Best Password Manager

[Huntn]

Although I can make up my own passwords and keep a file handy to access them, it is a convenience to have a extension on your browser to quickly pull up passwords. I was using 1 Password until they went to a subscription model.

I've been using Enpass for the last year without issue, but all of a sudden it broke, kinda. I'm having issues getting it to contact the vault I keep in Dropbox. This company is located in India and customer support is by email.

What I'm seeing more and more of is software where the developers instead of selling their product are trying to get customers to subscribe to their product. I will fight this for as long as I can. I found this article and am working my way down the list, but so far the top 2 are subscriptions.

What Password manager do you use and is it subscription based?
Note: I've talked about this before either here or in the iOS App forum, but was unable to located the thread where the discussion took place.

 

[mailbuoy]

I have been using Enpass with iCloud sync. No issues.

 

[S.B.G]

The best password manager is the one that you like the most.

With that said, I use LastPass and I do pay the subscription fee. It works well for me, does everything I want and a little more. The data is hashed and encrypted on my local machine and then uploaded to their servers. I have little worry about my data being compromised. I'm confident 1Password works in a similar way.

If you don't want a subscription model or online storage with a company, you may consider https://keepass.info/

I used it for a while last year with my own personal cloud server. It worked nicely and all that. But compared to LastPass, or 1Password, it was a little more upkeep. Not much, but more than those two services. However, you get total control over it all.

 

[MisterSavage]

1Password heavily pushes the subscription model but you can still buy a standalone license.

 

[NoBoMac]

mSecure. Almost identical in feature set (mSecure is older of the two). Been using it for years and been happy with it.

 

[millerj123]

The best password manager is the one that you like the most.

With that said, I use LastPass and I do pay the subscription fee. It works well for me, does everything I want and a little more. The data is hashed and encrypted on my local machine and then uploaded to their servers. I have little worry about my data being compromised. I'm confident 1Password works in a similar way.

If you don't want a subscription model or online storage with a company, you may consider https://keepass.info/

I used it for a while last year with my own personal cloud server. It worked nicely and all that. But compared to LastPass, or 1Password, it was a little more upkeep. Not much, but more than those two services. However, you get total control over it all.

I've been using KeePass for at least 10 years at home.

 

[Weaselboy]

What Password manager do you use and is it subscription based?

I find the included Keychain app does all I need.

In other threads like this, I have seen a lot of recommendations for the free BitWarden, so that might be one to checkout.

 

[Huntn]

I find the included Keychain app does all I need.

In other threads like this, I have seen a lot of recommendations for the free BitWarden, so that might be one to checkout.

With the keychain app can you look at a list of passwords?

 

[vbctv]

Keychain is all that is needed. No reason to spend any money.
[automerge]1586022333[/automerge]

With the keychain app can you look at a list of passwords?

Yes using the Preferences in Safari then going to the passwords tab or in iOS under Settings - Passwords & Accounts.

 

[Huntn]

I have been using Enpass with iCloud sync. No issues.

The problem for Enpass just popped up for me. It won’t connect to the vault I have set up for it in Dropbox, and the Enpass Safari extension no longer appears within Safari, plus Safari has been acting wonky for me. It has a habit of wiping the current tabs I’m using on a restart, and maybe sometimes when I wake it up.
[automerge]1586022501[/automerge]

1Password heavily pushes the subscription model but you can still buy a standalone license.

I went to their site and am not seeing it.

 

[Weaselboy]

With the keychain app can you look at a list of passwords?

You mean see the passwords themselves in a list? No, but you can see a list of every app or website you have a saved password for, and even search on that list. Then you click on the entry and unlock it to see the password for the site or app.

Like this screenshot for example.

 

[Huntn]

Do the products mention use a stand alone vault?

The best password manager is the one that you like the most.

With that said, I use LastPass and I do pay the subscription fee. It works well for me, does everything I want and a little more. The data is hashed and encrypted on my local machine and then uploaded to their servers. I have little worry about my data being compromised. I'm confident 1Password works in a similar way.

If you don't want a subscription model or online storage with a company, you may consider https://keepass.info/

I used it for a while last year with my own personal cloud server. It worked nicely and all that. But compared to LastPass, or 1Password, it was a little more upkeep. Not much, but more than those two services. However, you get total control over it all.

mSecure. Almost identical in feature set (mSecure is older of the two). Been using it for years and been happy with it.

I've been using KeePass for at least 10 years at home.

 

[S.B.G]

Do the products mention use a stand alone vault?

Keepass stores everything in it's own file. You can keep it on your PC (or Mac, I guess) or in DropBox and you just point the application to where the file is to open it.

Features - KeePass

keepass.info

• KeePass is portable: it can be carried on an USB stick and runs on Windows systems without being installed.
• Installer packages are available, too, for the ones who like to have shortcuts in their Windows start menu and on the desktop.
• KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (INI) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary ZIP package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system.
• Ports for other systems like Android, iOS, etc. are available. See the downloads page.
• [2.x] Accessibility: KeePass 2.x features an advanced option that explicitly optimizes the user interface for screen readers.

 

[adrianlondon]

When I moved from Safari to Firefox, and also to be able to actually see secure notes and things on my phone (there's no iOS keychain app) I moved from keychain to Bitwarden. I've been using it for a couple of years now with no issues.

 

[Huntn]

You mean see the passwords themselves in a list? No, but you can see a list of every app or website you have a saved password for, and even search on that list. Then you click on the entry and unlock it to see the password for the site or app.

Like this screenshot for example.

