Password Managers

Where to store all your passwords?

Paper list, word document, spreadsheet etc.

Better than trying to remember them all but makes all your accounts easily accessible to anyone who steals the list. Does not encourage the use of strong passwords because they have to be entered manually into websites.

Browser

All browsers will offer to save and fill in your login details which makes this method very easy to use. However, passwords stored in this way are an attractive target for malware. Passwords in the Chrome browser are protected by the “Windows” password. You can define a master password in Firefox. Safari uses the Apple keychain. All of these are encrypted but not particularly strongly. If you log in to Chrome with a Google account https://passwords.google.com/, you can recover/bequeath your passwords via the Google account. If you decide to use a full Password Manager (see below), you should delete the saved passwords in your browser.

There are lots of programs that claim to be Password Managers. Only the following three are consistently recommended as robust and secure solutions. These programs are protected by one strong password which is the only one you ever need to remember.

Keepass

If you do not like the idea of storing your passwords in the cloud, KeePass is a better option than using a plain text list. The database can also be used for other types of data. Strong passwords can be generated easily and logins achieved by copy and pasting rather than typing.
KeePass is portable: it can be carried on an USB stick, or installed in Windows Vista, 7, 8, 10, Mono (Linux, Mac OS X, BSD, …) + versions for Android iOs and other devices.
More info: https://keepass.info/

Lastpass

This is a browser extension for chrome, firefox, opera, safari, edge.
Again this is a database that can also be used for other types of data. The encrypted passwords etc are stored on the computer and can be synced with other devices. Some encrypted information about your account is stored in the cloud. By default you do not need to log in to Lastpass when starting the browser. This should be changed via Options. To log in to a website, you simply need to click on the entry in the database. Strong passwords can be automatically generated. Other features include Audit of all passwords, form autofill, shopping support
2 factor authentication and sharing secured folders with other people are supported in the Premium version.
More info: https://www.lastpass.com/

Dashlane.

This is a program you can install on Windows / Mac /iOS . It works as an extension to Chrome, Firefox, Internet Explorer and Safari. Free for one device only.
In addition to similar features to be found in LastPass, Dashlane makes it easy to change one or all of your passwords for about 500 websites. You can also share passwords with an emergency contact. Other features include Form autofill for standard fields e.g. address, Digital wallet for internet purchases and Security monitoring services and breach alerts.
The Premium version allows sync with other devices, 2 factor authentication and stores data in cloud
More info: https://www.dashlane.com/plans?

PWManagerComparison.PNG

For more information or a demonstration of the above password managers see Peter, Scotty or Chris at the club.

References
https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License