Keepass vs Lastpass vs No Password Manager
HTML-код
- Опубликовано: 16 сен 2024
- In this video, I go over Password Managers. I give the scenarios of no password manager vs keepass vs Lastpass.
Keepass: keepass.info/
LastPass : www.lastpass.com/
Support My Work
-----------------------------------------------------------------------------------
►► Get Updates, Launch Announcements and More ➜ www.cttstore.c...
►► Chris Titus Tech Digital Downloads ➜ www.cttstore.c...
►► Product and Service Recommendations ➜ christitus.com...
►► My RUclips Gear and Computers ➜ www.amazon.com...
Other Places to Find Me
-----------------------------------------------------------------------------------
►► Titus Tech Talk ➜ / titustechtalk
►► Titus Tech Gaming ➜ / titustechgaming
►► Chris Titus Fitness ➜ / @christitusfitness
►► Twitch ➜ / christitustech
►► Twitter ➜ / christitustech
DISCLAIMER: This video and description contain affiliate links, which means that if you click on one of the product links, I’ll receive a small commission. This helps supports the channel and allows us to continue to make videos like this. Thank you for your support! .
►► Digital Downloads ➜ www.cttstore.com
►► Reddit ➜ / christitustech
►► Titus Tech Talk ➜ / titustechtalk
►► Twitch ➜ / christitustech 
Наука
Sorry for the crap framerate, was trying a new production method that just didn't produce the high-quality video I wanted. I recommend listening to this at 1.25x speed to compensate ;) - I blame Game of Thrones Finale...
Yup. Gotta try new things
Can get better if the plan is to just keep doing same thing forever
if your not the one who tries it and tells us about it, someone or ourselves will. Thank you for trying it out for us.
Ah, I did notice. Still great information.
I use KeePassXC with the Firefox plugin on the desktop and KeePassDroid on Android.
I sync the database with a Nextcloud server on my home network (uses nginx-proxy with a self generated SSL cert).
Oh thank God it's you not my drivers.
Game of thrones finale...WEAK!
Surprised Bitwarden wasn't brought up. It has the ability to host it yourself or on their servers and is open source.
I wasn't aware of it. Won't switch personally but I like open source solutions. If a company can use that instead of paying Lastpass $6 per person and month, that would be nice. Edit: oh wait, they charge just as much if you want it on their cloud and they aren't Lastpass... still, may look at self-hosted to begin with.
@@lorcro2000 they don't charge just to sync via cloud.
Thank you, Chris. Nice shirt. Years ago I had a wallpaper that I made that said: "Wayland-Yubuntu Corp: Building Better Worlds" with that logo.
Ah, so I'm not the only one noticing the shirt's logo. :-D
Well, you hit that one on the head. Lastpass free version will only run on 1 device as of March 2021.
Really. Mine works perfectly well on my Android and IPAD however I can't open my account on my desktop. I agree however you can sort of see where its heading
Really like Bitwarden
You can combine this with syncthing in order to synchronise your passwords across devices. I did this and now I'm totally loving it, it even works on android
Keepass can be made portable to run off a thumb drive and to store the password DB on the thumb drive. Not as convenient as storing it on the web, but much more secure. You can secure it to specific devices by using a keyfile in addition to a master password. You can''t unlock the DB unless you have access to both the thumb drive and a machine that contains the key file.
3yrs old so sorry for reviving a dead comment but this is something I hear even now so I'd like to challenge it, there is nothing inherently more or less secure about it being on the cloud. Security is, when done right, quite binary. While there is always the miniscule chance that some magical super-algorithm comes along that can shatter encryption and magically download into airgapped systems, that's extremely unlikely and implausible, so realistically, all that matters is that your password manager have good encryption, good authentication, etc. If data is properly encrypted, you should be able to post it publicly on every chat board known to man, and no-one other than you should ever have access. The one threat you could reasonably claim is amplified by having it be stored remotely is that if someone keylogs your password they can get it, but 1 : many password managers wont send the encrypted password vault at all without extra authentication measures, 2 : if they're on your system to keylog it, they're on your system to get the passwords directly at the endpoint anyway, 3 : I personally use a hardware security key so even if someone DID get my masterpassword and the other 2fa methods, they literally cannot spoof my key. (unless, again, there is a cryptographical magic bullet that rewrites the entire concept of cryptography as we know it and shatters all previous methods)
@@robonator2945 No worries about the age. Fair enough about cloud vs. thumbdrive in general. It's quite likely most users will have personal security practices that are worse than their cloud storage provider. But there are paranoiacs out there that don't want MS, Google, Amazon or any other storage provider to have access to their data. and in that case a thumbdrive can give them portability without needing a cloud provider. From a security perspective keeping the keyfile physically separate from the PW database is more secure at least in a physical "what if my laptop gets stolen" perspective rather than "internet bad guys have access to my file system".