View attachment 903585

I think I originally shied away from keychain thinking security, as if someone got into my laptop, they would then have acess to my passwords. This was when I was traveling with my laptop regularly. And for keeping my devices synced, I like the vault idea better than a server hosted by the software company.

 

[mick2]

Bitwarden here also. Previously had LastPass but was a bit buggy on Firefox.
Bitwarden has been solid, reliable and consistent across Win / MacOS / Linux platforms. I just bought the 'Pro' upgrade as a way of offering the devs a little support.

 

[Huntn]

Thanks for the suggestions! I’m going to give the Enpass people a couple of days to cough up an answer, before I do anything rash. For 1 password, I had no problem with that until I needed to update due to a MacOS upgrade, and they started pushing subscription models. When I visited their plans page today, it was all subscription, but maybe I missed the part about purchase.

 

[S.B.G]

I've heard good things about Bitwarden recently. Although I've never used it.

 

[NoBoMac]

Do the products mention use a stand alone vault?

Stand-alone as in not "their" cloud?

mSecure is like Enpass as there's a stand-alone encrypted file that you sync via cloud service of choice. I'm using Dropbox, but they also support iCloud.

Oh and: also have Android and Windows apps.

 

[Huntn]

One other thing I liked about 1Password is that I could edit passwords from the browser window, which I can’t do with Enpass. With Enpass I can pull up the password page and see/copy the elements, but I can’t edit that page within my browser, however if I enter a new password for an already recorded login, it will offer to update the password for me.
[automerge]1586024194[/automerge]

Stand-alone as in not "their" cloud?

mSecure is like Enpass as there's a stand-alone encrypted file that you sync via cloud service of choice. I'm using Dropbox, but they also support iCloud.

Oh and: also have Android and Windows apps.

That’s what I mean, a vault Located in the cloud storage of your choice, not hosted by the parent company.

 

[Huntn]

I've been reading about Bitwarden and if I'm not mistaken, it stores passwords in their cloud based server, not your own cloud based storage. One of attractions to having your own storage is that you are not worried about a hacking event where a server full of say credit card numbers is hacked and everyone's data is scooped up. Yes, I guess, your own cloud based storage could be hacked, but I'm thinking of targets like Target or even credit reporting companies where there is a mass exposure of data stored.

 

[Motti Shneor]

it is a convenience to have a extension on your browser to quickly pull up passwords.

What's wrong with the built-in password auto-complete system of Safari, which (in conjunction with iCloud and your appleID) is also auto-synchronizing to all your devices?

and if you need an actual app to see and manage these password, what's wrong with the old, and PERFECT "Keychain Access" that manages all Mac passwords for the last 25 years?

 

[mick2]

I've been reading about Bitwarden and if I'm not mistaken, it stores passwords in their cloud based server, not your own cloud based storage. One of attractions to having your own storage is that you are not worried about a hacking event where a server full of say credit card numbers is hacked and everyone's data is scooped up. Yes, I guess, your own cloud based storage could be hacked, but I'm thinking of targets like Target or even credit reporting companies where there is a mass exposure of data stored.

The passwords are encrypted on your device before being sent to Bitwarden. All they store is an encrypted version so in the event that they're hacked all the attacker gets is garbage. Only your device(s) have the private key for decrypting.

The storage of pws centrally (which is what almost all the above solutions do - Lastpass, one pass etc etc) allows you to share pws across multiple devices.

 

[Huntn]

The passwords are encrypted on your device before being sent to Bitwarden. All they store is an encrypted version so in the event that they're hacked all the attacker gets is garbage. Only your device(s) have the private key for decrypting.

The storage of pws centrally (which is what almost all the above solutions do - Lastpass, one pass etc etc) allows you to share pws across multiple devices.

Thanks for the info! That is something I did not realize. Before I realized the data was stored in I think a Microsoft Azure server?, I was wondering why there was a GB limit for storage before you had to pay for premium. 1Password and Enpass use the cloud storage of your choosing, the primary purpose is synching across devices, otherwise you could just keep the info you individual devices, so it boils down to use your own storage which maybe or maybe not free, or Bitwarden's which may or maynot be free depending on how much storage you use.
[automerge]1586030990[/automerge]

What's wrong with the built-in password auto-complete system of Safari, which (in conjunction with iCloud and your appleID) is also auto-synchronizing to all your devices?

and if you need an actual app to see and manage these password, what's wrong with the old, and PERFECT "Keychain Access" that manages all Mac passwords for the last 25 years?

I did not like the idea that if someone stole my MBP and somehow hacked into it, they would have access to all of my keychain too. Now is that a warranted feeling? Maybe not.

 

[Huntn]

Sorry I'm a bit foggy on my password software setup. Regarding vaults, I am showing a primary vault in my Enpass settings, but I'm not sure if that sits on my Mac or in DropBox. I would be really nice to be able to talk to someone on the phone and Enpass has no practical phone support.

My other devices log into the same drop box account to synch up their passwords. But my impression is that each device does not have to be online to access their own records of passwords. So regarding terminology I'm not sure if each device holds it's own primary vault, but then what is the storage on drop box called, is that a vault too, or is that the only vault?

In Enpass, I'm reading about a key file, and see that I never set one up. Now I don't know if it was there when I purchased it or it was an added feature after I purchased it, but is anyone familiar with a key file? Do you use a key file? My understanding you need both it and your password to access your online vault. So what happens if the key file is lost or messed up, are you out of luck, start over and reinstall the vault from scratch? Accept this has to do with accessing your online vault. I assume this would not effect your ability to access data on your individual device. But it would be required to access the online vault and update it...?