Why and how to use an open-source password manager

Topic

New Reply

	BEST SOFTWARE Why and how to use an open-source password manager
	By Lincoln Spector You know you need a password manager. But did you know that one of the top managers is a free, open-source application? Here’s why I think KeePass is the best solution for protecting your passwords — and for safely accessing the Web.

---

The full text of this column is posted at windowssecrets.com/best-software/why-and-how-to-use-an-open-source-password-manager/ (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

I’ve used KeePass previously, but switched to Dashlane last year based on a recommendation found here at WS. How difficult would it be to switch back to KeePass? Can it import all my current data (P/W’s) from Dashlane in a relatively painless fashion? Thanks!

Reply | Quote

You might be able to do it via Dashlane CSV export/ Keepass CSV import but it could be tricky:
http://sourceforge.net/p/keepass/discussion/329220/thread/99d1109c/

Jerry

Reply | Quote

a very timely article and recommendation for me…. i plan to give the current KeePass a try

Reply | Quote

scares me too much

i prefer to write them down in a little notebook that i keep locked up.

Reply | Quote

Hi Speedball
Not so effective if your use of secure web sites grows. You start not being able to find stuff. And if you forget to lock it up for the 5th time today, someone else will have access to everything of yours – banking, etc.

Its a software tool for software. If you have a backup system, not a problem. If you don’t, then you’re likely to, even if you write it down.

Reply | Quote

I can certainly see the advantages of using KeePass for storing passwords locally, like for software or encryption. But I use a lot of web passwords and manually cut and pasting twice or more each time is clumsy when you have something like the free LastPass available. It auto-fills web forms for you and keeps them encrypted locally and online, so your database is available on all your devices. Yes, it’s not open source, or perfect. But this may also be a good reason Fred likes Roboform.

I tried using KeePass but a text file sorted alphabetically and stored encrypted I found faster.

Reply | Quote

Writing them down is great but really inconvenient when you need to login to a web site. A good password manager allows you to backup your data and access it from many devices, which is actually safer than a notebook.

cheers, Paul

Reply | Quote

I have been using KeePass since version 1.0 about July 2005. I am now using version 2.24 like Lincoln Spector. This is the only password manager I recommend. I prefer it to a cloud based solution (like LastPass) because I have control of the database. I can back it up, copy it, print contents, export data or import data all without relying on an external service.

The article did not mention that there are both an installed version and a portable version. I use the portable version (Downloads as a Zip file) because I can put it on a flash drive or a memory card and use it on any machine. The installed version is stuck to the one machine; though the database can be distributed as needed (the master password is part of the database).

Reply | Quote

I opted for LastPass (paid version). I recognize that I’m giving some control to people I don’t know BUT, the encryption system used seems pretty safe from hacking and the decryption happens on my end of the string. if the LP db is stolen, I should be OK (excluding the NSA backdoor we don’t know about!).

There are several reasons I don’t go for apps like KeePass.
1. I have to remember to take the darn db with me all the time otherwise I’m SOL if I need to get into a site.
2. I live with my wife. We share our login lists. If we use a USB based PW manager, we have to keep the dbs in sync which is NOT easy.
3. My portable devices. LastPass has apps for Windows, Mac, Linux, Android, and iOS. No matter where I am or what device I’m using, I have a way to get to my stuff.
4. I can (and do) download the login list so I have a backup in the event that LastPass goes dark.

It’s worked well for me and, so far, no complaints.

Reply | Quote