Good password manager comparison table

This spreadsheet was compiled by Reddit user r/Passwords summarising the key features per password manager.

Just don’t read too much into the numeric scores, as you need to first decide for yourself which are your “must have” features. For example, Proton Pass scores higher than Bitwarden, but me not being able to attach files a showstopper (I store a copy of my ID, my driver’s license, etc). The feature “Subscription includes VPN” is also not a must-have for me as part of a password manager, as I have a separate VPN service (it is nice to have if it can replace my VPN service).

It’s also worth noting that both Bitwarden and Proton Pass have fully free tiers with some restrictions. It would have been great to have also included those for comparison in their own columns, as these only seem to be the paid services.

See docs.google.com/spreadsheets/d…
#Blog, #passwords, #security, #technology

Damn passwords!

#passwords

The best free password managers: Expert tested by ZDNET

We use passwords every day to access everything from our social media profiles to our bank accounts — and if you are following good password hygiene rules, you have a lot of complex, unique logins that are impossible to remember. A password manager can help you organize and store this information securely, while giving you quick access when you need it. You don’t even need to pay a premium for this service, as there are several great free password managers to choose from.

There are some excellent password managers today which provide an abundance of required features free of charge. This leaves really no excuse for anyone still using the same password across different sites.

ZDNET has listed Bitwarden, NordPass, Proton Pass and LogMeOnce as worthy of their recommendation. All these services provide full synchronisation across all your mobile and computer/laptop devices. So, by using them, you are also not locked into a specific OS or OEM.

Today, one also wants to be sure your password manager can handle TOTP and passkeys (also synced across all your devices). Some now also offer hide your e-mail functionality.

The linked article also adds a few worthy mentions at the end such as KeePass, RoboForm and Dashlane.

See zdnet.com/article/best-free-pa…
#Blog, #passwords, #security, #technology

7 password rules to live by in 2024, according to security experts – No, frequent changes not one of the rules

If you really want to get deep into the details of digital security, read the four-volume Digital Identity Guidelines from the National Institute of Standards and Technology (NIST). It’s a massive document, and much of it is aimed at Federal agencies that need extremely robust security. There’s plenty of practical, easy-to-read information there as well, such as the discussion of how long and complex passwords really need to be. You’ll find those details in the short appendix titled “Strength of Memorized Secrets.”

The folks at NIST have created a simple Cybersecurity Basics page that boils all that technical information down to a set of crisp guidelines for small business owners and managers.

Experts agree that changing passwords regularly isn’t necessary, and that organizations requiring users to change their password for no reason are actually making their networks less secure.

Why? Because people who are forced to change passwords regularly are likely to choose a weak, easy-to-guess password. If you’ve done a solid job of choosing a strong and unique password, there’s no need to change it under normal circumstances.

They’re all very sensible rules, and changing a well-chosen unique password every month, is not one of the recommendations. I recall making a post about this a year or two back, where the originator of that idea of monthly changes had explained where he came up with that idea, and it had no basis on any fact at all. And yet to this day most IT departments still require such changes, and of course users just tack on a number they keep changing (defeating the whole objective of that idea anyway).

See zdnet.com/article/7-password-r…
#Blog, #passwords, #security, #technology

#caturday #computers #internet #passwords

The origins of Bitwarden and how it is fending off the tech giants

Kyle Spearrin had never developed a mobile app or browser extension when he started building Bitwarden as a fun side project in 2015.

Nearly nine years later, Spearrin’s humble attempt at a free, open-source password manager has become one of the most popular ways to keep online accounts secure. Wirecutter, PCWorld, PCMag, and others say it’s the best free password manager, and CNet even calls it the best password manager overall. Bitwarden says it now has 8.5 million users, and it uses that audience to grow its enterprise subscription business. Bitwarden’s business side has tens of thousands of customers and helped fuel nearly 100% revenue growth last year, and the company now has roughly 200 employees.

“We really value that everyone should have access to a full-featured password management tool,” Spearrin says.

Very humble beginnings, and of course we’ve seen why tech giants like Apple, Google, etc embraced passkeys with such enthusiasm, as this would lock users into their ecosystem. Try using your Apple passkeys when migrating to say Android, or vice versa.