I also agree that hardware key is best if you can use it for a particular site. Fortunately the sites that need the highest security like banks tend to support the hardware keys at least to some extent.
We should both remember that the #1 biggest feature of a password manager is encouraging and facilitating good password practices like long and unique passwords for each site. And that far outweighs the benefits either of us mention in these posts
@@bwcbiz I certainly agree but my point is that, in lieu of a major re-conceptualization of the entire concept of security, a well designed password manager shouldn't be more or less secure cloud hosted or self hosted.
For complicated systems lowering attack surface is a relevant security consideration since you can't be confident that your entire system is perfectly secure, but basically all of the complexity of a password manager is at it's endpoints, actual encryption isn't really complex. (well, I mean it is, but all that complexity has been LONG since worked out with mathematics certain enough to ensure national security) In short, if you trust the service enough to use it, you should trust that they understand the principles of encryption enough that the data is perfectly secure on their servers since it's all encrypted.
Like I was saying before, a well encrypted bit of data should be data that you can post publicly everywhere, and it will never be cracked. So, unless you utterly distrust your password manager to the point of suspecting they are keeping your passwords unencrypted or keeping a copy of your encryption key stored server side (both of which would be instantaneous death for their company if it ever got published that they did that) then there really isn't a notable difference in security between remote hosting and local hosting. The real threats you are dealing with when it comes to password managers are the endpoints, which are just as vulnerable whether your storing the passwords remotely or locally.
It's not a big deal really, but my issue is just that it's so minor, even mentioning it might add perceived complexity to using a password manager that discourages someone from using one. Realistically I just don't see it as a valid concern security wise, but to someone who doesn't already understand the broad nuances of security, data encryption, etc. they may just see it as adding unnecessary complexity to what is currently them just typing in their passwords. This would be fine if it actually was a serious security concern, but since I don't think it is a serious concern security wise, it's leading people to perceive greater complexity to the subject than there is, and people HATE adopting things with complexity. (after all, nuclear energy scawy. What do you mean safer than solar per unit of energy generated?)
Thank you Chris, I went with Lastpass. really happy with the services. Looking forward to the next video
Never used a password manager other than the one that sits between my ears. They always struck me as either putting your keys in someone else's box and trusting that they'll not let you down, or creating a single point of failure on your system. A couple of years using Macs taught me that password managers or keychains enable laziness. You forget the passwords you don't use and then you're having to reset the passwords to get back in to everything when your HD dies, or your ISP is having "one of those days".
Agreed. Password managers is akin to putting all your eggs in one basket. I prefer to save all my passwords a local & networked encrypted file. It is free and gives me peace of mind.
@@melellington1333 thats, basically just a password manager but worse. A good password manager already has full featured encryption, password generation, good 2fa checks, etc. a file is just that but worse.
thats not even true though. Many password managers go above and beyond to ensure they are literally incapable of messing with your shit, and it's not a single point of failure at all, not sure where you're even getting that. It's not everything is local or everything is remote, every single password manager I've heard of keeps a remote copy under lock and key with heavy encryption, and a locally encrypted copy on devices you've authenticated that are stored, decrypted, worked on, etc. all locally. I'm not trying to be pointed here but it sounds like you don't know how password managers work to be honest.
