Do you use a password manager?

[target]

Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.

I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.

[Forsyth Jones]

Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.

I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.

Look, browsers have probably improved their security over time. They are definitely more secure today than they were 5 years ago. On my Chrome on Windows, it asks me to authenticate via Windows Hello (biometrics) whenever Chrome asks for a password to log in to a website.

But I still prefer to use a password manager specifically for password management. Browsers are specific applications for consuming content on the internet. In addition, a password manager like Keepass is offline. You decide whether you want to keep the database locally or synchronized with your cloud folder (or both). It is zero-knowledge (only you have control, access to the database and the master key). It is also open source.

In Keepassxc there is an official keepassxc extension to integrate with your locally saved database, so it auto-fills by unlocking your database using your master key and/or biometrics (yes, keepassxc supports Windows Hello, you can optionally disable it), but this only works on Windows and Mac, on Linux you have to enter the master key to unlock the database.

[TokenTactician24]

Do you use a password manager for your online accounts, exchanges, 2FA and wallets?

Which one do you use and why? Share your experiences.

What do you think of closed-source password managers like 1Password?

And open-source ones like Keepass?

Here is a comparison of most password managers (I don't know if the list is up to date), which may help you in your choice.

I’ve been using 1Password for years and it’s been a game-changer. Super secure, easy to use, and perfect for managing everything from my exchanges to 2FA. The closed-source aspect doesn’t bother me since they’re constantly audited and reliable!

[libert19]

Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.

I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.

I also have started saving some of not-so important passwords in browser for convenience purposes but these are not password managers, and I don't trust anything online secure enough to hold my passwords tbh, even the password managers themselves, recent Lastpass breach made me so cautious of anything online.

I’ve been using 1Password for years and it’s been a game-changer. Super secure, easy to use, and perfect for managing everything from my exchanges to 2FA. The closed-source aspect doesn’t bother me since they’re constantly audited and reliable!

Well tbh; it's is secure, until it's not. Anyway, let's just hope 1password stays secure for a long time.

[bitmover]

Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.

I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.

I consider it a password manager.

I don't use chrome. However  when I used it, it didn't offer to create new strong passwords randomly.  This is probably the most important feature of a password manager. Because having a different password for every service will save your other accounts if one of the leaks

[ABCbits]

For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/

It's good to be wary or cautious. Although example you mentioned aren't best example since,
1. Exploit on KeePass require the attacker to comprise victim's computer first.
2. LastPass have long history of security incident or hack.

~snip~
Everyone should use a password manager. You should use different passwords for every service  , so when a password leeks it doesn't compromise your other accounts.

What if all the data from the password manager leaks? In the event that you do not have 2FA on all created accounts, all but one of them are compromised - and that is the biggest risk of storing such data in one place. There are many examples of why it is bad to entrust the storage of passwords to such programs, in my opinion it is almost as unsafe as the storage of cryptocurrencies on CEXs.

That's true, although you could reduce the risk by using ones which doesn't connect to internet or support encryption with hardware key (e.g. Yubikey).

[Husna QA]

For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/

I think the nature of the LastPass breach and KeePass exploit is quite different. At the very least, with Keepass the attacker has to gain access to our devices before they can exploit it. I believe we can manually anticipate these potential attacks and prepare accordingly, while we can't do much with using LastPass. I don't think it's a good idea to store your seedphrase on a password manager anyway. Btw, I use KeePass too, works well so far on my phone and PC. Still need to have decent awareness to avoid phishing links and so on though. CMIIW.

The Password* Manager feature that I use in the iPhone default application is not for storing seed phrases but for storing usernames/emails and passwords for access to certain accounts so that they can be automatically filled in when I want to log in. To open the Password feature, I set it using Face ID. Of course, I use other applications for accounts that use additional 2FA, and so far, I have used Authy.

*

[TomPluz]

I used to avail of a services of one before but right now not anymore since I realized that they can be hacked too and that I am not actually a part of multitudes of services. So I am just recording my passwords in my notebook though it can be hard sometimes as they don't usually similar. Next year, I can be looking for a good password manager that can be more secure and  is known to withstood the test of time and the hackers. I am hoping to see some recommendations here.

[Lucius]

I have used nearly a thousand services, I can't save those passwords in my mind. 
Good services won't get hacked, and if they do I have 2fa of important services

No one says that you should keep them in your mind, that is impossible and makes no sense. I already wrote that saving passwords in a password manager makes sense precisely for those who have hundreds or thousands of passwords, but certainly not for me, who has several dozen of them, of which less than ten are very important to me. Therefore, I will quite easily continue to use paper and pencil, no matter how old-fashioned it may sound to some.

[robelneo]

Yes I'm using a password manager, LastPass but I created my own parameters to safeguard all my passwords storedd in password manager, I laso make sure that all the sites I'm log in have 2FA or email or text verification.
Password managers is a goodway if you're working on many sites but you also have to put safety parameters, don't trust everything on passowrd managers.

[bitterguy28]

Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.

I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.

yes it is a password manager but i do not think this is the safest option to be honest when you save it in chrome doesn’t it save in google? i have seen many get their google accounts get hacked or their devices get taken and their accounts are compromised

i guess it is okay for easier log in but you should back it up just in case in a different password manager

[ABCbits]

Yes I'm using a password manager, LastPass but I created my own parameters to safeguard all my passwords storedd in password manager, I laso make sure that all the sites I'm log in have 2FA or email or text verification.
Password managers is a goodway if you're working on many sites but you also have to put safety parameters, don't trust everything on passowrd managers.

Out of curiosity, since when do you use LastPass? After all, they had at least 3 security incident since 2022. I recall hacker stole user data, encrypted password vault and even their source code. It's better than doesn't use any password manager and re-using same/similar password, but i would advise you to use password manager with better history.

[bitmover]

Out of curiosity, since when do you use LastPass? After all, they had at least 3 security incident since 2022. I recall hacker stole user data, encrypted password vault and even their source code. It's better than doesn't use any password manager and re-using same/similar password, but i would advise you to use password manager with better history.

Last pass is the worst password manager ever.

I don't get how they have so many users,  even after their regular hacks. It will probably he hacked again within 2 years , just like in the past.

And they also have paid plans , so they make a lot of money

[Forsyth Jones]

I used to avail of a services of one before but right now not anymore since I realized that they can be hacked too and that I am not actually a part of multitudes of services. So I am just recording my passwords in my notebook though it can be hard sometimes as they don't usually similar. Next year, I can be looking for a good password manager that can be more secure and  is known to withstood the test of time and the hackers. I am hoping to see some recommendations here.

KeePass2 for Windows

KeePassXC for Windows, Linux and Mac

KeepassDx for Android or Keepass2Android.

Strongbox or Keepassium for iOS (I use the lifetime version of Strongbox).

They are all open source and based on Keepass, meaning you create a database, encrypt it with your master password and feed it with your passwords.

All of the alternatives mentioned are compatible with each other.

[Lucius]

Last pass is the worst password manager ever.
I don't get how they have so many users,  even after their regular hacks. It will probably he hacked again within 2 years , just like in the past.
And they also have paid plans , so they make a lot of money

How can a bad product still have many clients? I think that you simply need to have constant promotion, use all possible tricks and of course minimize every possible hack to the extent that you call those who talk about it a minority that wants to harm the company.

The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.