“If you are locked in with one vendor, you have a risk of being locked out of your account,” Magdanurov says. “Something can happen. Somebody can hack your account. Or their automated tools that block your account for violations can be triggered for some reason.”

So, whilst it is true many tech giants have been improving their offerings around password management, Bitwarden is managing to stay a step or two ahead of them with newer innovative features (some I did not even know about). And of course, one can self-host Bitwarden too.

A lot can also be learnt from buy-outs like LastPass went through. The ownership does dictate the philosophy, or changes to it.

Although I’m eyeing out Proton Pass’ rapid developments (I’m a paying Proton user) I’m still a paid tier user of Bitwarden as right now they’re doing their things right, and what I really like is that their paid tier is not expensive at all. I just feel that I am supporting what they do.

See fastcompany.com/91117788/how-b…
#Blog, #bitwarden, #opensource, #passwords, #security, #technology

This has to work as well as anything…

#passwords #caturday

#passwords #humor

A Step Forward for SSH Security on Haiku

#haikudepotserver #haikuos #passwords
posted by pod_feeder_v2

A Step Forward for SSH Security on Haiku - Desktop On Fire!

This is a quick and dirty native ssh_askpass implementation for Haiku

#humor #passwords

New AI-Driven Cyberattack Can Steal Your Data Just By Listening to You Type: Need to Blur Video and Mute Sound now!

A new study published by a number of British researchers reveals a hypothetical cyberattack in which a hacker could leverage recorded audio of a person typing to steal their personal data. The attack uses a home-made deep-learning-based algorithm that can acoustically analyze keystroke noises and automatically decode what that person is typing. The research showed that typing could be accurately de-coded in this fashion 95 percent of the time.

So yes if you’re recording videos for YouTube, are in a Zoom call, etc and are busy typing your password in, just blurring the video is no longer sufficient. It’s true too, that sound penetrates though walls, and does not need any direct line of sight either. I suppose you could start to randomly hit the shift key, while typing in passwords, to try throw off any analysis. Also using a password manager to auto-fill fields will eliminate this.

See https://gizmodo.com/ai-acoustic-cyberattack-deep-learning-hackers-1850714550
#Blog, #audio, #passwords, #security, #technology

Sniffing Passwords, Rickrolling Toothbrushes

#classichacks #reverseengineering #crc #passwords #security #sniffing #toothbrush #hackaday
posted by pod_feeder_v2

Sniffing Passwords, Rickrolling Toothbrushes

If you could dump the flash from your smart toothbrush and reverse engineer it, enabling you to play whatever you wanted on the vibrating motor, what would you do? Of course there’s no question: yo…

Open-Source KeePassXC Password Manager Review

All in all, KeePassXC definitely earns mention among the best password managers, though it comes with some sizable asterisks. The biggest one is that as an open-source product, it may be free, but it also lacks the polish of many industry leaders. As such, it’s not for everybody, though anybody that likes old-school cool will love it.

Yes it’s also not had any independent 3rd party security audit (but then again you download and use it locally on your machine). I’d certainly still benchmark it with either the free, or paid version, of open-source Bitwarden (which you can also self-host for free) which has some rich functionality as well as cloud sync across all devices.

See https://www.howtogeek.com/879987/keepassxc-password-manager-review/
#Blog, #opensource, #passwordmanagers, #passwords, #security, #technology

Why You Should Use a Password Manager Instead of Browser-Based Ones, and How to Get Started

You do need some sort of proper password manager today, mainly because you cannot re-use the same passwords across different websites. So having a unique password, as well as a unique user ID/Email for each one, means you cannot remember 500+ combinations across all websites. Yes, for example, Bitwarden will also generate, and remember, a unique e-mail address login for each website (through either a 3rd party service, or even just with your existing service by making use of plus addresses). A unique e-mail address means even more added security, as any hacker has to guess both a unique e-mail address and a unique password and cannot use your know e-mail address.

A browser-based password manager can do the very basics but usually does not do the more advanced functionality such as generating user IDs, 2FA filling as well as access security, can be locked independently of the browser, and more. Their use is also limited to just that browser. I regularly use more than one brand of browser, and I work across different OSs. I need something that will sync across all browsers on all devices.

Many password managers will provide a free tier with some limitations (some are even completely free) but it is important to tick off what features you will need to use.

