Best Password Management Software-(Cross Platform&Device-Cloud)?

Hey, wondered what you all think is the best password management software, cross platform&device versions if possible, any device-independent web-based cloud solutions really trustworthy?

Whenever available, we tend to stick with portable apps & have old RoboForm & newer KeePass since for very sensitive accts we will not even let portable Chrome or Firefox save passwords & convenient web-based cloud solutions seem questionable..

So with hundreds of accounts accumulating how would you recommend password management security?

If you think I should post this elsewhere, let me know, -Appreciate your thoughts,

 

I keep passwords locally in Keepass both windows and linux....

 

So you wouldn't trust KeePass in dropbox as some recommend? No KeePass for smartphone?

How do you like your "Big Dog" M6500 worth the 4-5k?

-Thanks

 

I keep the .kdb file in dropbox via My Documents, and sync it between a windows and linux box...I pay for 50 gigs, can't live without dropbox anymore

love the 'big dog' it was 3850. before tax and shipping....got a 1200 dollar off pricegrabber deal....best notebook I've ever had.

 

Another alternative to Keepass would be LastPass. Similar feature set, but automatically synced between browsers/computers. It's a bit more streamlined, and you can actually export/import data between it and Keepass. I use both just so that I have a local backup of everything that I store on Lastpass. Works well for me.

 

Lastpass is closed source software. You really want to trust your passwords to a system in which you cant look to see it is doing what it claims to do?

 

Yes and no. At this point I have no reason to not trust it, and it provides a service that I find useful. That said, I don't trust it completely. Same can be said for any software I use; closed-source or otherwise. At the moment I do use Lastpass as a convenient auto-fill, but everything is also in a KeePass database that I have backed up to multiple locations. If there were a more convenient way of linking KeePass to firefox, then I'd just use that. Sadly the ways that currently exist are much more of a pain than simply using Lastpass (of course, it's been awhile since I tried; so perhaps the methods have improved?).

 

Er, the public not being able to SEE the workings of the software should be enough

EDIT: Fair enough
Is Open Source Good for Security?

 

Haha, how about I pull the same thing you just did? Just stumbled across this: KeeFox - Simple and secure password management for Firefox users with KeePass

Basically it works like Lastpass, only it interfaces with Keepass. I'll play around with it and see if I like it.

I agree that using a close-source solution is a risk, but for me functionality has to come first. Most of the programs I use are open-source; yet I'm in Windows because Linux always has more than a few bugs with my particular laptop. If I were more experienced with the inner workings of the OS I could probably resolve some of those glitches, but I just don't have the time or desire. I try and hit a happy middle-ground that doesn't sacrifice security but does maintain functionality; especially when it comes to personal data. All that said, if the above extension works well then I'd drop LastPass in a heartbeat. I prefer organizing my bajillion logins/wifi passwords/program codes in KeePass' structure.

 

I actually posted that link on the discussion as an argument against myself (against my claim that open source was a prerequisite for security)

 

How about keeping a master password file, encrypting it with truecrypt (works on both linux and windows), and uploading the encrypted file to windows live or any other data hosting service?

 

I know; that's why I posted mine

KeePass is entirely separate from LastPass and is an open-source password manager, haha.

It stores all of your data in a heavily encrypted database (AES/Rijndael 256-Bit Key) that requires a master password to unlock it. I made the assumption that you've heard of it, but given your response to LoveNotebooks I take it that you haven't. In any case, it's entirely an offline program, but that extension that I mentioned, KeeFox, integrates it rather nicely with Firefox. It's a lot easier to use than a true-crypted master password file.

 

I know about Keypass, but it seems to be less cross platform compliant that Truecrypt. Keypass requires mono on linux. Truecrypt does not.

 

True, but you can also use KeePassX. If you don't need the cross-platform compatibility, use KeePass. If you do, then KeePassX runs on everything.

 

Trying to compile Keepassx now, thanks.
It still requires more packages than truecrypt. Truecrypt just requried to be unzipped, Keepassx needs to be installed.

Although it can be argued that if I dont have root access, then I should not be using Keepassx. But still, I'd like to access the keys in case of an emergency on a linux machine on which I dont have root access. Truecrypt is a wee it preferable, but yeah, I will try keepassx

EDIT: Keepassx works I think I'm gonna use it
Its very nice that its database is compatible with keepass

 

Haha, another convert The only unfortunate limitation to KeepassX is precisely the one that you mentioned; it has to be installed. Technically you can run the portable version of KeePass through WINE and open your database from there in a pinch; but I've always had issues with the fonts showing up properly. Still, better than nothing I suppose.

 

Question: What would be the advantages of using Keepassx over Truecrypt?

 

I tried the Truecrypt route, and I just found the KeePass(X) route to be simpler. I find KeePass easier to organize and the fact that it interfaces nicely with Firefox means that my day is just that much faster (not sure about the "X" version, but the original works very well with KeeFox).

In terms of the basic functionality, I suppose there's not a huge amount of difference; at the end of the day both options encrypt your passwords. So, it's the extra bits that make KeePass worth it. Things like how you can place passwords in your clipboard by double-clicking them in KeePass and not having to worry about leaving it there (KeePass auto-clears it after 12 seconds by default). You can also utilize the global hotkeys to auto-generate secure passwords (you set the default parameters), log in, etc... Beyond the built-in functions, there are also a large number of plugins that people have created to take the functionality even further.

If you use those sorts of extras, then KeePass has a huge number of advantages over truecrypt. If not, then, as I said before, at the end of the day both still encrypt your passwords.