DEV Community

Ben Halpern
Ben Halpern

Posted on

What do you use for password management?

Oldest comments (142)

Collapse
 
integerman profile image
Matt Eland

Typically password123. That way I don't need a tool to remember anything.

Collapse
 
codemouse92 profile image
Jason C. McDonald

I seriously hope this is facetious, because this is the worst possible way of handling things.

Collapse
 
dwilmer profile image
Daan Wilmer

Don't worry, it doesn't work. Most websites require an upper case letter and a symbol as well. Password_123 works much better.

And yes, we're joking.

Collapse
 
roylarsen profile image
Roy Larsen

I use hunter2

Hopefully noone sees that

Collapse
 
integerman profile image
Matt Eland

I just see ******** when you type that.

Thread Thread
 
roylarsen profile image
Roy Larsen

Oh, good. It still works

Thread Thread
 
jck profile image
Jack

Thank you both for throwback laugh! ๐Ÿ˜‚

Collapse
 
moopet profile image
Ben Sinclair

Collapse
 
winstonyallow profile image
Winston

This is not a safe password. Please try Mb2.r5oHf-0t instead.
According to IT experts it is the most secure password!

(Source: the-postillon.com/2017/03/mb2r5ohf...)

Collapse
 
yaser profile image
Yaser Al-Najjar

I never trust password management tools.

They might collect my passwords and sell those info for some other parties...

Or worse, they might get hacked and all my accounts across the internet would be exposed.

I use simple passwords like (123456) for stuff I don't care about, and different passwords for accounts that I care about.

Collapse
 
rhymes profile image
rhymes

Use an open source one that encrypts everything

Collapse
 
yaser profile image
Yaser Al-Najjar • Edited

@rhymes
@kriscius

Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.

So no thanks, I don't really wanna go through that hustle.

Collapse
 
rhymes profile image
rhymes

Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...

The code is open source but you can just use the cloud version.

They don't store your passwords, they store the encrypted version and the master key never leaves your device.

My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.

For why you should use a password manager and not your memory troyhunt.com/password-managers-don...

Troy Hunt is also the person behind Have I Been Pwned, a tool to check if your email is part of various security breaches haveibeenpwned.com/

Its DB of 500 million leaked passwords is also exposed as an API and currently used by various sites to bar people from using leaked passwords again.

Fun stuff ๐Ÿ˜‚

Thread Thread
 
yaser profile image
Yaser Al-Najjar • Edited

The code is open source but you can just use the cloud version.

Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).

The problem is that you take their words for granted, call me paranoid, but I never trust these words:

Bitwarden does not store your passwords

Why are you providing me the service then? Nothing comes for free dude!


Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:

troyhunt.com/have-i-been-pwned-is-...

Thread Thread
 
matteojoliveau profile image
Matteo Joliveau

Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.

If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.

Collapse
 
jingxue profile image
Jing Xue

I agree that we can't/shouldn't trust the tools, but the question remains - how do you manage the passwords for the accounts you care about? Either your life is incredibly simple or you have incredibly good memory. (Well, come to think of it, either case would be quite admirable to me.)

Collapse
 
yaser profile image
Yaser Al-Najjar • Edited

Maybe I have a good memory, and also I help that with the choice of what I call simple-sentence-passwords like

YaserIsHere!

I forget some passwords for stuff I don't use often, say DockerHub account, so I simply restore that password by email in seconds.

Collapse
 
fransk profile image
Frans Krojegรฅrd

Yeah, the risk of that happening is way lower than you reusing a cracked/leaked password.

Sounds like the thing that would make you happy (and safe) is keepass, synchronised in a way you feel comfortable with.

Collapse
 
youbicode profile image
A.

I was not into password managers until I used Bitwarden. It's open source and works perfectly, chrome extension, app on Android/iOS. Saves me time and headache remembering passwords and secure notes.

Collapse
 
damienomurchu profile image
Damien Murphy

+1 for bitwarden too - apps and extensions for almost everything, cloud backups (where your data is encrypted locally first), open source, and free

Collapse
 
pheeria profile image
Olzhas Askar

It's great! But what do you think of it as being developed by one guy?

Collapse
 
scottishross profile image
Ross Henderson

A user from dev.to told me about Bitwarden. Highly recommend it also.

Collapse
 
napoleon039 profile image
Nihar Raote • Edited

I like Bitwarden as well and I'm using it as my only password manager. I tried using Dashlane but it isn't as good as Bitwarden. There are others like 1Password, but I trust Bitwarden more since it's free and open source.

Collapse
 
jesperhoy profile image
Jesper Hรธy • Edited

KeePass on my Windows computers, along with Keepass2Android on my phone, and sync via DropBox / Google Drive (password database file is encrypted by KeePass).

