Password Managers for 2017

[deany]

To me this feels like a false equivalency saying that mSecure's service will be more secure than iCloud. It really depends on the skill of the administrators, developers and the desire of management to invest in maintaining and improving the security.

This brings up why I don't use cloud based services for sensitive data. The safest place for my data is on my device. Not being stored some where I can't control. mSecure, 1Password and other dedicated sites are honey pots for committed criminals to break into. They represent challenges to them to be conquered. iCloud, to a lesser extent, is the same way but with an unknown payoff.

I'd be much happier to trust the billion dollar apple iCloud servers than the, haven't had to pay for an update for the app "mSecure cloud 5".
I dont want to leave mSecure as I've been with them from the beginning, I also have 1/2 OFF mSecure 5 but I'm not happy with the lack of iCloud integration.

 

[TonyK]

Your feelings about mSecure reflect my feelings about standalone 1Password. Thankfully all issues suffered over the last 10 years or so have been resolved starting with the removal of syncing data back so many years ago (they removed USB syncing and had to add it back via a shim/app). As long as they support the standalone version, I don't care if I have to pay for upgrades every so often, meaning once every few years if possible. Yearly upgrades don't work for me as there generally are not enough, if any, must have features or improvements year to year.

 

[AGKyle]

To me this feels like a false equivalency saying that mSecure's service will be more secure than iCloud. It really depends on the skill of the administrators, developers and the desire of management to invest in maintaining and improving the security.

This brings up why I don't use cloud based services for sensitive data. The safest place for my data is on my device. Not being stored some where I can't control. mSecure, 1Password and other dedicated sites are honey pots for committed criminals to break into. They represent challenges to them to be conquered. iCloud, to a lesser extent, is the same way but with an unknown payoff.

Disclaimer: I work for AgileBits, makers of 1Password

This is why during signup a unique key is generated and known only to the user. It's generated locally on the device and never transmitted to us. This is what we call the Secret Key (also known in a former life as the Account Key).

If someone were to get access to our servers to get a copy of your data they'd have to crack both your Master Password and your Secret Key. Any attacker that knows this ahead of time is likely going to give up quick because any data they have gathered is next to worthless because breaking a 128-bit key and a Master Password is going to be difficult. It's not one and then the other, these are both combined as part of the process so you can't guess one and then try to guess the other, they'd have to be guessed together as a whole.

The Secret Key was originally part of our goal of making data on our server uncrackable. We knew that when we started handling customer data we'd be making a really juicy target for attackers. The goal was to make that juicy target a lot less juicy and making what the Secret Key does is exactly that by making the data effectively uncrackable.

The second part was knowing full well that some users are going to use weak Master Passwords, whether on purpose or unknowingly. The Secret Key helps with that situation as well by strengthening those weak Master Passwords.

Hope that helps explain things in more detail. But exactly what you describe was already a concern we had and have worked around.

 

[MjWoNeR]

I've been using 1Password with my iPhone, iPad, iMac and Win10 Bootcamp for a few years now and don't know how I survived without a manager before. I tried a few other free managers but I chose 1Password in the end, mostly because it is well integrated with other apps which makes life even easier.

 

[Tech198]

2017: still use Lastpass. The way i do all passwords including Master password is complex only, not even i know that. and no recovery email..

 

[jagooch]

1st of all, the Apple keychain doesn't do nearly as much. I have licensed stored, pins, network settings (not just the password), and more. Unlike iCloud Keychain, it works across platforms. Oh, it's more then a bank vault, it stored my bank info, credit card, and more. So yes, it's basically a bank vault.
How much have you paid a month in coffee, and what do you have to show for?

Keychain has secure notes for all of that data.

Coffee wakes me up and increases my performance at work by 20% . Yes, I've measure how much I get done when I don't drink coffee as opposed to when I do.

2nd, how much money do you spend on food every day? What have you go to show for it? lol.
[doublepost=1512862685][/doublepost]I currently use 1Password standalone, but not having it on my Linux VM's or my work laptop that runs Windows ( without local admin rights ) is causing me pain. So, I'm in the market for cloud-based Password Safe with a Web extension so that I can access my passwords without having to install software ( browser plugins are fine ).

Like many of you , I'm against subscriptions because
1) If I lose all of my income, which has happened twice in my life, I will lose access to my passwords.
2) It takes choice away from me. I cannot pass over an upgrade or delay paying for software like I could in the past. If I don't pay, the software is useless. Even with Coffee, I can choose not to buy or to buy it. I have a choice. With subscription software, I don't have a choice.

However, I might be forced into it since I've been using 1Password for 3-4 years now. It contains a ton of credentials and other sensitive data. How easy would it be to migrate passwords / notes / credit cards / etc from 1Password to LastPass?

 

[Bart Kela]

However, I might be forced into it since I've been using 1Password for 3-4 years now. It contains a ton of credentials and other sensitive data. How easy would it be to migrate passwords / notes / credit cards / etc from 1Password to LastPass?

I migrated my 1Password data to LastPass about a year ago and found that 93-95% of my data moved over. That last 5-7% has left me continuing to use 1Password for certain things, but as I update passwords/logins on LastPass, I delete them on 1Password. I would say that LastPass now has about 98% of my data.

As it turns out, some data from 1Password ended up in unfamiliar categories (Secure Notes, Form Fills) so as I have identified those, I have deleted the corresponding entries from 1Password.

I figure I am six months from ditching 1Password completely. I probably fire it up once a week these days whereas I use LastPass several times every day.

 

[Kekinash]

Safe in Cloud, been using it since long time ago, no subscriptions or bullsh*t, ios, android, windows, mac os clients, choose your service to sync (OneDrive, Google, Dropbox, Yandex) and the mac and windows apps are free, you pay only a few bucks for the android and ios apps. Safari, Chrome and Firefox integration. Simply for me the best password manager.