Jump to content


Photo
- - - - -

Most Secure Password Manager


  • Please log in to reply
7 replies to this topic

#1 MonGoWonGo

MonGoWonGo

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Country:
  • Gender:Male

Posted 12 February 2012 - 09:44 PM

Hi,

I am looking for a secure password manager. I am currently using KeePass 2.17. I saw a Hak5 video about the copy to clipboard vulnerability. Does anyone know of any other types of vulnerability to the appliciation. Also, is there another password manager that is a better option than KeePass?

Thanks!

#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,092 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 12 February 2012 - 09:51 PM

Hi,

I am looking for a secure password manager. I am currently using KeePass 2.17. I saw a Hak5 video about the copy to clipboard vulnerability. Does anyone know of any other types of vulnerability to the appliciation. Also, is there another password manager that is a better option than KeePass?

Thanks!

Your brain.

Or get something that uses a good encryption algorithm on a smartphone/handheld. Just don't lose the device..... I found one for my phone, uses 256bit blowfish and wipes itself if so many bad passwords are entered... It can be adjusted to not wipe the database on bad logins, but that is the only known vuln... to guess the password. So I set that. Just backup the database (the backup IS encrypted, too).

#3 wantedinc

wantedinc

    Will I break 10 posts?

  • Members
  • 2 posts
  • Gender:Male

Posted 25 February 2012 - 11:30 PM

LastPass is a fairly talked about password manager. Steve Gibson from security now did a full review in one of his podcasts (Transcript link : Episode 256)

It works between multiple OSes and if very easy to use.

#4 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 02 March 2012 - 08:34 PM

LastPass is a fairly talked about password manager. Steve Gibson from security now did a full review in one of his podcasts (Transcript link : Episode 256)

It works between multiple OSes and if very easy to use.


I would not advise lastpass myself. Storing all your passwords in the cloud is trouble, no matter how encrypted (they claim) it is

#5 MonGoWonGo

MonGoWonGo

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Country:
  • Gender:Male

Posted 27 March 2012 - 12:56 AM

Thanks. Do you happen to remember the name of the app by any chance?



Hi,

I am looking for a secure password manager. I am currently using KeePass 2.17. I saw a Hak5 video about the copy to clipboard vulnerability. Does anyone know of any other types of vulnerability to the appliciation. Also, is there another password manager that is a better option than KeePass?

Thanks!

Your brain.

Or get something that uses a good encryption algorithm on a smartphone/handheld. Just don't lose the device..... I found one for my phone, uses 256bit blowfish and wipes itself if so many bad passwords are entered... It can be adjusted to not wipe the database on bad logins, but that is the only known vuln... to guess the password. So I set that. Just backup the database (the backup IS encrypted, too).



#6 MonGoWonGo

MonGoWonGo

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Country:
  • Gender:Male

Posted 27 March 2012 - 12:57 AM

I like the convenience of the cloud, but have security issues as well. For me, too much unknown.



LastPass is a fairly talked about password manager. Steve Gibson from security now did a full review in one of his podcasts (Transcript link : Episode 256)

It works between multiple OSes and if very easy to use.


I would not advise lastpass myself. Storing all your passwords in the cloud is trouble, no matter how encrypted (they claim) it is



#7 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,092 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 27 March 2012 - 01:25 AM

Thanks. Do you happen to remember the name of the app by any chance?




Hi,

I am looking for a secure password manager. I am currently using KeePass 2.17. I saw a Hak5 video about the copy to clipboard vulnerability. Does anyone know of any other types of vulnerability to the appliciation. Also, is there another password manager that is a better option than KeePass?

Thanks!

Your brain.

Or get something that uses a good encryption algorithm on a smartphone/handheld. Just don't lose the device..... I found one for my phone, uses 256bit blowfish and wipes itself if so many bad passwords are entered... It can be adjusted to not wipe the database on bad logins, but that is the only known vuln... to guess the password. So I set that. Just backup the database (the backup IS encrypted, too).

The name is mSecure. It was one of the pricier passwd management apps in the App CapStore. I think in the $4.99 - $9.99 range. It's available on driod as well.

#8 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 28 March 2012 - 11:42 PM

Really, just come up with good passwords and remember them. If you absolutely need a very secure password for something, chances are it can be set up to use a SecureID card in addition to your password.

To beat a dictionary attack, try this:
1. Pick an obscure name.
ex: Svald Cjelli
2. Bastardize it.
ex: SvCjell
3. Make it feel special.
ex: 4SvCjell2

Those of you familiar with Douglass Adams novels might be able to see where some of this came from, but it really doesn't make your job a lot easier. This is impervious to dictionary attacks, it's 9 characters long which is decent enough. (You can always make two such passwords and concatenate them.) It's only impervious to a human attacking it if you do the steps properly! The name must be obscure. You must bastardize it properly. You must make it special. On the whole it works marvelously, and it's much easier than remembering random jibberish (though it might look like that to someone who doesn't know how you got there).




BinRev is hosted by the great people at Lunarpages!