The best way to keep your passwords safe - LastPass vs Google vs 1Password

Jamie McKane

MyBroadband Journalist
Joined
Mar 2, 2016
Messages
7,000
The best way to keep your passwords safe - LastPass vs Google vs 1Password

Passwords remain the foundation of our personal security online, but many users still refuse to follow best practices.

Technically, the safest password would be a long string of random characters, but it would be impossible to remember a random string of letters and numbers for each online account you have online - and writing your passwords down is a recipe for disaster.
 

Dan C

Honorary Master
Joined
Nov 21, 2005
Messages
33,487
I just use 'pa$$word' everywhere. Never been hacked
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,582
I recommend Bitwarden. The browser extension has the nicest UI I've seen, Premium is just $10 a year, you can host your own cloud if you want and 2FA keys like YubiKey are supported. It's also open source and supposedly as secure as you can reasonably expect.
 

saor

Honorary Master
Joined
Feb 3, 2012
Messages
31,587
I recommend Bitwarden. The browser extension has the nicest UI I've seen, Premium is just $10 a year, you can host your own cloud if you want and 2FA keys like YubiKey are supported. It's also open source and supposedly as secure as you can reasonably expect.
Quick question.

If I use a password manager plugin in my browser, does it require a global password each time or what prevents someone sitting at my pc from logging in to any account by having Bitwarden supply the password for them?
 

Dimpie (COMPUTEK)

Executive Member
Joined
Apr 7, 2009
Messages
9,633
^ With the premium membership you can set a master password to open ... you can also set the program to auto-lock after x minutes

You can also do 2step login where you'll need a 2nd device to open it
 

lord-of-war

Well-Known Member
Joined
Dec 17, 2016
Messages
497
Been using LastPass for the last couple of years. Great as it is free and user fiendly and like that you can share your passwords with other users.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
33,301
No mention of Myki? It's free and the (not needed) pro features are only R140 once off. Will also be open source and the desktop apps are currently in beta. Just use your fingerprint to login. Great thing is your passwords is stored locally. 2FA codes get filled in automatically as well and are stored in the same app.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,582
Quick question.

If I use a password manager plugin in my browser, does it require a global password each time or what prevents someone sitting at my pc from logging in to any account by having Bitwarden supply the password for them?

You can set the master password to be stored locally, which would mean very seldom entering it on the same device, but that is strongly discouraged. In general, yes you would need to enter your master password to unlock your vault. If biometric authentication is available, you can use that instead of entering your password.

By default, if you close your browser Bitwarden will lock your vault.

^ With the premium membership you can set a master password to open ... you can also set the program to auto-lock after x minutes

You can also do 2step login where you'll need a 2nd device to open it

All core features are available for free. Premium just unlocks some refinement in the settings last I checked, and the ability to add physical 2FA keys to your account. The only reason I have a Premium account is to use my YubiKey 4.

No mention of Myki? It's free and the (not needed) pro features are only R140 once off. Will also be open source and the desktop apps are currently in beta. Just use your fingerprint to login. Great thing is your passwords is stored locally. 2FA codes get filled in automatically as well and are stored in the same app.

Being locally stored sounds like a deal breaker to me. Why go through that in this day and age? Secure cloud password managers are available, and you can make them exceptionally secure by using a YubiKey.

Bitwarden is open source and lets you host your own secure server. Best of both worlds imo. $10 a year is about as reasonable as anyone could possibly expect. For non-advanced users, the free version of Bitwarden has all the core features included.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
33,301
Being locally stored sounds like a deal breaker to me. Why go through that in this day and age? Secure cloud password managers are available, and you can make them exceptionally secure by using a YubiKey.

Bitwarden is open source and lets you host your own secure server. Best of both worlds imo. $10 a year is about as reasonable as anyone could possibly expect. For non-advanced users, the free version of Bitwarden has all the core features included.
R150 once off is much cheaper in the long run than paying that yoy and you don't need to muck about with a Yubikey as well.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,582
R150 once off is much cheaper in the long run than paying that yoy and you don't need to muck about with a Yubikey as well.

The YubiKey is not required - it's just the responsible way to secure your online accounts. Almost all big tech firms require that employees use a YubiKey or some equivalent. Chances of a breach are close to zero if you have one. Also, it's hardly 'mucking about'. Takes about 1 min to add to a password manager and pressing a button when logging in is hardly an inconvenience.

I can't help but be very suspicious of the quality of a service that costs R150 once-off. Or anything once off. A password manager is an ongoing service that needs to keep up with cyber threats and enjoy very active development. A small once-off cost makes me sceptical as to the degree of commitment and expertise being provided.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
33,301
The YubiKey is not required - it's just the responsible way to secure your online accounts. Almost all big tech firms require that employees use a YubiKey or some equivalent. Chances of a breach are close to zero if you have one. Also, it's hardly 'mucking about'. Takes about 1 min to add to a password manager and pressing a button when logging in is hardly an inconvenience.

I can't help but be very suspicious of the quality of a service that costs R150 once-off. Or anything once off. A password manager is an ongoing service that needs to keep up with cyber threats and enjoy very active development. A small once-off cost makes me sceptical as to the degree of commitment and expertise being provided.
Not if you build it from the beginning with privacy in mind.
 

Petec

Expert Member
Joined
Mar 22, 2012
Messages
2,862
Axcrypt? Been using it for years. One of the best out there.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
30,815
Notepad is good enough. None of this insecure crap to deal with.
 

Dan C

Honorary Master
Joined
Nov 21, 2005
Messages
33,487
yesteryear. Try sublime *erm*

01123d87ccad59166392621e4d4471fd.gif
 
Top