Linux that starts up every bit as slowly as it does on Windows and has a shitty file picker.
I use MiniKeePass on iOS and KeePassDroid on Android. Both work well. MiniKeePass makes use of iOS's multiple clipboards: tap a Keepass db entry and you get a pasteable username and a pasteable password. Tapping a db entry on KeePassDroid creates two Android notifications: touching one copies the username and touching the other copies the password.
On the desktop I use the following workflow: double-click the URL item in a KeePass db entry, wait for the browser to open that URL, do any extra clickery that the page need in order to get the insertion point positioned in the username box, bring KeePass to front again, press Ctrl-V to autotype the currently selected entry. This works smoothly enough that I don't feel any need for browser integration via extensions, which is good because I do a lot of work on browsers that aren't mine.
I keep my passwords database, along with the portable Windows executable for KeePass 1.x, in a USB μSD reader attached to my car keys. Every now and then I'll update that from the authoritative Dropbox copy. As long as the car keys db always has my current Dropbox password, I'm good. Having the μSD available makes installation of the setup on a new phone fairly painless.
-
Tell me how well it works when you need to type a password into your Xbox or Roku.
I don't have either one of those.
-
In theory, KeePass 2.x works on Mono. In my experience all that means is that you can have something on Linux that starts up every bit as slowly as it does on Windows and has a shitty file picker.
If a .Net application starts up slow more than once, you've probably got something wrong with your computer.
-
KeePass is quite often the first thing I start up on Windows, and on Linux it's the only Mono thing I'd regularly use. I gave 2.x an honest trial for a couple of weeks. Didn't like it. Felt way, way too slow compared both 1.x and KeePassX.
FWIW I have the same objection to Java. Both runtimes are just ridiculously heavyweight.
-
If a .Net application starts up slow more than once, you've probably got something wrong with your computer.
<obMicrosoftBashing>
Yes, it's called, ".Net".
</obMicrosoftBashing>INB4: No I don't actually think that. Not specifically about .Net, anyway. It is going to be at least a century from now before anything anyone does on a computer is not Doing It Wrong™ The RWTF is that we need software now, and don't know how to Do It Right.
-
Me too, but KeePass on Linux is ugly as shit that's why I'm moving to LastPass when I have some time
-
KeePass on Linux is ugly as shit
That's why I use KeePassX on Linux (apart from it being in the Debian repo, so installation is a no brainer) and stick with KeePass 1.x on Windows for interoperability.
-
Keepass 2 is the corporate tool of choice for Windows, so I use KeePassX 2 alpha on my OSX work laptop as it opens the kdbx files from my Windows desktop.
-
How stable is it?
Thanks for alerting me to the existence of KeePassX 2.0 - looks like there's a beta release available now. I'll try that out.
-
How stable is it?
Hasn't crashed once in the 3ish months I've been using it, and I've not come across any other issues with it yet.
-
Tell me how well it works when you need to type a password into your Xbox
Combined with SmartGlass, very well. Pretty sure I've mentioned that before.
Edit: Yep.
or Roku.
Not a clue.
-
Combined with SmartGlass, very well.
I still don't really get that. Does it run natively on Windows Phone? Like... how does that work exactly?
Not a clue.
Right, see, this is my exact problem. The goal here is to have an app make super-complicated passwords that no human could possibly guess or remember right? Well, great.
But now when I want to put Amazon Prime on my Roku, I can't type the damned thing in because it's super-complicated.
-
I still don't really get that. Does it run natively on Windows Phone? Like... how does that work exactly?
It's an app for Android and WinPhone (maybe iOS as well) that essentially turns your phone into a controller for your XBox. Separate versions of the app are used for 360 and One. Your phone and your XBox must be connected to the same network.
-
I can't type the damned thing in because it's super-complicated
I generally adopt passwords like mzhbs.qvgmk.bceep.rvmcn for services I need to use on devices that can't use some KeePass variant directly. Lowercase letters and dots are as close to painless as soft keyboards get, the grouping makes transcription reliable, and there are over 90 bits of randomness even if you know the format beforehand.
KeePass's inbuilt password generator can be told to use that format in one step. KeePassX doesn't do quite so well, but can still easily generate a 20-letter password I can insert dots in by hand.
Apple's password strength estimators rate these as less secure than Apple123 but all the Apple devices I use can run MiniKeePass so that doesn't matter.
-
Tell me how well it works when you need to type a password into your Xbox or Roku.