I use Keepass, I keep it on a USB stick not the PC so whenever I need a password I just insert the stick, use the program then exit program and eject the stick. I also keep a Backup Stick for safety, any changes to my main stick I automatically save to the Backup Stick as well. I love Keepass, I've been using it for a few years now and have never had any probs. Thanks for another great video, all the best with the future of your channel, Cheers from Potty Trained
I have been using lastpass for over 4 Years now and it works for me. I just don't like the Mobile side of it due to it not working well with Android. But working on Windows it works great.
Would like to see you review Bitwarden vs Keepass and Lastpass
Post-its on monitor bezel ?
If I had a nickle for every user that needed me (IT Manager) to do a Password Reset
after a weekend I go around removing stickynote passwords publicly displayed on cubicle monitors
That happens all the time... I even had one user say he puts all his passwords on there so it is harder to guess which one is the login one. SMH!
No need for a password reset if its 48 random characters with unicode and spaces. It would take a non-quantum computer centuries to crack it.
@@GradyBroyles Centuries for a brute force attack,
or walk by Sallys cubical with a $79 android phone and take a pic of all her passwords on display
@@rwbimbie5854 huh? it should never be visible. no one TYPES a 48 chr random string, When you open the password manager at no point is the password visible to be screen shotted, it's copied to the clipboard (which obvie should be cleared immediately) and pasted into a password text field which, by definition, is not displayed in text. your point is irrelevant.
Grady Broyles it’s visible when the strong, complex 48 chr random string is written down on a post-it note attached to the bezel of the screen.
Just write it in a little pocket notebook tucked away in your desk. If a covert ops team breaks into your house to gain access to your computer you have bigger problems to worry about.
You suggesting that every person's life is as mundane as yours is part of the problem with the age old question "but who would want to do that to you." Humans have dynamic lives, a vast amount of which don't have desks to tuck away notebooks anyways. Perspective is better than broad assumption, always. But pardon me for having little faith in your clairvoyance, given you just know tucking a notebook of passwords away in a desk would never result in a total privacy compromise.
Another thing, Keepass has a Portable version that you can run on a flashdrive or have the program on your computer but the database stored on a flashdrive or cloud account.
Change the Master Password to Keepass regularly - weekly would be OK - if you want to be super secure, 10x a day, but that would be overkill.
Practice changing the the password with a practice database.
Most of my important programs I store on a flashdrive and not on my pc since I tend to reformat my pc 2x - 3x a year, and it frees up a lot of space - using an external Harddrive for storage of documents, etc rather than on your pc is also a good idea.
Thanks for a great video on Password Managers and OS, take care and have a Merry Christmas and a
Happy New Year.
I do the same
Is it me or the framerate of this video.. crap ?
Yup, it's choppy af, hope he sees this and reuploads
Don't know, I always watch his videos at 2,5x speed...
Sorry this was a bad one at the recording side of things. I was trying a new method to streamline production that went awry. Combining audio, processing, and such in a nice and neat file. Made editing easy... however the final product was crap. Bummer.
@@ChrisTitusTech ¯\_(ツ)_/¯
I thought it was my Daulcore Linux Box.
Just wanted to leave a bread crumb heads up if someone stumbles into this old video....Lastpass proved to be sloppy at their end and security breech allowed their vault to be stolen last year. Avoid it if you've not already aware. I have used Keepass2 and now mostly use Bitwarden as my two password managers. I don't rely on just one, as Bitwarden is not local. Keepass2 has come a long way in its options and plugins, and I can access a cloud stored key vault if I desire without having to risk having it on a local drive. I prefer this when traveling with a laptop. Bitwarden allows me convenient access on all my portable devices. So far, they've been solid security wise.
Nice prediction about what LastPass is going to do.
I use Enpass. It has WebDAV capability that I store on my Synology Disk Station. Desktop client is free (Windows, Mac OSX, Linux), mobile client is $10. it has the ability to use touch ID and face ID. It works flawlessly. Love it!
Nice and clear!!
I have a question: once I save the database on a usb stick from macOS and then use it on a windows or Linux machine and all the other ways around?
Thanks
Great video for me I take Keepass any time with Kee for firefox
there's two things bugging me about this topic:
a) do you still remember your grandma's landline phone number? ...how long after you switched to a mobile phone with it's handy instant phone book did you stop memorizing phone numbers? (IP addresses, passwords?)
and b) i'd be interested to hear your thoughts on biometric authentification - be it fingerprints, facial recognition, retina scan, stool sample, idk :)
I have unique nonsense random passwords for over hundred sites, services, apps and devices! How the hell am I supposed to remember them?
