![]() |
#16 |
(he/him/his)
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 12,171
Karma: 79742714
Join Date: Jul 2010
Location: Sunshine Coast, BC
Device: Oasis (Gen3),Paperwhite (Gen10), Voyage, Paperwhite(orig), Fire HD 8
|
I'll second the recommendation for RoboForm. I use their Cloud version, since it lets me use it on all my computers without having to maintain separate databases on each version. PM me if you want a referral discount.
|
![]() |
![]() |
![]() |
#17 |
Wizard
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,230
Karma: 7145404
Join Date: Nov 2007
Location: Southern California
Device: Kindle Voyage & iPhone 7+
|
+1 for 1Password, especially after their last major revision.
|
![]() |
![]() |
Advert | |
|
![]() |
#18 |
Fanatic
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 574
Karma: 5264318
Join Date: Jan 2012
Location: Belfast
Device: Sony T1, Note Pro 12.2, Honor 10
|
Put me down as an msecure user I like how I can update my passwords on any device and it syncs to the rest of them using dropbox also lets you do things like send encrypted backups to gmail etc.
Expensive yes but I'm not taking chances with a small developer I can't be sure is truely trustworthy when it comes to passwords. |
![]() |
![]() |
![]() |
#19 |
Bemused by possibilities
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 58
Karma: 480244
Join Date: Jul 2012
Device: iPad3, Kobo
|
1Password
|
![]() |
![]() |
![]() |
#20 |
occasional author
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 2,314
Karma: 2064403292
Join Date: Sep 2011
Location: Wandering God's glorious hills, valleys and plains.
Device: A Franklin BI (before Internet) was the first. I still have it.
|
|
![]() |
![]() |
Advert | |
|
![]() |
#21 | |
Omnivorous
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 3,281
Karma: 27978909
Join Date: Feb 2008
Location: Rural NW Oregon
Device: Kindle Voyage, Kindle Fire HD, Kindle 3, KPW1
|
Quote:
|
|
![]() |
![]() |
![]() |
#22 | |
Grand Sorcerer
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 6,111
Karma: 34000001
Join Date: Mar 2008
Device: KPW1, KA1
|
Quote:
It has an Android-port that can use the same database (and can now experimentally write new passwords into it as well). There is also a Linux- and OSX port called KeepassX, but it seems to be out of development, or is developed very slowly. Lastly, Keepass for Windows was reported to run correctly (but with an ugly GUI) using Mono for Linux or OSX. |
|
![]() |
![]() |
![]() |
#23 |
Enthusiast
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 37
Karma: 3100894
Join Date: Mar 2012
Location: Nova Scotia, Canada
Device: Kobo Vox
|
Been a KeePass fan for a while now.
|
![]() |
![]() |
![]() |
#24 |
Guru
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 808
Karma: 2260766
Join Date: Apr 2008
Device: Kindle Oasis 2
|
I use Lastpass. I also still use eWallet (an offline application that offers sync to my Android phone) as a backup.
|
![]() |
![]() |
![]() |
#25 |
Award-Winning Participant
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 7,323
Karma: 67930154
Join Date: Feb 2010
Location: NJ, USA
Device: Kindle
|
I use STRIP. It's gotten good security reports over the years, and we've gotten very good support when needed.
Secure DB file can sync to multiple devices via Dropbox if desired. ApK |
![]() |
![]() |
![]() |
#26 |
Benevolent Evil Lord
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 1,704
Karma: 48339466
Join Date: Jan 2011
Location: Evil Canada (We all have goatees!)
