I've recently started using KeePass, and I'm almost ashamed I didn't start using it sooner :p It makes password management a breeze and easily lets you create randomized passwords. Plus it's cross-platform (with Mono on Linux; there's also KeePassX) and open-source. I like the sync feature too, so I can easily have my database accessible and updated aross my computers.
Prior to that, I used Master Password. It was ok, but for the GUI app, I didn't really like having to pull in Java on my installs (that was the only thing I needed Java for). There's apparently a CLI version for Linux, but meh (as much as I like CLI, I can't imagine a CLI password manager being too convenient)
Was lately working on updating my accounts (switching my passwords over to KeePass generated ones; updating email addresses and other details as-needed) and closing ones I don't use. PSN is a fun one :p (can't change my email address because it matches my username... apparently this is only like this on the PC, whereas consoles will let you change regardless of that; wtf kind of weird restriction is that)
I use KeePass (usually the derivative apps for non-Windows platforms, e.g. KeePassX for Mac, KeePass Touch for iOS with Dropbox sync (I know, not so private, but oh-so convenient)), and Master Password. With most of the websites requiring registration to access and download content, these two apps helped so far.
Unrelated to iphones, but since passwords were mentioned, if anyone doesn't have a password manager yet, I highly recommend master password. It's an open source, java based algorithm, and since it's open source, not only is your data not stored on a server, but you can use it anywhere, and anyone can audit it to make sure it's secure. Way better than online services.
(not paid or anything, just really enjoy an offline password manager I can use anywhere. Only time I couldn't use it was in a Wii U browser)
Master Password is another great, open-source alternative. Rather than storing your passwords, it generates them on-the-fly using your username, password, site name, and a number of your choosing. The passwords are deterministic, and thus entirely reproducible. You can use it on pretty much any system. Just bear in mind that because the passwords are deterministic, they are slightly less secure than truly random ones, but quite robust in practice.
Masterpassword, worκs even when the site is offline, your passwords are not stored in anyones server, you don't even need internet connection to access them and are not stored on your device. Your passwords are generated on demand, based on your username, your master password and the site's name. Oh and its GPL 3 licensed. More info here: http://masterpasswordapp.com/
There's a counter in the app which starts at 1, if you need to change the password for a site you increase it to the next number. The full algorithm is explained here: http://masterpasswordapp.com/algorithm.html
I use Master Password App
It doesn't remeber your password and generates it on the fly. With the same input you get the same password whatever platform you're running it on be it Android, iOS, macOs/OSX, Windows or Linux
Aika jännä ajatus! Luen tätä toimintaperiaatetta ja on aika hieno (http://masterpasswordapp.com/algorithm.html). Käytettävyys ei vaan vaikuta ihan samalta verrattuna kilpailijoihin, enemmän muistettavaa tietoa ja näemmä täytyy itse käsin hakea salasana per palvelu ja copy pastettaa selaimeen.
> passwords
Take a look at http://masterpasswordapp.com/ ... very unique concept ... its algorithm uses a seed to generate text (your site's password) ... thus if you use the same seed you always get the same password ...
The seed is your (MasterPass userid+pw) + (whatever you write)
Example: Masterpass UserID: George May Jones Masterpass PW: harry love random turkeys Site:
Thus the complete seed is: "George May Jonesharry love random "
That seed will always generate: Kd87T4o]|3tD3+ which is your password for yahoo user turkeysdogwhistle
Now ... since the app will always generate that outcome ... there is no need to save anything in the app. Indeed you can download the app anywhere anytime ... and if you login with the userid (George May Jones), pw (harry love random turkeys), and then type - you will always get Kd87T4o]|3tD3+
So, all I really need to remember is my full name (George May Jones) and my MasterPass password (harry love random turkeys). Then I just need to know my routine for saving sitenames/username combinations (i.e. ) and I wouldn't need anything written down anywhere anytime.
But I'm not that good with my memory. So I save my site name/user name combinations (the last part of the seed) in LastPass ... which really doesn't do anyone much good if they were even to find it ... because they need my MasterPass name and password - which I don't have written down anywhere - its solely inside my brain) ... but meanwhile I have locked away the site/user combo in lastpass in case i need it (even then I don't do that for my financial institutions ... those are saved solely in my head too)
It is really a great concept.
About this there's a huge negative point, when you start using Master Password, all your password that its already in use need to be replaced by the one given by Master Password.
If your password of any account be compromised you can change (The site's password counter)[http://masterpasswordapp.com/algorithm.html] and other password will be generated.
But if your main password of Master Password has been compromised, you need to change it, and will need to change all passwords of all accounts, that you use Master Password to login.
You put in
your name (or variation of)
some password that you can easily remember
the site name (lastpass.com)
and it spits out a password. I rarely need my lastpass password, so I just use that as I can quickly go to their web module, type in my stuff and I get the password.
When I need to change the password on lastpass, just increment the counter and it will get a new one that will always be the same when I enter in my info.