What about Dashlane?
just discovered your channel. great piece of information.
this vid didn't tell me much that i didn't know but i'm sure i'm gonna find something useful on your channel!
I use keepass but I don't get what you mean by using it properly. I have a keepass file with a relatively strong master password that I have to type in every time and set my file to go through a second worth of cycles. It's stored on my PC my android phone and a usb stick I carry with me. Am I doing something wrong?
keepass.info/help/base/autotype.html#autoseq Using the {DELAY} special character is recommended to prevent brute force attacks.
with a key-file. That's all. As long as the key-file and the DB aren't housed together. That, and that one actually USES it.
@@GradyBroyles I actually used to have that but I have to admit it's just too inconvenient especially because I forget to put my usb stick back into my wallet and then I can't access it on my android phone. Also deleted it because there is no point in having the DB file *and* the key file in the usb stick
@@ChrisTitusTech How does it do that? I looked through the thing briefly but I don't have that much time and I couldn't find anything about why. And I don't really use that feature anyway, i copy paste the passwords.
@@nootics you can keep a copy of the keyfile on your phone. even if the database changes password the keyfile doesn't so having a copy on your phone and another on a stick wont cause problems. Also, I attach the usb stick to a keyring. they usually have a loop for it.
Thanks very much for sharing. May I kindly know you comments on Bitwarden please? Is it better than Lastpass or worse?
I guess im a troll and that kinda hurts cause I enjoy and learned so much from you . I do infact have a small lockbox "fire proff and some other junk" I got it at lows . I keep more than just major passwords in it . I am a bit old fasion in my thinking that paper in my house is better than digital stuff that seems to be subject to attack . Like intels hardware problems these days . You know who doesnt have that problem .... me . Am I a troll ? Im not a handsome man although I dont live under or near a bridge . I have my own home and dont live in my mothers basment. I enjoy the truth and honesty above all else. Im confused lol maybe it shouldnt bother me .... but it does however little it does
@U bik I agree ! Some things are just safer and easier but its down to the person and what they want . Thank you for your comment . I dont feel so alone now with my old pen and paper ... man i feel like a noob lol
I think a tut video on this would definitely help a lot of people understand what these managers do for you. While none are entirely perfect, they do a much better job than the average person trying to come up with 10 or so "unique" strong passwords without using some easily guessable "rule".
I think the biggest push back on them is likely the same as the push-back for Linux: The false assumption that they're difficult to install / use. Perhaps secondary is that most just don't see any benefit.
BTW, I'm also voting for BitWarden, especially if you install their local open source server instead of using their online servers.
I as I have gotten older my knowledge has grown. I do not understand why anybody would prefer paper for their password storage. Unless it is some ultra secure safe you have berried under your house. With the password being cryptic.
There are two sides to this problem with passwords. If you allowed for a human to build a password that they can remember. Like random words and stuff. A human can indeed do that. The problem is that companies and applications do not allow for natural human thinking and memory. For example, Amazon allows for a password limit for one hundred and twenty eight characters. Facebook allows for a lot of characters. My password for Facebook is over one hundred characters. Walmart only allows for fourteen. Some allow for twenty five. Many restrict which set of characters. Etc.
You get my point. Many of these sites and software run off of older protocols and software. Many people who use any sort of password system. Allow you virtually unlimited character sets. If people were allowed to created their passwords with no restrictions, but you demanded that they be long and complicated. A human can do it. The IT industry needs to start building password schemes around how the human brain works.
Yes, humans tend to fall into patterns. Yes however you can greatly minimize this.
Password Managers are great. They allow you to create passwords that are in many instances persudo random. Since the applications that generate passwords. As I understand it often use a seed and garbles off a multitude of factors. So for common and simplicity sake, yes your password is 'random.' The password I generated on my phone will not be the same as created on my desktop. Nor is it the same on my tablet. Why, because the factors of those systems are are very different. Humans as individuals can create and memorize many different randomized codes. However we can not do it the same way a computer can. I have had people tell me how they create codes and keep them in their heads. These people are rare. I have developed codes I commit to long term memory and none of them are the same. Now can I remember the fifty plus passwords. For sites I have bare use or have not used in years? No, that is the flaw and our limitation. In my experience most people will do one of three things:
1) Use the same password over and over again.
