Are the apps that store and track your passwords safe? I have come to the point where keeping track of my passwords is not working.
If they are safe can you recommend one?
Thanks,
Katie
Are the apps that store and track your passwords safe? I have come to the point where keeping track of my passwords is not working.
If they are safe can you recommend one?
Thanks,
Katie
I've heard good things about 1Password...but have not tried any myself. I have been reluctant to jump onboard due to similar concerns...I'm just not sure that I am comfortable with all of my passwords being uploaded to some private vendors server...
Any thoughts from those with experience would be greatly appreciated!
I've been using LastPass for about a year now. I'm very pleased with it and recommend it highly.
Jim covers the subject very well. I have used both LastPass and 1Password (my current).
LastPass has the advantage of using a centralized storage site so multiple people can share a vault easily. My wife and I use one vault with different identities. Easier to share passwords. It has the downside of having your passwords stored on their server so it's an attack target.
Sharing vaults in 1Password is more difficult but I like the overall feel and operation of the program better.
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.
You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.
The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.
The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.
When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4
Also, many sites also ask your birthday. I use different birthdays for every site.
Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.
Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.
/Jim
Another one for 1Password. Easy to use and the support is great.+1 for 1Password, I use it on for my iOS, OS X and Windows devices, works very well and reliably across all platforms...
Only regret -- which has nothing to do with 1Password -- is that I do wish work would let me use a MBA or rMBP rather than the clumsy laptop that I know have...
My wife and I both have it. We both have an iPhone and a iPad each, and share a Mac Mini (media hub). Each of our iDevices we have our own vaults and that's all, but on the Mac we have a primary vault and a secondary vault. The primary vault is mine and the secondary is hers. We have all out password separated, but we not have access to both vaults. It was very easy to set up this as well and everything syncs fine.Jim covers the subject very well. I have used both LastPass and 1Password (my current).
LastPass has the advantage of using a centralized storage site so multiple people can share a vault easily. My wife and I use one vault with different identities. Easier to share passwords. It has the downside of having your passwords stored on their server so it's an attack target.
Sharing vaults in 1Password is more difficult but I like the overall feel and operation of the program better.
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.
You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.
The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.
The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.
When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4
Also, many sites also ask your birthday. I use different birthdays for every site.
Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.
Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.
/Jim
Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.
/Jim
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.
You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.
The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.
The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.
When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4
Also, many sites also ask your birthday. I use different birthdays for every site.
Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.
Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.
/Jim
Between your first and second Paragraph you have contradicted yourself. On the one hand you say it never leaves the device then you start talking about syncing using Dropbox and ICloud.
Between your first and second Paragraph you have contradicted yourself. On the one hand you say it never leaves the device then you start talking about syncing using Dropbox and ICloud.
Another vote for 1Password. The new phone/ipad app makes it even better than before with the new extensions facility in IOS 8. Now you can access and insert your log details stored in 1Password straight into Safari. Thats been the missing function needed for so long....