I have nothing like either one of those, but I have stuff like a customer owned laptop where I can't make it autotype. I bring up KeePass on my main machine and type it in from that. It's not great, but still better than doing the same thing with it written in a notebook.
I do a similar thing with RDP sessions on that machine, except KeePass is then running right there. RDP just doesn't let me copy the password or anything.
-
Apple's password strength estimators rate these as less secure than Apple123
That tells you plenty about Apple's password strength estimators, particularly what they about entropy. [spoiler]Bupkis.[/spoiler]
-
-
customer owned laptop where I can't make it autotype
Portable KeePass on my keyring USB deals with that case for me. Drag and drop the password database onto the executable to work around Windows's random drive letter assignment.
-
I can run KeePass. It just won't allow me to paste or do autotyping over the RDP connection to log into that connection. Which isn't a problem any more because they've gone to smartcard authentication for pretty much everything.
-
Nah, I forgot to sanity-check before posting as dinner was delivered.
And I think that particular problem is a britney, not an @accalia.
-
Well I think you're just
-
-
Now that Last Pass is charging money for password syncing, I guess I'll consider alternatives. I'm open to Last Pass Premium and even Last Pass Family, but if I'm going to spend actual money on this I'd want the best one.
What I like about LastPass: the Firefox and Android plugins works pretty well. (It occasionally doesn't detect the login fields so I have to go into the app and do it manually. That has gotten better in the last year or two). I like the idea of the family plan.
"Everybody" is talking about BitWarden as the obvious choice, but I have never heard of it. They even have a family plan.
What's the best password manager?
-
@Captain said in Lastpass or Keepass (or something else?):
Now that Last Pass is charging money for password syncing, I guess I'll consider alternatives. I'm open to Last Pass Premium and even Last Pass Family, but if I'm going to spend actual money on this I'd want the best one.
What I like about LastPass: the Firefox and Android plugins works pretty well. (It occasionally doesn't detect the login fields so I have to go into the app and do it manually. That has gotten better in the last year or two). I like the idea of the family plan.
"Everybody" is talking about BitWarden as the obvious choice, but I have never heard of it. They even have a family plan.
What's the best password manager?
I've been using KeePass for 8-10 years. There's an Android app. I sync the file via Google Drive. My current and a previous job used LastPass and I've never liked it. Feels unnecessarily clunky.
-
@mikehurley said in Lastpass or Keepass (or something else?):
I've been using KeePass for 8-10 years. There's an Android app. I sync the file via Google Drive.
Same (almost - I use OneDrive for syncing)
-
@dcon said in Lastpass or Keepass (or something else?):
@mikehurley said in Lastpass or Keepass (or something else?):
I've been using KeePass for 8-10 years. There's an Android app. I sync the file via Google Drive.
Same (almost - I use OneDrive for syncing)
Dropbox.
My wife recently realized that she should be using one and I helped her get set up with that.
-
@Captain said in Lastpass or Keepass (or something else?):
"Everybody" is talking about BitWarden as the obvious choice, but I have never heard of it.
Neither had I, but I figured I'd give it a whirl since it was being recommended by "everyone" and I am pleased with it.
The UI change is a bit jarring but not hard to get used to. I feel like the Chromium plugin and Android app for Bitwarden work better than LassPass's did insofar as knowing the fields to fill in and/or actually filling them in.
If you're willing to pay for Bitwarden (whose price is only $10 annually), you can also opt to handle 2FA directly from Bitwarden as well.
-
@Captain said in Lastpass or Keepass (or something else?):
Now that Last Pass is charging money for password syncing,
Obviously that day had to come.
"Everybody" is talking about BitWarden as the obvious choice, but I have never heard of it. They even have a family plan.
Isn't that the thing Linus used before getting pissed off and writing git?
What's the best password manager?
pass, or if you don't need 100% backwards compatibility, gopass. It syncs using git, has an Android app and a plugin for Chrome and FF. OK, it still needs GPG, but chances are someone will make an age plugin RSN.
-
@mikehurley said in Lastpass or Keepass (or something else?):
I've been using KeePass for 8-10 years. There's an Android app. I sync the file via Google Drive.
I use KeePassXC on Mac/Windows with Onedrive to sync the files.
Works with mobile apps too - KeePassium on iOS and something I've forgotten on Android.
-
@Captain Since you specifically called out Firefox and Android, Firefox Lockwise seems like a good pick.
-
@Captain Another KeePass user here, syncing via DropBox. I use Keepass2Android for my phone.