2) They will make their passwords dangerously too simple. Even in terms of human memory. It is one thing to have bad passwords, but the same password on every account. Yea this is in part 1b, but it needed to be said. When I read the news articles, techforms, and all the rest of it. The passwords many people used were sad. I mean many did not put in any real effort. To be fare. Some passwords that were hacked, you would think were pretty good. Those people just lost the luck of the draw. They never change their passwords. The database got hacked.
3) They never change their passwords. I try to change my passwords as frequently as possible. Especially the ones I have no desire to keep in my long term memory. If they are social media or financials they get changed at least twice a year, minimal.
Frankly most I meet are just too fucking lazy with their data security. Seriously for the price of a a few lunches out you can pay fairly reliable companies to store your passwords in confidential databases.
I remember on RUclips this dude had a video discussing password management. He said in the video, that he used an Excel Spreedsheet.
en.wikipedia.org/wiki/Microsoft_Office_password_protection
en.wikipedia.org/wiki/Secure_Hash_Algorithms
www.techrepublic.com/blog/microsoft-office/use-a-password-to-secure-access-to-an-excel-workbook/
So using Wikipedia as my guide. At the absolute bare minimal he should be using Excel and Word 2010. He should have transitioned form 2007 a long time ago. That being said even the Wikipedia article says that SHA is an older hashing algorithm. SHA 256 is pretty much the current standard. 128bit AES is the bare-bones minimal anybody should be encrypting anything with 256 or higher is preferred.
I give the guy credit. A secure file that is difficult if not outright impossible to open. Not what I would preferred but he gave it some thought. Unlike this guy.
www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/
He stored his passwords on Google. No, not in some sort of encrypted file on google drive. He stored them in the Google Chrome Browser. At least with FireFox's 'Master Password' System. You had some redundant security. Although I would not recommend this either.
palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother/
nakedsecurity.sophos.com/2018/03/20/nine-years-on-firefoxs-master-password-is-still-insecure/
I use a password manager to store password reminders and not the password itself. It works for me because I just need a trigger to remind of which password algorithm I used to make the password,
Curious why you like lastpass over bitwarden?
pass the standard unix password manager
Looking at Lastpass for the company I work for, though. They have corporate solutions as well.
Storing a local password manager like keypass on a windows desktop workstation is absolutely not recommended. If you are using linux and you have encrypted your drives and you always lock your computer when you leave it then I can see a use case for it. I thought this was worth mentioning.
My KEEPASS master password is impossible to brute-force/dictionary attack/social engineer. It's comprised of both 7-bit ASCII and Latin-1 Supplement characters. And it's length is OVERKILL. With the correct password, the database needs 3.14 seconds to decrypt on an average computer.
great video chris, curious have you ever heard or used bitwarden - and if you have did you rather to self-host on the cloud or self-host on your device? Any thoughts on its pros or cons?
Bitwarden can be more complicated but I think it's definitely worth it.
Thank you Chris Titus Tech . I know other options are out there, maybe in another time you can look in what of this services can connect with your browser, via plugin or whatever. About FPS i didn't notice nothing wrong. RUclips is having a lot of delay problems processing the new uploaded videos, sometimes you need to wait one or two hours. Have a nice week!
Oh well the Lastpass recommendation didn't age well. Keepass is far superior to being at the whim of any private company. ;)
Put a Fido key on a password manager and make it difficult for all most all attacks?
Self hosting bitwarden using the docker image. It is fantastic.
how are you gonna sync passwords with your mobile, tabled and laptop?
@@SadSadDeadM are you familiar with bitwarden? It is a webapp like LastPass is and they have mobile apps, desktop apps, browser plugins and all the same features as LastPass.