Did you have a look on this way of managing/accessing passwords ? There are plugins for all the browsers, mobile or not. The only "central" location you need is your brain, and I'm not trolling. Moreover you don't have a file (crypted or not) that lurks on a server somewhere.
I've had a lot of problems finding a good password manager and only recently settled on 1password. Seems like everyone has something wrong with it.
I did come across this one though which is an interesting idea. http://masterpasswordapp.com/
It's an algorithm that you feed your name, password and domian the password is for into it and it'll always generate the same password. This way you never need cloud storage you only need to remember your password and you'll always be able to access it.
Ich verwende http://masterpasswordapp.com/ .
Das speichert keine Passwörter. Das generiert aus Eingabeparametern Passwörter. Du musst also nichts synchronisieren. Du kannst deinen Passwortsafe nicht verlieren. Niemand kann dir nachweisen, dass du tatsächlich ein oder das Passwort für eine Seite hast.
Das Masterpasswort zu ändern, ist allerdings schwierig bis unmöglich (ohne alle Passwörter zu ändern).
I'm also using another pwd vault application to store not only passwords but all sensitive data, but I found the Master Password approach really interesting, however not as convenient as having a password mgr autofill my passwords on webpages or in applications.
Regarding the weakness of brute forcing the master key, I would like to know how convincing you find MP's response: http://masterpasswordapp.com/security.html#strength
"A solution like Master Password needs to strengthen itself against a few different types of attacks, many of which are not immediately obvious. Master Password has been hardened to defeat:
Brute-force attacks against the master key. Brute-force attacks against the user's master password. Length extension attacks against the hash functions. Rainbow table attacks against the master password. Future-proofing by considering more powerful computers and as yet unknown weaknesses in hashing algorithms."
Thanks for the response. By Master Password I was referring to this specific approach: http://masterpasswordapp.com/ It seems the most secure implementation for me as you can retrieve your passwords anywhere while none of your passwords are stored in any servers so there is no password container that could be hacked.
I dropped keepass a while ago; I've been using Master Password for about a year now. It uses a different strategy than most password managers: it doesn't store or sync passwords. Instead they are algorithmically generated from your master password, your name and the name of the site or service you're logging into. This way, there are no vulnerabilities around sharing key files, and there isn't really any setup to do. The app (or browser plugin) can remember sites as a convenience, but it's generally not necessary. It's immune to data loss, wire snooping, untrusted servers, and device theft.
It's all open source, so there are multiple implementations of the algorithms; there are several different android apps that all built on it.
>Survey Methodology: The 2015 Password Sharing Study polled 1,053 U.S. consumers ages 18+, using an online survey in May 2015. The study analyzed password sharing behavior for both personal and business online accounts. Respondents’ insights were further broken down based on demographic qualifiers, including age. LastPass completed this study to help consumers and enterprises gain a better understanding of the risks associated with sharing passwords and how to make the process safer.
This makes it seem like their survey was legitimate, although I would be interested in seeing the exact questions they gave them. The third sentence definitely suggests that the data could have been manipulated to suit their needs. I have to agree with you though, it is 100% for the purpose of selling their manager.
While on the topic of password security, I'd like to recommend MasterPassword. Instead of storing your passwords in a digital vault, MasterPassword generates your passwords every time you need them, from your name, a master password and a site name. It is versatile, so if an account of yours is hacked or stolen you can create a new password without a lot of hassle. I think it is highly superior to all other password managers, as it generates your passwords locally, meaning you can retrieve your passwords on any computer without it consulting a server.
There are other password managers that uses this method :
Why there is no more? good question, I do not have a good answer on the subject
I like to use MasterPassword. I like the terminal plugin and the app is very pretty for iOS/Android. I used to use Keepass but this is much easier without keeping track of kdbx files and lock files.
People forget about masterpassword. The key difference is that it doesn't store anything but rather generates passwords from your unique information. e.g. YourName+yourmasterpassphrase+Reddit.com=generatedpassword
If you're worried about storing passwords just use Master Password and you'll never have to store a password anywhere. It uses your master password, full name and site name to generate the password on the spot. The beauty of it is that no accounts are required and nothing is stored anywhere.
You should try masterpassword. What's unique about their service is that it generates passwords based on your name, a master password and the name of the website. This means that you only have remember one password like with keypass etc. but you also can't loose the database file and get locked out.
If you think about it it's also not that much less secure because your keypass DB is usually only secured by one password anyway.
I suggest Master Password.
For anyone who doesn't know, you think of a "Login" and a "Password." You don't actually have to register for an account because the program uses those two strings of data to randomize all of your passwords. Then type in a site and it will give you a "random" string to use as a password of a length you specify. You can download the program across any platform and as long as you use the same Login and Password it will give you the same passwords back. Therefore nobody can track you across platforms because it saves no data and doesn't send any data across a network. You just need to use the same login and password.
I probably explained that horribly, but it works great.