Both are free and open source.

This has worked really well for years.

Ports are available for Linux, Mac, IOS, etc.

Collapse
 
stojakovic99 profile image
Nikola Stojakoviฤ‡

This is exactly what I do too except that I use KeePassXC which started as a community fork of KeePassX.

Collapse
 
kidpixo profile image
kidpixo

Keepassx is great, I use it for ssh keys with its embedded ssh agent and 2f@ secret, that I store along with qrcode for quick setup.

Collapse
 
dbh profile image
David Harrison

Same! I use Dropbox for synchronizing the master file. I can then access it from KeePass (or some variant ) on a Mac, 1 windows laptop, and a PowerBook laptop, and a Linux box.

Collapse
 
gsilvapt profile image
Gustavo Silva

I wanted to do this but I always feared one thing: Does this mean that if I update one password somewhere, I have to keep downloading the files in all clients I need? So, if I update one password, I need to update all copies in all clients?

Collapse
 
kidpixo profile image
kidpixo

Yes, you do.
Those are passwords manager, non sync client : I like the Unix-like philosophy of doing one thing.
I keep my encrypted password db in sync with gogole drive, but you can use whatever you want.
I know people who are sending themselves the db every time they update something, ugly for me, but it it works for then then +1

Collapse
 
easyaspython profile image
Dane Hillard

Like @dbh mentions in another thread, storing the Vault file in Dropbox or another similar cloud-based folder can be a solution for this. The file is encrypted at rest, so it's a fairly safe thing to do. Then the only place you need to sync it occasionally is your phone!

Collapse
 
gayanhewa profile image
Gayan Hewa

Lastpass - Across Android / Mac for Personal use
1Password - Work use

Collapse
 
itsasine profile image
ItsASine (Kayla)

1Password (the standalone license not the SaaS model)

The password vault is just a file, so either you can move it to other devices yourself or use something like Dropbox if you want your passwords to update automatically across devices.

I like that it's not another server that can get exposed like LastPass (I already have crap on Dropbox so whatever) and that it wasn't a subscription service. You have to hunt to find the page to buy a license, but it's still doable. It's also cross-platform so I have it on my Mac, PC, and Android devices (phone, Chromebook).

Collapse
 
moopet profile image
Ben Sinclair • Edited

They're pretty much all cross-platform. A password manager wouldn't be much use if you couldn't use it anywhere else.
I think, out of all the big name password managers, 1Password is the only one that explicitly started as a single-platform product, so everything else is an after-thought. I don't know if that makes it better or worse, though.

Collapse
 
itachiuchiha profile image
Itachi Uchiha

LastPass and I really love it.

Collapse
 
sduduzog profile image
Sdu

Just three days ago I kept receiving prompts to confirm that I'm logging in to a new device, It was obvious someone was trying to log in to my account.

I immediately installed dashlane and changed my email and online banking passwords from what I always used to a generated one

Collapse
 
chillhumanoid profile image
Jonathan Thorne

Dashlane is one of the more expensive ones for no real good reason. (Imo), I would recommend bitwarden or 1pass or LastPass (lastpass is mostly free actually now, but their support is meh)

Collapse
 
sduduzog profile image
Sdu

I didn't notice. I also want to try our their vpn and see if it's any good

Collapse
 
rhymes profile image
rhymes

I used to use LastPass, now I switched to Bitwarden also thanks to this thread:

Collapse
 
kip13 profile image
kip

Where I'm working we use a light bitwarden server self-hosted

Collapse
 
moopet profile image
Ben Sinclair

Me too. Though after exporting everything to Bitwarden, I kept Lastpass on my work machine, just to try to consciously keep them separated from my personal passwords in a more definite way than just having different folders.

Collapse
 
erikthered profile image
Erik Nelson

I did the same thing, Bitwarden just works a lot more consistently than LastPass ever did for me.

Collapse
 
jinksi profile image
Eric Jinks

A mix of Bitwarden for cross-platform and Safari/iCloud keychain because it works so smoothly.

I havenโ€™t figured out a good balance between these yet.

Collapse
 
yashints profile image
Yaser Adel Mehraban

We use LastPass, it works really nice with browsers and on mobile as well. Plus it supports yubikey for MFA

Collapse
 
kendru profile image
Andrew Meredith

I have used LastPass for the past 3 years and have never had a major complaint about it.

Collapse
 
swlkr profile image
Sean Walker
Collapse
 
nyanafell profile image
Gael Roussel • Edited

I only use passwordstore.org/ in my case.
It's simple to use, create good / long password, store, encrypt, ...

Some comments may only be visible to logged-in visitors. Sign in to view all comments.