cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Password Manager

How many of you professionals are using a password manager? I am collecting information about security practices of security professionals when they are NOT at work and are NOT required to be as security conscious as they would be at their jobs.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, Security+, MCSE
12 Replies
Community Champion

Re: Password Manager

LastPass for a few years now.  Before that, KeePass and before that, a txt document on my desktop.

 

Most all my accounts have randomly generated long passwords that are autofilled.  Additionally, I use 2FA for a dozen or so sites that support it.  

 

Also have an "If I Die" document that describes how to gain access to Lastpass and rebuild the 2FA enviroment, complete with basic usage instructions.  A printed copy is kept in a safe place my wife knows.

Community Champion

Re: Password Manager

Sounds like you have your bases covered. You have given me a few things to consider with your reply!
Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, Security+, MCSE
Newcomer III

Re: Password Manager

I’m using keychain by Apple. I’m also using MFA if possible.

I got an agenda item planned every 3 months to change all my passwords. All passwords are also generated.

This way I’m only using my Apple devices to connect to websites or applications I need to.

I’m also never connected to any other connnection than my WiFi or 4G.
Viewer

Re: Password Manager

I use one along with my Norton Identity Safe.

In addition to this I use a USB Yubikey NEO for 2FA on the important accounts on my mobile and personal PC / Applicaations.

Highlighted
Community Champion

Re: Password Manager

I use PWSafe. It has a client for all OS's and I keep the triply encrypted dBase in the cloud which requires biometric access.

 

I use Yubi for those accounts that aren't U.S. Gov MFA accounts. 

 

PWsafe has a password gen tool if MFA is not an option.

 

PWSafe is open source and very low budget.  

 

I have several thousand accounts secured with it.

Newcomer II

Re: Password Manager

I have been using a very nice one called Safe In Cloud, there is an app for the phone and for desktops, it stores your encrypted password database in your storage location of choice (google drive, etc) so you have more control of where the database backup is stored. I have over 130 passwords and I don't know any of them...


___________________________
CISSP, OSCP
Contributor I

Re: Password Manager

Handwritten note for those I use very infrequently held in the firesafe in my home office.
Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP
Newcomer I

Re: Password Manager

Keepass syncronized with a folder in Dropbox, this allows me to have the passwords in the mobile phone. But I would like to know other options to have the password in all my devices given that I use Android, MAC and, sometimes Linux and Windows

 

Thank you

Newcomer III

Re: Password Manager

Long ago, text file in an encrypted TrueCrypt drive.

 

Now, LastPass for personal use (and I've got my wife using it too) with some randomly generated passwords, and some manually selected ones.  Still need to 2FA all the things. Monitor my email addresses for breaches with HaveIBeenPwned.