Do you use a Password Manager software? If so, chime in!

shochanshochan Member Posts: 955 ■■■■■■■□□□
I noticed on /. that LastPass was hacked and was looking for a few other recommended pw mgmt software packages. In the past, I have used the pw excel spreadsheet (I know, dumdumdedumdum!) but I guess its better than in notepad or Word w/o any sort of pw to get into it.

https://it.slashdot.org/story/17/03/22/2310231/lastpass-bugs-allow-malicious-websites-to-steal-passwords

In the meantime, I have found another article on some of the most popular, according to PC Mag:
The Best Password Managers of 2017 | PCMag.com

And a few co-workers/friends of mine have recommended these:
KeePass Password Safe
https://pwsafe.org/
https://www.password-depot.com/
https://safe-in-cloud.com/en/

Just thought I would share and possibly get your "expert" opinions, because...YES, they matter!

Cheers & HI5!
2021 Goal ~ OSCP

Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
A.A.S - CIS

Comments

  • CyberSecurityCyberSecurity CISSP, CHFI, CEH, A+, Project+ Member Posts: 84 ■■□□□□□□□□
    I still use LastPass mostly because it was just a vulnerability from what I read instead of an actual break-through-encryption type of hack. Basically if you visited a malicious site, the exploit would fake a site hopefully stored in your lastpass records (yahoo or gmail.com) and automatically type in the info into the username and password field. You can prevent this by turning off the Auto-fill function and ensuring you're at the correct website before using the more manual fill feature.

    I'm going to check out the other ones you've posted though; Thanks for sharing!
    Ph.D. IT [UC] - 50% complete
    M.S.C.I.A. [WGU] - Completed 6/2018
    B.S.I.T.M. [WGU] - Completed 4/2017
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I've always used Keepass locally. I don't believe in using cloud-based password vaults as a rule.
  • JockVSJockJockVSJock Member Posts: 1,118
    Been using Password Safe for over 3 years now.

    Have nothing but great things to say about it.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • rob42rob42 Member Posts: 423
    To be honest, I don't understand the need for a password manager. It's very easy to come up with your own 'password system' that is both easy to remember, yet very strong (in terms of 'crackability').

    The first rule has to be: Don't tell ANYONE what your system is. Using any kind of Password Manager is going to give someone a starting point. Why would you give anyone that kind of a lead?
    No longer an active member
  • KrusaderKrusader Member Posts: 109
    We use Teampass Teampass

    It's open source and you can install it using LAMP/WAMP stack
    2018 Goals
    AWS & Linux Knowledge
  • jws86jws86 Member Posts: 77 ■■□□□□□□□□
    We use SplashID.
    Currently studying for CCNA R&S
  • PlayDoh72PlayDoh72 Member Posts: 13 ■□□□□□□□□□
    Our company uses Thycotic Secret Server. It's very secure, has very granular controls and outstanding auditing / reporting features. It's a little expensive, but if ever an incident arrives and we have to go before our board or a panel of lawyers, we can say we purchased a backed, enterprise-level solution from a reputable vendor and not "hey, we got this free thing from the net!"
  • SecurityMan9SecurityMan9 Member Posts: 11 ■□□□□□□□□□
    I'm a huge fan of KeePassX
  • PocketLumberjackPocketLumberjack Member Posts: 162 ■■■□□□□□□□
    I use LastPass. It is constantly under review by security researchers, like Tavis, and it has been patched every time an exploit has been found in a very timely fashion. I love that I only need to remember 1 very strong password and then I have very strong passwords everywhere.
    Learn some thing new every day, but don’t forget to review things you know.
Sign In or Register to comment.