Password Managers?

[stefan9]

Lastpass

 

[DA-LION-619]

I have multiple TOTP/2FA/FIDO options on most of my accounts.

Some of them don't allow more than one for sure, but it's a minority.

I generally can login with TouchID first, then Yubikey failing that and then TOTP as a last resort.

****

Oh and the old SMS/Email option as well of course.

All of those are different factors.

WebAuthn => TouchID, if you wipe your Safari data then this option goes away.
Hardware key => Yubikey, the key is trusted not the device unlike the above.
TOTP => generated code, the secret is trusted. This has recovery unlike the above two.

The Yubikey has further functionality, in that it can be used to generate TOTP codes using a cross platform app which gets the secrets stored on the key or Yubico’s OTP service which is based of the device serial no.

Context can influence the factor used, such as with the MS Authenticator app.
Primarily it's device trust, so you can login with a prompt. You can only enroll your device with one M365 tenant, this doesn't affect MSA(outlook) accounts.
Secondary or in an offline mode, it's TOTP code generation.
The above scenarios don't require my physical presence unlike a hardware key.

 

[Agent67]

Whats everyone using and why?

LastPass, because Dashlane started to get vol kak about pricing, I needed a good alternative.

 

[ADrunkTeddyBear]

Whats everyone using and why?

Lastpass family (A couple friends split up the yearly sub)

 

[netstrider]

I use Bitwarden. It works well for me.

 

[JohnStarr]

Whats everyone using and why?

Pen and paper...

 

[SueC]

Anything can be hacked if your master password was dumb.

It’s not the service at fault.

Also, why didn’t you have 2FA? Password Managers are pointless without it.

I didn’t realise google accounts could have 2 factor authorisation. The it guy said it could have been keystroke logging. So even changing my Pw didn’t help I’m learning the hard way!

 

[SauRoNZA]

I didn’t realise google accounts could have 2 factor authorisation. The it guy said it could have been keystroke logging. So even changing my Pw didn’t help I’m learning the hard way!

Any service that doesn’t have 2FA should be strictly avoided.

Google has had it for years, it was one of the first consumer products to really start pushing it.

 

[CaneMan]

RoboForm.

 

[SAguy]

Recently moved from LastPass to 1Password - finding it to be better so far.

 

[_kabal_]

Was LastPass now 1Password, mainly because it works better with teams and can store things like database passwords.

much prefer LastPass’ chrome extension though

 

[_kabal_]

Was LastPass now 1Password, mainly because it works better with teams and can store things like database passwords.

much prefer LastPass’ chrome extension though

And now I am contemplating moving from Google Authenticator after reading the whole thread - for the backups.

question is do I just use the MS Authenticator (which I am already using for MS accounts, which has the prompts, and seems to support backups), or move my google to Authy.

1 less app is probably the answer

 

[DA-LION-619]

And now I am contemplating moving from Google Authenticator after reading the whole thread - for the backups.

question is do I just use the MS Authenticator (which I am already using for MS accounts, which has the prompts, and seems to support backups), or move my google to Authy.

1 less app is probably the answer

I use both, if dealing with a lot of services then Authy wins because of the logos.

 

[Kiemo]

My phones notes because it’s free

 

[Dylan_G]

Is there any password manager that is:

1. Free
2. Has backup/recovery
3. Works on Windows+Android devices? ie with syncing.

Don't care about 2FA. Would use separate apps for that.

 

[Speedster]

Is there any password manager that is:

1. Free
2. Has backup/recovery
3. Works on Windows+Android devices? ie with syncing.

Don't care about 2FA. Would use separate apps for that.

Bitwarden