Well, shit. I don't use a password manager but now I feel like I should lol. Gonna check out bitwarden I guess.
Android
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
My mom would use the same password for everything or she would mix it up a little tiny bit.
Her passwords were like.
Rainbow2002! rainbow2003 RAINBOW!!!
It was a different word from rainbow, but that's just an example.
I got her using two factor with Google with a really good password and she's using the built-in Google password manager. Now all of her passwords are 20+ random strings instead of a single word with different numbers at the end.
I think that's a much better system than what she was using before.
Yes, 100%... In fact, I often do recommend it to others. Personally I use Bitwarden (paid account even) but I've also recommended 1pass to apple only users because it fits well in that ecosystem.
You can use them to generate a different password for each and every login. And it's really just random letters, number and special characters. That one site gets compromised? They can't then use those credentials to login anywhere else.
You don't have to remember those passwords. Passwords that are easy to remember are probably found in dictionary attacks. You know what's not? Wt2Pwi#$a@Nzeq7*8UwSJ7sTsMKdC!HSGZZ7JnzCtxhfCfFCiXP&FD!yM!c^$DisSR@2
(which I just generated with bitwarden)
2-factor auth is also really easy with most password managers and makes logging in with 2-factor auth easy. I hit one hotkey to fill in the web form with my username/password, hit enter to login and then it auto-copies my TOTP code so I can just paste it and go. Super secure but super easy.
You go to a phishing site? Guess what, a good password manager will store the url and if it doesn't match, that should be your first red flag. If I end up at g00gle.com instead of google.com, it won't show as having a login available.
Is it bad that I just love built-in Chrome/Google auto-fill manager? Is this not safe? Autosync to Android does it for me + the fact that i can auto-generate and save/fill passwords seamlessly without having to switch between apps
Started with LastPass many years ago - but has changed to 1Password just last week.
Bitwarden and Dashlane were close contenders, but I found that 1Password's sharing feature was better in my usage scenarios.
Perhaps a bit more technically involved for some tastes, but here's my setup –
I've used pass for the past few years, a command line based password manager that stores GPG encrypted passwords as text files in a git repository. I use it for more than passwords, so it's more like a passwords-and-other-sensitive-secrets manager.
There's no defined structure, that is left to the user to figure out, but the basic command to get a password and copy it to the clipboard simply grabs the first line of the file, which is where I insert the actual password. There's other info in there too, usernames, challenge questions, etc.
I push the git repo to gitlab, transported via ssh. On my phone, I use a client for Android called Android Password Store, which pulls from the git repository and has an easy interface for adding, editing, and accessing the passwords.
It costs nothing, stays backed up, and works pretty well for my purposes. Despite that, I was looking around to see if KeePass would be a better solution for me in any way, and found this cool thing, passhole, which provides KeePass with a CLI interface similar to that of pass, which is a big part of my attraction to it.
Keepass + Syncthing awesome combination
Definitely recommend using one. Don't have a preference for any particular one, I use Google's for simplicity sake. But unless you have a complicated system that allows you to have different passwords for every online service (or maybe if you have a great memory) it's simply more secure to use a password manager. Most sites have emails as logins, and if you reuse the same email/password combination you're just asking for trouble for when one day one of those sites get hacked, your password is sold, and someone spams your combo across all popular services and somehow ends up in your bank.
Switched to bitwarden last October and couldn't be happier. Was previously just storing everything in chrome/my Google account. Reused the same password on pretty much every website. When I saw a few articless about chrome causing issues with ad blockers I decided to switch to Firefox which meant having to figure out my passwords. Decided that was a great time to figure out a separate password manager. I still occasionally run into websites I don't use often that still have my old password but for the most part everything is switched over and if 2FA is an option I have it set up. Going through my main sites was a drag but I felt so much better afterwards. I was really shocked at how many websites have really low limits on password length. And how some of the accounts I would really really prefer to have 2FA it's not even an option, looking at you banks.
My work actually just switched payroll companies and when creating my account I noticed the password field was 0/127 so of course I bumped up my password generator to 127 and maxed out the password field 😂
Loved bitwarden but switched to 1Password recently because their UI is so much nicer. ik, weird reason.
also because it was free with GitHub Student.
I just completed a study of Enterprise password management and move my company from LastPass to BitWarden.
1password was a close second.
I'm not going to say whether it's the best or not because I have not compared, but I have used Keepass2Android for years which seemlessly integrates with my cloud storage and key files (stored offline), has useful randomized password generation, and is overall unobtrusive
Used last pass for years until they decided no account sync for free users now I use bitwarden which I find is fantastic.
I've used password managers for as long as I've used the internet. I find it absolutely essential.
If you're not currently using one, it's likely that as the number of your login credentials increase, bad habits will increase. So it's probably better to use a password manager any way.
If you're using good, separate password, saving logins in the browser might work for you too. In that case I'd suggest you read up on the security your browser provides, ability to sync, migrate etc.
I've used Dashlane for a few years now and I can't say there are any issues with it at all.
I used to just use a list stored in Google Keep, "encrypted" in such a way that only I knew what the passwords were. That got really old.
I use Chrome password manager. Is there any difference to this vs. Bitwarden or other services? Chrome is super convenient since it suggests passwords in browser while signing up and auto-inputs them to apps/websites cross platform. And also integrates with GBoard to quickly search password to copy into a field.
Not sure if Bitwarden has any additional features other than the benefit of not keeping all my info with Google. Or if it's less convenient and I have to go into the Bitwarden app or something everytime to look up or generate passwords?
Using a sheet of paper right now, am in the process of switching to a self-written password manager. It uses Vigenere encryption using a key that is not saved anywhere (that I have to remember) and saves to a .dat file. Should I use my own tool or a service?
It’s 1Password for me. Looks good, works good and is available for every platform that I use.
For work I use KeepasXC and Bitwarden+Vaultwarden as well.
I used to use Bitwarden and it's a great App but you need to export your saved password list frequently somewhere safe just in case.
I now use Safe In Cloud, the backup can be restored from their servers.
Afaik, the backups encrypted and Safe In Cloud have no access anyway, check out the Playstore reviews for more details.
https://play.google.com/store/apps/details?id=com.safeincloud.free
I use Bitwarden with some trepidation. I keep hoping that eventually Proton Pass morphs into something that seems even more secure but right now it's pretty basic.
Switched from LastPass to 1Password after their ridiculous security breaches and haven't looked back. 1Password also kindly gave me the first year free after sending them my LP invoice.
I haven't heard anyone mention Google password manager, which is the one I started using recently. I assume very few people trust it because... Google?
I use 1Password because I got my wife to use it. The paid plan is worth it just for the fact that she also uses it. If it was just myself, I would probably self-host Bitwarden.
I personally moved to Bitwarden from 1Password due to the cost, and I believe for an average user, Bitwarden is definitely the way to go as it is very value-friendly (at $10 USD/year), and it is open-sourced unlike many other proprietary password managers. 1Password may get more features, however it being $3.99 USD/month, many users don't need the extra security features and I strongly believe that common sense is the best security for any user.
it is has become so much easier to manage my password after I started to use bitwarden it is just convenient
Dang you guys made me feel bad for using Microsoft Authenticator lol.