Hey what are you thoughts on Firefox Lockbox? Still a very young project though
You really dont want browser based password stores. I would check krebsonsecurity
Even though it's better than the old way of just saving the passwords in clear text, it pretty much is a similar scenario to what Chris was on about over the bundled PMs in stuff like anti Viruses,. Once you've placed all your login stuff into it, you're tied to that program. I.e. if fireFox dies or at some point in the future becomes a pig, you don't have easy ability to swap to something else.
At least since FF is also open source, the likelihood of these things happening to it is much smaller than with the closed source commercial AVs.
WTF do you do if you are hacked, is there a DEFCON 1 emergency to change ALL passwords immediately???
I do something similar to writing passwords in a book, but I have a thick blank book and I write fake info as in the website and a fake password on the front pages ,but the body of the fake password has the number of the page that I have the real password written on the back of the page in ultraviolet ink, so I look at the fake password, go to that page and flip to the back of that page and light it up with my ultraviolet flashlight.
I also have my book in a spot that would not be found unless you had a whole bunch of time to search and still would not be likely to find.
I used to keep my passwords in a Word doc haha. Looking to find the best password manager.
My wife was using a free password manager that she really liked and then they started charging a monthly fee. Needless to say, she wasn't too happy about it. Anyways, my take on password protection sites is ANYONE can be hacked. I think putting all your passwords in one site is just asking for trouble. Putting all your passwords in one place can be dangerous but what is really safe anymore with technology only getting better? Ok, better stop writing, the white van just pulled up outside my house 🤣
I do just fine not using a password manager. I keep my passwords offline, and I don't keep any confidential information that could be used to steal from me on my computer. You can use passwords that are a variation on a theme that only you know. If you need a list, you don't have to keep it near your computer. Put it somewhere out of the way and don't label it. If someone breaks in to your home/office, this should be the least of your problems.
Cool video. I use LastPass for most of my general account passwords, but my crypto wallet passwords, they are only in my head, and on an encrypted USB stick in a safety deposit box at the bank.. and those encryption keys are in another 3rd party location hahah. No once can get the USB without a death certificate and a court order, and the keys are useless to you without the stick. So should be safe LOLz!
Thank you for advocating. Well said. I want to share this with so many people.
I just keep passwords.txt on my Desktop.
That's a bad idea
Oh gawds, I hope you're just being funny.
It's actually "better" to just have sticky notes stuck onto your screen, not "good" just better. At least some hacker breaking into your machine or running some malware can't read those - your webcam tends to point away from them. But that passwords.txt on your desktop? It's like waving a red flag to these guys.
You might as well just use your browser's "save login" feature. At least it obfuscates the password, not that such means much.
I do hope you're joking, but I've seen too many others doing the exact sort of thing for real.
That text file should be in an encrypted file volume of some sort.
I renamed my password list to secret.txt on my desktop. So its not obvious that I save passwords in it.
What he said about NOT using password managers bundled with other software applies to stand alone software too. Unless they have an EXPORT function then you are equally as locked in to any product unless you want to manually copy and paste every login into another product.
If a user is going to use the same passwords even when using a pw manager, then there is nothing that will help such a person.
However, as a Lastpass user, I can tell you that Lastpass detects reused passwords and warns you about it and tells you to change them. I don't know if others do the same, as I have not used any other product for years. I did try out many others before choosing Lastpass originally though.
Another factor that almost everyone forgets is that your EMAIL is the weakest point. If someone gets access to your email, then they can use this to reset your password on every site you use. SO it is critical to use 2 factor authentication at least for your email as well as your password manager.
Those are good reasons - to use Keepass or Keepass XC. Open source, there are already multiple clients that use the same database format, and it doesn't use your email in any way.
@@lorcro2000
If your email gets compromised, then it makes no difference whatsoever which password manager you are using. Keepass will not help you in such a situation nor will any password manager. There are other ways that hackers can gain access to your password other than your password manager.
If someone gets your email login, here is what happens.
1) criminal gets your email login details
2) criminal can go through your emails to get an idea of what sites you use.
3) criminal goes to facebook, twitter, and every other website you use and submits a "lost password request".
4) password reset email arrives, which criminal has access to
5) criminal resets all your passwords to all your sites, now only he knows the password.
6) criminal can now login to all those sites and change the email address as well
Your password manager (keepass or otherwise) will not help you one iota in this situation. This is why I recommend using 2FA wherever possible, at the very least on your email and password manager, as these are the 2 most import services that give access to everything else.
With 2FA, nobody will be able to get in with your login details alone, they will be required to provide that second factor authentication via your mobile device. And if you are using a service like Gsuite, you can set it to notify you about the failed login attempts.
Is pass application which is native to Unix/Linux far better than these two? It also has GUI front ends if needed,.
You missed a few key points about LastPass, it is encrypted locally and they have no access to your passwords, also you can, even with the free version change the iterations with the encryption as long as you have a good MASTERPASS WORD, otherwise, you are screwed anyway!!!
I think Lastpass did limit the amount of the devices earlier on around 2013-14
keepass is secure if you use the portable version and run it from a flash drive
Great video but what are some usb devices intead of apps that can Do manage password?? Thanks
The best way to handle passwords is to have a modification scheme and a list of root words for different things. Then all you have to remember is your modification scheme and your root word. I will never ever trust any of these password managers.
Being tech savvy has nothing to do with it, useability is what it's all about. Who wants to muck about with something instead of just using it. I mess about because I want to, not because I'm using a user hostile app that forces me into it, that normally gets the boot pronto
Stick the Keepass on a flash drive only
Actually what you "really" want is to keep the KeePass encrypted database separate from its keyfile. Perhaps using two flash drives, or at worst one on the hard drive and the other on the flash. That way, even if someone gets hold of one flash drive and can guess your "super unique extremely strong" masterpassword - they'd still have no way of getting into all your other logins.
why would i pay for any of this stuff or use no password manager solution when google chrome and msft edge [ new chromium based version ] both have free password generation/mgmt solutions that are protected by your device biometric credentials?
Sir I love your channel..... Can you please make a video on "myki password manager" i personally liked it from application point of view but not very sure about how secure it will be..... would love to know your opinion on it....
Thank you
Now you have me worried. What kind of steps are required to secure keepass besides having it protected with a strong password?
@Paolo G That's what I think too. So when Chris says that you need to be tech savvy to set it up properly, all he means is have a good password to protect the database?
My colleague had small security problem on Android. Since than, for years, after I replicated problem, I use iOS, last pass, Bitdefender for av and use parental controls for all laptops and phones. Also 2fa an all accounts and VPN. I setup my home router firewall, content blockers, ... I even use Touch ID on every reasonable apps.
what i don't get is why multiple non-sensible passwords behind one sensible strong password is more secure than multiple sensible strong passwords
The password managers can generate secure passwords for you
It isn't, but people have problems creating and REMEMBERING multiple UNIQUE strong passwords.
it's the keyfile that makes it secure. So yeah, you have a memorable password to unlock the locker, but you should also have a keyfile (keepass does this standard) The keyfile is generated by the program and saved to wherever you want to keep it. The database cannot be unlocked EVEN with the password if the keyfile casnnot be located. So you put it on a thumb drive that you can just unplug when you walk away. It's brilliant.
@@GradyBroyles ah that _is_ brilliant indeed
It sounds similar to how ssh keys work
@@ChrisTitusTech yeah i myself have a few rules to generate multiple unique strong passwords
i often end up with strings like D=m2$@)!)
........I think I just improved my rules 🤣🤣🤣
Dude, Last Pass and Dropboxs' behaviour for limiting devices and all should be totally acceptable as you are using their servers and services for free
Not sure if it's becuase I'm early but the audio is lagging slightly.
I think I messed up the audio sync by about 50 ms ... sooo slight but I notice it as well.
@@ChrisTitusTech Still a great video.
I use a Mooltipass. Which is pretty neat opensource hardware password manager.
Thank you Chris! I got a lappy, it was acting flaky as it booted, but WTHeck, it started. The first page I saw, was big G and a greenbank logo. I knew this was a bad move, but since I have to protect "them", I hit the logo. Next thing I know - I am autologged into a bank account of the parents, of the person who handed me the device. Then I popped open the G and checked the password. Honest - after $% years, nothing should shock me, "wordpass20". Sentences - make the best passwords, phrases you recall and mean something to you. 12 to 20 characters. I use a notebook too.