Even if you do pay for a good password manager, it is probably worth it, as our website accesses are unlocking more and more valuable resources from banking to online investments, our e-mail, our remote work logins, our identities, etc.

As sites transition to passkeys, so should all current password managers be adding this functionality in the coming year.

See https://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/
#Blog, ##passwordmanagers, #passwords, #security, #technology

The Problem With Passwords

#hackadaycolumns #rants #securityhacks #passwords #security #securitytheatre #hackaday
posted by pod_feeder_v2

The Problem With Passwords

By now it’s probable that most readers will have heard about LastPass’s “Security Incident”, in which users’ password vaults were lifted from their servers. We’r…

Sehr hilfreich - TNX

#security #passwords #keepassxc

♲ Mike Kuketz :mastodon: - 2022-08-17 16:21:48 GMT

Lesenswert: Dreiteilige, praxisnahe Artikelserie zum Umgang/Bedienung/Synchronisation von KeePass* im Alltag auf Desktop und Android. 👇

Start hier: https://www.kuketz-blog.de/keepassxc-auto-type-und-browser-add-on-im-alltag-nutzen-passwoerter-teil1/

Mike Kuketz :mastodon: (@kuketzblog@social.tchncs.de)

6.65K Posts, 25 Following, 14.2K Followers · #Sicherheit | #Datenschutz | #Hacking Impressum: https://www.kuketz-blog.de/impressum/ Kuketz-Blog: Selbstbestimmt im Netz ✊ Privater Account unter: 👇 https://social.tchncs.de/@kuketz

Microsoft, Apple, Google, and hundreds of tech companies accelerate push to eliminate passwords, supporting standards developed by the FIDO Alliance and the W3C

Google, Microsoft, and Apple are important in this regard because they represent the greatest volume of single-sign capabilities for sites other than their own. So if you want a change away from passwords, without their support, it drags out for years, never reaching any tipping point to be effective. Note though that what is being adopted are open alliance standards, and not proprietary to Google, Apple, or Microsoft.

We do have 2FA (2-Factor Authentication) already, but it often falls back onto insecure e-mail or text messages. We’re going to also have to finalise, or have options between biometrics vs device specific. Many don’t want biometrics (or their hash) saved, not because it’s invasive (it does not store your actual fingerprint), but because it cannot be changed (or does using a different finger count, although most of us still have a limit of 10?). Biometrics are the most convenient and usually not lost, but that also counts against them for the same reason. A device such as YubiKey, fob, phone, etc can easily be lost or left at home, and you lose access.

But yes, passwords do need to go, along with that useless advice of updating a password every 30 days.

See https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/

#technology #security #passwords #authentication
#Blog, ##authentication, ##passwords, ##security, ##technology

The Force won’t save you from these breached #passwords #StarWarsDay

source: https://specopssoft.com/blog/the-force-wont-save-you-breached-passwords-starwarsday/

Top 20 Star Wars themed passwords found in breached lists:

yoda
starwars
ewok
hansolo
darthvader
bobafett
darthmaul
grogu
obiwankenobi
lukeskywalker
macewindu
anewhope
plokoon
mandalorian
princessleia
kyloren
kuiil
iamyourfather
quigonjinn
rogueone

#password #security #starWars #fans #fail #problem #login #news

The Force won’t save you from these breached passwords #StarWarsDay

If your colleagues are Star Wars fans, they might be at risk for breached password use. This May the 4th, the unofficial Star Wars fandom holiday, Specops...

Gestion et Partage des mots de passe avec #nextcloud

Je ne trouvais pas une solution simple pour partager mes #motdepasse avec d'autres utilisateurs de mon Nextcloud

J'avais essayé #passman mais je n'étais pas satisfait.

J'ai essayé aujourd'hui #passwords et c'est super génial. Un peu délicat à comprendre pour utiliser l'extension sur son navigateur internet préféré mais c'est bien expliqué dans la FAQ : https://git.mdns.eu/nextcloud/passwords/-/wikis/Users/Extension

https://nextcloud.com/blog/password-managers-for-nextcloud/

Et vous qu'utilisez vous ? #zaclys

@zaclys@diaspora-fr.org : merci pour vos services.

I hate when they keep rejecting my password because I’m missing a symbol or capital letter

#humor #passwords