topic Re: Password Manager in Industry News

Password Manager

Lamont29 — Mon, 09 Oct 2023 08:49:20 GMT

How many of you professionals are using a password manager? I am collecting information about security practices of security professionals when they are NOT at work and are NOT required to be as security conscious as they would be at their jobs.

Re: Password Manager

denbesten — Fri, 15 Jun 2018 04:11:24 GMT

LastPass for a few years now. Before that, KeePass and before that, a txt document on my desktop.

Most all my accounts have randomly generated long passwords that are autofilled. Additionally, I use 2FA for a dozen or so sites that support it.

Also have an "If I Die" document that describes how to gain access to Lastpass and rebuild the 2FA enviroment, complete with basic usage instructions. A printed copy is kept in a safe place my wife knows.

Re: Password Manager

Lamont29 — Fri, 15 Jun 2018 04:17:42 GMT

Sounds like you have your bases covered. You have given me a few things to consider with your reply!

Re: Password Manager

Thalpius — Fri, 15 Jun 2018 09:28:35 GMT

I’m using keychain by Apple. I’m also using MFA if possible.

I got an agenda item planned every 3 months to change all my passwords. All passwords are also generated.

This way I’m only using my Apple devices to connect to websites or applications I need to.

I’m also never connected to any other connnection than my WiFi or 4G.

Re: Password Manager

Al-can — Fri, 15 Jun 2018 12:37:07 GMT

I use one along with my Norton Identity Safe.

In addition to this I use a USB Yubikey NEO for 2FA on the important accounts on my mobile and personal PC / Applicaations.

Re: Password Manager

Flyslinger2 — Fri, 15 Jun 2018 13:56:04 GMT

I use PWSafe. It has a client for all OS's and I keep the triply encrypted dBase in the cloud which requires biometric access.

I use Yubi for those accounts that aren't U.S. Gov MFA accounts.

PWsafe has a password gen tool if MFA is not an option.

PWSafe is open source and very low budget.

I have several thousand accounts secured with it.

Re: Password Manager

OS22783 — Fri, 15 Jun 2018 13:57:07 GMT

I have been using a very nice one called Safe In Cloud, there is an app for the phone and for desktops, it stores your encrypted password database in your storage location of choice (google drive, etc) so you have more control of where the database backup is stored. I have over 130 passwords and I don't know any of them...

Re: Password Manager

Steve-Wilme — Fri, 15 Jun 2018 14:55:23 GMT

Handwritten note for those I use very infrequently held in the firesafe in my home office.

Re: Password Manager

SamuelSancho — Fri, 15 Jun 2018 15:39:18 GMT

Keepass syncronized with a folder in Dropbox, this allows me to have the passwords in the mobile phone. But I would like to know other options to have the password in all my devices given that I use Android, MAC and, sometimes Linux and Windows

Thank you

Re: Password Manager

Jesse_Mundis — Fri, 15 Jun 2018 18:25:58 GMT

Long ago, text file in an encrypted TrueCrypt drive.

Now, LastPass for personal use (and I've got my wife using it too) with some randomly generated passwords, and some manually selected ones. Still need to 2FA all the things. Monitor my email addresses for breaches with HaveIBeenPwned.

Re: Password Manager

Beads — Fri, 15 Jun 2018 21:02:30 GMT

Using a commercial, paid password manager with a unique password for each unique site visited. Complexity is simply too much to either use one complex password or the same password for every site, any more.

Re: Password Manager

tlhaze — Wed, 20 Jun 2018 16:25:07 GMT

Greetings Lamont.

I have a couple choices to use at work; the one I have chose to use is Keepass 2.

The passwords are stored in Box location that I am unable to access outside of work, so I do not use that same password database for my personal password manager. But since I understood the features of it, I use a free version of it from my Android phone as my personal password manager.

Thanks,

Thomas Haze CISSP.

Re: Password Manager

hagayp — Sun, 22 Jul 2018 10:44:16 GMT

I checked both Password Manager Pro (https://www.manageengine.com/) and PSM of CyberArk.

both are fine

Reg