And now two years later Lastpass charges for more than one typ of device since everybody is working from home.
What About enpass it is Also on Linux
1+ year later, any updates on your Password Manager opinions?
I'm not him, i think the most trust-worthy password manager is the one that is the most transparent. KeePass is still by far the best open source password manager. I'd recommend you that.
I use passera so there is no possible way to remember any password cuz it makes a word to an alphanumeric and symbols string. I use nomorepass.
Is Lockwise from Mozilla bad?
thanks for video. what about bitwarden?
Good info that is not well known. Thank you for sharing
Weyland-Yutani! Nice touch for Alien universe fans (like me) :)
Lol I actually have my passwords written down and in a box at my house :'D. So the first few minutes were kinda weird.
The content is great, but the video looks a little choppy/stuttery.
Yup, won't be using this method of post processing again. Thanks Theo!
@@ChrisTitusTech No problem
I have no idea how to use Keepass.
What do you think of Dashline?
Seems these password managers make you copy/paste the secure password. Isn't that easily traceable/hackable on the computer?
There are ways trace data can be extracted. Depeing on the aapplication, threat asscessments, operating system, etc. You have to do your homework.
There are a ton of setting you will be playing with.
This was very helpful thank you.
i use lastpass... i have a 22 digits password
1234567891011121314151 Best ever! lol
Nice Review,,,,,, using keepass for like last 5 years....
I keep Keepass updated through a cloud(would love to set up a owncloud or something like it but am behind DS-lite so local hosting is not a thing). I don't like lastpass, tried it but didn't like it that much for the points mentioned and having issues with it being managable over the browser.
I had lastpass first but migrated to keepass. Thankfully there's applications for it on all types of devices I have(I have it linked in my browser, have it on my phone and in general on my pc). Beats having the same PW for everything anyway.
How about Bitworden ?
TY for shearing.
How is mSecure?
I had enough contact with software companies already. For years I haven' t meet a single one which had a manager with an even basic knowledge about software development or IT. Anything related with passwords or personal data should be keep local or faked. How many personal data leak scandals are needed per year to think this way?
There is no way I'll use a password manager: Specially a closed source one! I think the best approach is a spam email account with the same password for anything that you don't need real to give real data, like forums and stuff, and minimize the use of other services (if you hace an Amazon account, avoid if possible Ebay. If you have Steam, avoid Origin, etc.) any of those is a risk, two is twice the risk!
Well, there's a fine line between careful and paranoid. Most email providers have very effective spam filtering and password managers are safe if you use the tipps provided in the video (TFA and not-remember-master password).
I will stay with KeePass (even it looks outdated compared to other password managers), only because of the ability to use a file as a password.
If you write it on a notepad/file, omit portions of your password you can remember.
Email/Finance passwords are crucial and should all be unique. Forum passwords not so much.
Unfortunately the bits you can remeber are usually things that are easy to get if you crack one.
OH gawd. Please, no one take this advice. You don't understand how ezmode that is to break even with parts omitted. Just don't do it.
@@GradyBroyles
HJKo*Fk*+gh*79p
Guess the stars...
Hi Chris, what about Bitwarden?
Further encrypt the kdbx file with veracrypt. You just need to remember the password for veracrypt.
And Also the password for keepass.
woffle ends, video starts around 4 min
How do I should setup keepass?
What's your opinion on remembear
Why not 1Password?
hi Chris, as keepass stores passwords locally, if my system crashes then all my passwords will go ?
You can keep the database on cloud, like Dropbox, Google drive, efc...
I personally prefer the notepad or a real book.
Lass Pass Why you propote them ... ?
if you gonna use lastpass just use google password?
Hey chris, can I have your view on the chrome and firefox bundled password managers? I'm using keepassX but also have a lot of password in the chromium passwords and I'm pretty sure the chrome passwords are hackable through trojan (in windows anyway :) )
welp, I switched from keepassX to bitwarden and I like it! easy integration into any browsers, ability to create a server on your own machine if you don't want the cloud storage, easy import from any other apps and browsers.
I removed all my chrome anf FF stored passwords and rely on bitwarden. Wish me good infosec guys ;)