It should be either remembered or stored somewhere else (e.g. But the *master password is not stored in the database. Maybe there're even open alternatives already.The passwords kept in the password manager database can be arbitrary long, because user doesn't need to remember them, he will just copy them from the password manager. It's p2p, meaning there're no servers inbetween. Actually your Antivirus software must take care of those things.Īs for the syncing: I think BitTorrent Sync should do it. It's not a 100% safe counter-measure, but I hope you get the idea. KeePass password stealer from the link above: That's the reason KeePass automatically locks your database when you haven't used it for xx minutes. Regarding the guy from above who has lost his database: who told you that you shouldn't make a backup of that as well? What if a cryptolocker hit you? Exactly, it would be still a problem, though not caused by KeePass directly. Honestly, I doubt most people, including you and me, will bother.Īs you can see I'm recommending KeePass. https //MiniKeePass/MiniKeePass You can also compile the desktop version yourself. If you're worried about the mobile app not being as reliable (backdoors etc.) as the desktop app: compile it yourself from sources. Would not happen to an open-source software. For example, there was another incident with a proprietary file "encrypter" for Android/iOS which used the simplest possible "encryption" on earth: XORing of data that is as easy to crack a monkey could do that. If you are concerned about privacy and looking for a bullet-proof solution then the only way to go is open-source software. MW99, you worry about your encrypted database syncing via cloud, but at the same time you are taking a proprietary software (1Password) in consideration. Which is fine with me since KeePassDroid support for 2.0 database files is still experimental, and I've been consequently sticking with 1.1. For the moment, at least, the old clunky KeePass 1.1 remains "secure." Read here: https //2015/11/password-manager-hacked.htmlįWIW, this only works against KeePass 2.0, a fact that was omitted from the article but evident from the source code on GitHub. I really wouldn't use KeePass at the minute.Ī researcher has released a free tool that can steal your passwords. Check it out at They also build and operate digital wallet services and other secure transaction software solutions. They offer a free version as well as one that has a cloud storage option for keeping back-ups. It also has mobile versions that you can use on iOS and Androids as well. I did find an alternative that works really well and I have been using now for about a year (The KeePass issue happened Summer of 2014).Ĭheck out Dashlane. I tried KeePass and had an issue with the file corrupting itself and losing nearly 200 passwords on me. Security and long term use are my main concern. Should I go with KeePass with it's open-sourceness and ability to use it on a thumb drive? Or should I go with 1Password and enjoy a better, official mobile app and browser extension? So, I'm trying to decide between 1Password and KeePass and can't make up my mind. I may just be being paranoid here, but I don't want to take any chances. I'm also concerned that they might shut down one day, or a disgruntled employee might decide to insert something malicious into the software, etc. I'd love to use 1Password, but I'm just not sure how secure it really is. In short, I trust KeePass itself, but I'm not sure if I can trust the third-party developers of the mobile app and browser extension. (1Password has local WiFi sync) There is also KeeFox for Firefox integration, but I'm not sure if I trust that either. Also, syncing between my PC and the app would be a pain. There is MiniKeePass on the iOS App Store, but I'm not sure if I trust it not to make off with my data. The only things really keeping me from using KeePass are the lack of an official mobile app and good browser integration. However, KeePass seems more secure being as it's open source and there is a portable version which can be put onto an encrypted thumb drive. 1Password can be set to store everything locally, has a great mobile app and good browser integration. 1Password, KeePass, and Dashlane all have a mobile app, but Dashlane sends the file to the app via their web servers, so I crossed out Dashlane. It needs to have a mobile iOS application as well. I do NOT want my database file (even if it is encrypted) being stored in the cloud, so I crossed out LastPass. I did some research on the programs out there and narrowed my options down to these four: 1Password, KeePass, Dashlane, and LastPass. I heard about password managers awhile back and have been thinking about getting one.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |