Question about password managers

Topic

New Reply

I’m looking for a new password manager.  My old password manager did not have autofill but it appears that most new password managers offer it.  Wouldn’t this mean that these password managers are tracking you or at least have the capability to do so?  I’ve read a dozen or so reviews of password managers and haven’t seen any mention of this.

Reply | Quote

Replies

https://www.enpass.io/

Reply | Quote

You end up having to trust the password manager vendor. Choose carefully. I don’t worry too much about my password managers tracking me, but I do worry about security vulnerabilities in the password managers.

The way I handled it:
1. Common advice is to NOT use the password manager included with the browser. My preference is for standalone password managers.
2. Cloud based password managers have a larger attack surface and often include a browser extension to help with autofill. Because I like the convenience of autofill on web sign-in pages, I use a subscription cloud based password manager for frequent non-critical passwords. (This excludes financial and email accounts, for example; so no direct financial loss if the cloud vendor is breached.)
3. For my free standalone password manager, which has ALL my passwords, I use copy / paste / clipboard clear, to manually copy over the passwords to the web form. It’s not too practical to type in long complex passwords. If using copy & paste, you may need to disable Window’s clipboard history for security reasons.
4. The encrypted database of the standalone password manager is frequently backed up including off-site backup.
5. I avoid cloud based password managers from the major cloud vendors, to help cut back on how much they are tracking me, maybe, 🙂  I don’t want cloud storage and all my passwords under the same account.

So a mix of security and convenience.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

Reply | Quote

You can have free or paid, online or offline, full auto-fill or manual auto-fill.

What are you after?
What is your existing manager – you need to be able to import the data to the new manager?

cheers, Paul

Reply | Quote

https://keepass.info/

 

KeePass is cross platform and non cloud, I love it.

1 user thanked author for this post.

doriel

Reply | Quote

I’ve used Roboform since the 1990s, and been completely satisfied.  For some reason it never seems to make it on to the “expert” comparison articles in the computer press, but it’s still the best – for me.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

+1 for KeePass from me.  I use the portable version on my Win10 laptop, and have it on a flash drive.  I also have it installed on Linux laptop, my wife’s MacBook, and both of our iPhones (Keepass Touch app).  My Win10 laptop is the master database; all additions and changes are made there.  Once a month I replace the database on each device with a copy from the laptop.  There are other syncing options but I prefer the manual approach for complete control.  I also keep a copy of the database on OneDrive.

Reply | Quote

ScotchJohn wrote:

I’ve used Roboform since the 1990s

I did ask myself whether Roboform had been available in the 1990s!  Siber Systems’ website said that Roboform was first released in 2000.  Thus, my claim of “since the 1990s” gilded the lily, but only slightly.

It IS paid for, but I pay happily.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

Thanks for all the replies.  For those who asked, I’m currently using mSecure5.  Switched to it on a colleague’s recommendation after LastPass was hacked in 2015.  It was easy to use and didn’t include password auto-fill.  I’ve been relatively satisfied with mSecure5.  But mSecure is switching to an annual fee, subscription-based business model.  Strike one.

Further, an mSecure6 ‘upgrade’ has been rolled out, which I’ve found underwhelming.  For example, logging into mSecure5 presents a Main View that is a simple list of all the items for which you have created a record.  To view more information for any one record, you have to click on that individual item listed.  But in mSecure6, the default Main View list also shows random fields such as logon IDs, email addresses, phone numbers (but not passwords) from each item listed, making this information readily visible on screen to any person or security camera shoulder-surfing you.  I could find no setting in mSecure6 to revert back to showing only the simple list of items in the Main View.  Eventually I had to go thru more than 200 item records, de-selecting all of the individual record fields to keep them from appearing in mSecure6‘s Main View.  Strike two.

Lastly, mSecure6 now includes password auto-fill as an ‘option’.  But in order to offer auto-fill as an ‘option’, wouldn’t mSecure6 have to be tracking the websites I visit to begin with?  I take several steps otherwise to protect my online privacy and limit tracking of my internet use.  I’m not willing to make that information ‘optionally’ available to password manager software that I’ve purchased to provide security and protect my privacy.  Strike three.

Thanks for tolerating my rant.  I will check out the other password managers mentioned here and welcome additional recommendations.

1 user thanked author for this post.

oldfry

Reply | Quote

landrmc wrote:

wouldn’t mSecure6 have to be tracking the websites I visit

It probably stores the site info in the manager and uses that to match the site. Not really tracking as it doesn’t record when, how often, pages visited…

FWIW, KeePass will import mSecure CSV exports.

cheers, Paul

Reply | Quote