I keep seeing people highly recommend them, but I’ve always thought it wasn’t very secure.
Keepass is as secure as you make it to be.
Are password managers secure to use?
Submitted 8 months ago by ComicalMayhem@lemmy.world to nostupidquestions@lemmy.world
Comments
Spaniard@lemmy.world 8 months ago
scytale@piefed.zip 8 months ago
Yes, but it depends on which one you use. Some are better than others. The ones that can be hosted locally (i.e. keepass) are the most secure because you are not relying on a third party to host your password vault for you. It would be helpful to know why you think they aren't very secure, so people can help clarify.
EonNShadow@pawb.social 8 months ago
Like the other commenter said - people recommend them for peace of mind so you don’t have to think about knowing a password for the 2653rd account you set up once and are never using again.
I’ve used Dashlane for years, personally, but I know people here will immediately shut that down for not being FOSS. Bitwarden is FOSS but requires some technical setup and has no redundancy.
Don’t get me wrong, I love self-hosting as much as the rest of us but I’m not trusting my server from 2013 with all my passwords to everything.
Godort@lemmy.ca 8 months ago
Bitwarden is FOSS but requires some technical setup and has no redundancy.
Bitwarden offers a cloud-based service in addition to self-hosted options. I choose to pay $10/year to get access to store OTP codes and easy Yubikey enrollment
regedit@feddit.online 8 months ago
There's no guarantee anything is "secure," anymore. Even if you run a self-hosted password manager, it could still be compromised at the package-level or down the road through some exploit. I will say that since I started using Bitwarden as my main password manager, I have had to worry less about company data breaches and stolen passwords. I have no need to reuse passwords for any site or service. I can use the built-in 2FA with sites that require it and don't have to have multiple apps. I can share passwords with my wife if she needs to access something under my name.
In addition to storing logins, I can store secure notes, even storing login-specific notes within the login details for things like one-time-use passwords, etc. I can store various credit/debit cards and recall them into payment systems whenever I want, without storing them in a browser. When using the phone, I can tie the biometrics to the unlocking of my vault so, with the vault locked, I can easily unlock it to find the login/info I need to submit to an app or website.
Obviously, all this comes with their own risks, but the level of risk of a password management is far lower than the risk of reused passwords and the mismanagement of security at the corporate-level. If you're really hard-up to keep your stuff offline, other products exist that are locally stored, but you'll likely miss out on access from outside the home in the event you need that login info somewhere else.
slazer2au@lemmy.world 8 months ago
What makes you think they aren’t secure?
Most will tell you how the password is stored and assuming they implemented the encryption algorithm correctly it should be rather difficult to break the vault open.
ExtremeDullard@lemmy.sdf.org 8 months ago
I don’t use them. I make the effort to remember my passwords - or rather, my recipes to recreate any complex passwords.
The only safe storage form for your passwords is your noggin’. The next best thing is probably a password manager - although that depends on how trustworthy whoever coded it is - but it certainly isn’t as secure as using your brain if your brain works properly.
LambdaRX@sh.itjust.works 8 months ago
I think they can be much more secure than:
remembering your ( probably weak ) passwords
writing passwords on paper, which is slow, you can lose paper, break it, or someone can steal it
storing passwords in unencrypted text file
I use KeepassXC, which is offline, encrypted password manager. Every password is stored in one file, which to access, I must enter the one password I do remember. I recommend having backups of this file.
It has password generator included, so all my password are long, strong and unique. It also can auto fill password/login which saves time.
To increase security of your account even further you should also use multiple factor authentication, for example app which generates one time codes on your phone offline. It will protect you, even if your password gets leaked, or cracked.
Sc00ter@lemmy.zip 8 months ago
Does this make it so that you can only access all/any of your accounts from 1 computer ever?
LambdaRX@sh.itjust.works 8 months ago
No, i keep multiple copies of this file on different devices and I sync them using Syncthing.
However if you want to access your password database from many devices, using online password manager, like Bitwarden, would probably be easier.
someguy3@lemmy.world 8 months ago
If you write it in paper, include the same short word on the end of all your passwords that you don’t write down. Password is Hunter2duck but you only write down Hunter2.
garbagebagel@lemmy.world 8 months ago
I write my passwords on paper in code, like my dad taught me to do.
However, just a personal anectdote, my uncle passed suddenly and he had written all his passwords (not in code) on a spreadsheet with each account, which he then printed. I promise you, this single piece of paper was one of the most helpful things I could’ve asked for in sorting out all of his assets. It was a genuine lifesaver. Now I often think that maybe I should be sharing my password with an S.O. or someone else close to me just to make their life easier if I were to die tomorrow.
PlexSheep@infosec.pub 8 months ago
This is just a hack. If you use encryption to store passwords, that becomes just a nuisance.
over_clox@lemmy.world 8 months ago
All I see is *******