Which password manager do you recommend for personal use? (Mac user)

UnixGuyUnixGuy Are we having fun yet?Mod Posts: 4,203 Mod
edited July 4 in Cybersecurity
What do you recommend and why?

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,844 Admin
    I've been using LastPass for years and really like it. Whatever you choose, I recommend a Cloud-based password manager than can be used from most Web browsers on any operating system. These also include an offline mode in case you temporarily can't get to the Internet (e.g., poor Wi-Fi connectivity on mobile device) and you need information stored in your password vault (e.g., ATM PIN).
  • nevermorenevermore Member Posts: 34 ■■■□□□□□□□
    I have also been using LastPass for years.  One of the key drivers for me is that wide support of a variety of OS (Windows / Apple MacOS/iOS) and a variety of web browsers.  As @JDMurray stated, it is cloud-based so you can access your vault anywhere.  I also enjoy they have a number of supported options for MFA to ensure your vault is protected.  We bought the "family" license so my wife and I have separate folders to store certain accounts and and share others that we both use.
    Obtained:
    • CISSP-ISSMP
    • CISM
    • GISP
    • CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Progress: CRISC, ISSAP
    Queued: CCSP, PMP


  • Mike7Mike7 Member Posts: 1,079 ■■■■□□□□□□
    I started with iLium Software eWallet on Palm Pilot and have been using it since then. There is no browser integration with the cloud, so you need to copy and paste from app. Passwords are stored in an encrypted file which can be sync from Dropbox.  Platform support includes Windows, MacOS, iOS and Android. There is no subscription, just a one time purchase of app for each platform.  Features are limited but I guess for the price this is good enough. 

    For 2FA, i am using Authy. 

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,844 Admin
    Mike7 said:
    For 2FA, i am using Authy. 


    Yes, I use and love Authy too for 2FA/MFA. The wondrous feature is that all your MFA accounts are backed up and can be restored to any of your other devices that have the Authy app installed. Such a time-saver when you get a new device. 

    Does Lastpass have a feature that indicates if a Website supports MFA? That would be cool if it did.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    I can't speak for Mac-specific apps, but I still use KeePass local.

    My personal risk tolerance won't allow me to use any solution that is inherently stored in the cloud. Nor will I use anything ever tied into a browser plugin or that "smartly" logs me into things automagically. I'll go only as far as letting KeePass do some automation, since that's useful when doing Zoom calls or screen shares.

    For my friends and family who do not share my lifestyle choices or risk tolerances, LastPass is just fine.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,844 Admin
    edited July 8
    If not in the Cloud, where do you store backups of your KeePass database file? 
  • itdeptitdept Registered Users Posts: 184 ■■■■□□□□□□
    I too use Keepass. My backups go to a NAS. I like it as a local repository
  • E Double UE Double U Member Posts: 1,747 ■■■■■■■■■□
    I have been a KeePass user for years, but just started using LastPass. 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • jwdk19jwdk19 Member Member Posts: 69 ■■■□□□□□□□
    Late to the show, but I use KeePass.
Sign In or Register to comment.