Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
10 Top Password Managers
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 5 / 5
lspielman916
50%
50%
lspielman916,
User Rank: Apprentice
5/1/2013 | 7:57:34 PM
re: 10 Top Password Managers
I have been a RoboForm user for about 7 years. I LOVE IT! No, I do not work for the company. Am a paid subscriber. Couldn't live without it.

One thing that the article left off was that for at least the last year+ they store everything in the cloud! I have multiple computers and do a lot of global travel. As soon as I use one of my other computers/tablets/smartphones, after I sign in to RoboForm, ALL of my data is synchronized. Yes, I do use a double lock.
JM
50%
50%
JM,
User Rank: Apprentice
5/1/2013 | 7:26:06 PM
re: 10 Top Password Managers
I have used KeePass for years and consider it the best of the lot for several reasons.

1. You make it sound like open source is bad. In fact, it is extremely valuable. The code in KeePass enjoys a level of inspection and verification beyond any closed source program.

2. It stores an indexed database, where each entry can have any number of user defined fields. For example, for an entry for a credit card, in addition to the normal username, password, and URL info, I can store named-fields for any other data I want to store. For example, a credit card number field, a CVC field, a date field, a Name-as-on-card field, a phone number to call if it's lost field, and fields for the special answers to questions the web site asks me when I log in. This capability makes all the difference. I refuse to use a data storage app that canGt do this. It makes the app broadly useful for all sorts of data and makes it a truly effective system for storing data you want to keep private. There is only one place I ever go to, KeePass.

3. It uses a double lock - a file with a tons of random bits, plus the password you type in. I physically copy that file to each of my computers and my phone, so it never touches the internet or any cloud storage. To break in, not only would someone have to guess the password I type in, they'd also need that file.

4. It gives me total control over my data. It stores the data locally, not on the cloud. But I can store it in a dropbox folder if I want to, making it available on the cloud. All my choice. I personnaly have mine on dropbox so that my phone, mac, and pcGs are all synchronized automatically.

5. It works across multiple platforms. I have it working on a MAC, several PC's, my Android phone, and a friend uses it on Linux.

6. Your sentence saying it is lightweight and going on to say what it doesnGt do makes it sound like a bad thing and that it is missing something. In fact, all the things you mention represent a fabulous feature! You can stick the entire tiny program on a memory stick and run it on a machine without having to "install it" It doesn't require mucking up the windows registry etc. I can run it on a friendGs computer and the computer is clean when I'm done.

7. The GǣAutoTypeGǥ feature that fills in all the info required to log into a site works great. ItGs even programmable so that on complicated web sites that donGt use the standard username and password, but demand more things to be filled out, it can be easily programmed to do this job. ItGs simple enough, even my mother (in her 80Gs) has used this with no help from me!

8. It's F R E E !
ctcusick
50%
50%
ctcusick,
User Rank: Apprentice
5/1/2013 | 7:05:41 PM
re: 10 Top Password Managers
Yup, Keepass is the best. I knew of someone who once loaded his entire company's keepass database into a cloud service so he could access passwords remotely. What an amazing idiot. Cloud services are NOT secure. DO NOT sacrifice your computing security, your privacy and liberty, for the latest new wiz-bang technology gizmo or feature.

Did you know that most news website's 'comments' sections obtain one's Contact list (depending on if you log in with an integrated account from facebook, windows live, google, or similar)?

Why would you want corporations and others to know who you know, all so you can use a technology feature (in this example, leaving a comment on a website, such as a foxnewsdotcom online article, or similar)??
Buster57
50%
50%
Buster57,
User Rank: Apprentice
5/1/2013 | 5:49:28 PM
re: 10 Top Password Managers
Keepass is easily the best password manager...and it's free!
<<   <   Page 5 / 5


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.