Device: Galaxy Note 8.0, Galaxy Note, iPad Mini, PocketEdge(retired)
|
![]() |
![]() |
![]() |
![]() |
#27 |
Enthusiast
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 49
Karma: 505676
Join Date: Aug 2011
Device: iPad
|
You could try Password Agent:
Free in the Lite version. http://www.moonsoftware.com/pwagent.asp
|
![]() |
![]() |
![]() |
#28 | |
Guru
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
A lot of mobile apps* of a closed source nature were recently found to either be doing no encryption, trivially bypassed encryption (simple xor or storing the master key with the data encrypted with a known/static password) or using appropriate encryption (AES etc) but applying it in flawed ways i.e without password strengthening. With a closed source app, there's no way to know if that's the case unless someone attempts to reverse engineer it or otherwise puts in a lot of effort. With cryptography, trusting the developer alone is not sufficient. Even a knowledgable developer can overlook an issue that becomes a critical flaw in the safety of the application. Others in the field need to have the opportunity to look over their implementation to offer some degree of validation. As an example, consider how SplashID present themselves and their password safe app. They're apparently a trust worthy developer, they've made numerous apps their customers have happily used for years. Now read how flawed their implementation is in the above linked pdf and consider that had that been an open source app, the flaws would likely have been found and people could recommend against using, or patch/fixed the issue if possible. With closed source, people have been using that software for years unaware of the flaws and they only came to light through a concerted effort to analyse various closed source apps. Maybe SplashID have since fixed that issue, maybe they haven't. As a closed source app there's no way to verify. Even re-running the reverse engineering test wouldn't help, they may have just adjusted how/where they store it in an equally flawed way that "appears" to fix the issue. You'd have to expend a great deal of time analysing the app again. That change however would be much more apparent as a flawed fix in an open source app. * Now all that said, it sounds like msecure isn't too bad. However, I would still recommend using an pass safe that not only comes from a developer with experience in cryptography but in addition is open source so that any short-comings can be highlighted quickly. PasswordSafe is one of the few that meets that on the desktop and minikeepass is the closest I could find for iOS, mainly because it's based on keepass and both are open source (keepass is also highly regarded). Don't take the above the wrong way, I'm not saying everyone should always use open source software. Far from it. But when it comes to security critical software like password safes or SSL encryption, open source is by far the best option. Allowing professionals and academics a chance to really scrutinise everything it's doing. and finally, usually you get what you pay for, but in the case of security, it's a rare instance where you can get the most assurance of security by using the cheapest (eg free) product (just be careful not to arbitrarily pick a free product as there's just as many poor open source safes as there are closed source. Only difference is, with open source we have a chance of knowing it ![]() PS: Didn't mean the above to sound preachy, that's not my intention. Just trying to make clear some issues. Whether anyone takes note or not is irrelevant as long as people are going into it with their eyes open. Last edited by JoeD; 04-18-2013 at 07:00 AM. Reason: spelling. |
|
![]() |
![]() |
![]() |
#29 |
Addict
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 298
Karma: 1537324
Join Date: Aug 2010
Location: Chicago
Device: Nook, K3, Fire, Nexus 7
|
My wife and I share a LastPass account. It's not perfect, but it's easy enough to use and both of us have migrated all our important accounts to strong passwords. I've enabled Google 2-Factor authentication to make it trickier for a remote user who has our password to gain access.
|
![]() |
![]() |
![]() |
#30 |
Grand Sorcerer
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 6,111
Karma: 34000001
Join Date: Mar 2008
Device: KPW1, KA1
|
I've got my Keepass database stored in DropBox.
To protect it, beside having a password, I use a keyfile beside the normal password of the database. (This is a randomly generated file, used as a key to encrypt the database.) I've got a small USB-stick with me, which I put into the notebook as soon as I need to open Keepass. As soon as I go away from the notebook, I pull the USB-stick out, taking the keyfile with me. I do the same on my workstation computer, but I only take out the USB-stick if I'm going on vacation or something. The chance of someone breaking into the house and stealing the entire workstation from my study is quite small. Of course, the keyfile is NOT in Dropbox, and the password isn't either. All of my accounts at stores and websites have passwords that are generated randomly by Keepass, and I never save any passwords in the browser, except for not so important stuff such as forums. So, if someone gets a hold of my laptop, he can visit some forums and destory my accounts there, which would be annoying, but not really threatening. He won't be able to access anything else such as stores, email, or banking info, as far as I can see, as he will need the Keepass keyfile and password in addition to the database. Even if he gets the keyfile because I forgot to take the USB-stick out of the notebook, then he still won't have the password, and that last bit of information is not saved anywhere, ever, except in my head. My phone and tablet run KeepassDroid. They have the keyfile stored, so it'd be possible to steal them, or get a hold of them and obtain both the database and the keyfile. However, the tablet and phone don't have the Keepass password stored anywhere, so stealing them is a no go also. (And they are also protected by a login pattern; the database and keyfile are in the internal memory, not on an SD-card.) Apart from some forums, it seems my data is safe, except when a site, store, bank or something is directly hacked. Then the information in that particular place could be lost or misused. Last edited by Katsunami; 04-18-2013 at 11:55 AM. |
![]() |
![]() |
![]() |
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
can anyone recommend a good medical dictionary | BeccaPrice | General Discussions | 9 | 02-03-2013 11:21 AM |
Password Manager for Kindle | mobigloo | Amazon Kindle | 3 | 07-18-2011 09:36 PM |