Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Do you use a password manager to store your passwords?

Sep 12, 2014 10:27AM PDT
Do you use a password manager to store your passwords?

-- Yes, I use one that is cloud based.
-- Yes, I use one that is stored locally on my hard drive.
-- Sometimes, depending what it is for.
-- No, I physically write them down.
-- No, I memorize them.
-- No, I store them in an encrypted doc.
-- No, I store them in a file.
-- Other. (What method do you use?)

Click here to vote in poll

Note: This post was edited by its original author to fix link on 09/12/2014 at 5:28 PM PT

Discussion is locked

- Collapse -
Yes - and it works across devices
Sep 12, 2014 11:14AM PDT

I've been using 1Password; which works on the Mac, Windows 8, Android, and iOS. It synchs via a file that's stored and encrypted on iCloud (if you only own Apple devices), or Dropbox (if you wish to share with other non-Apple devices). If you rather not store this file on the cloud, you can store it locally and share across devices via WiFi.

It does a great job at organizing passwords, product keys, bank accounts, credit card profiles, notes, and other things that need to be safe.

It also serves as a password generator - so it's made it easier for me to use different passwords on all my accounts. Passwords generated can be as simple or as complex as you ask the generator to make them.

- Collapse -
Stored Locally & Backed Up to Cloud
Sep 12, 2014 12:25PM PDT

I use an older version of RoboForm that saves passwords and identity info, including credit card numbers and other info. It recognizes a webpage asking for username & password, or a full page form, and will prompt me to fill the form or fill & submit. All my data are stored locally (password protected), and backed-up, encrypted, in the cloud (also password protected) to sync with other devices, including on the go, or to reconstitute a crashed computer. RoboForm will also make up random and difficult to hack passwords, and then remembers them for you.

- Collapse -
ALL your passwords need to be long and complex.
Sep 12, 2014 3:52PM PDT

In a nutshell, that is what I believe.

I read in one of the articles printed here that you only need one good password: The one that gets you into the password manager! Well, if you'll believe that, you'll believe anything.

A good password for the password manager has to be something you remember, because that is your entry to all of your other passwords! Makes sense? That is the one password that you never write down - anywhere.

But I understand that that is misleading for the following reason. I understand that some hackers might only need to find one easy password to enable them to break into a whole system; indeed I do believe that this is the way they have been known to enter some major government data bases around the world.

Thus you need to use your password manager to generate a good password for each and every web site or system that needs a password!

I have more than 250 passwords in my PW manager, and currently use LastPass. I did use RoboForm Everywhere, a very good PW manager. Except it's actually not everywhere: As I use Windows Mobile and they don't offer a service for that, I ended up changing after using them for 3-4 years.

I also use 16 mixed characters, letters and numbers in my passwords. These are auto generated by LastPass (if you ask it.) To be honest, not all of my passwords are that good, partly because some sites won't let you change your password (!), and some sites only allow limited passwords, maybe just 6-8 letters and numbers (!!). Who knows why some organisations out there limit such an important function?

As for concerns about the usage of the cloud? Frankly when it comes down to it, just about all my info is so bloody unimportant that if they really want it, they can have it! Let's face it, most of my stuff is somewhere on Facebook, Twitter, Google something-or-other, OneDrive (was SkyDrive), OneNote, Evernote, and a dozen other info-collectors!

So if one seriously wants to maintain total secrecy about one's personal info, what do you need to do? Live on a desert island? Become 'indigent'? Die? They can't get you if you die. (Can they?)

- Collapse -
I use a mixed method
Sep 12, 2014 6:19PM PDT

I have a base algorithm that I created specifically for me and it works just about everywhere. I also use 2FA whenever it is possible, lots of sites including eBay, PayPal, Google, Facebook, LastPass and many financial institutions.

Back to the algorithm I use initials, (abbreviation of what I'm accessing so YouTube would be YT for example), pw for password, last 5 of drivers license (mines alphanumeric), 4 numbers and a special characters.

So it looks like this for YouTube : iiYTpw###aa1111!

The nice thing about the algorithm as long as no one knows what you are using specifically as your pattern all you have to change is the abbreviation of what you're accessing. So there is never a repeat password which is a crucial part of password integrity.

Not sure if it will work for you or anyone else but there it is and the memorizing is made simple too.

- Collapse -
Sort of a mix
Sep 12, 2014 8:34PM PDT

I store them in a file, but abbreviated - just the first and last character. That's enough for me to remember. I'm not very trustful of password managers, and I have way too many to memorize.

- Collapse -
The cloud
Sep 12, 2014 8:59PM PDT

I'm not putting anything in the cloud! If you do it is difficult to find in all that vapour.
And when you want it, it is all wet and sticky.
Where I live clouds are really high and I can't throw things that far, they always fall back down, usually on my head!
How do other people mange to get stuff to stay in clouds? Wink

- Collapse -
This password puzzle
Sep 12, 2014 10:03PM PDT

Before anyone invented all those complicated methods of saving and remembering passwords, I remember thinking that maybe I should have a method to remember those, and since there were no fancy methods at the time, I devised my own. Purchased a USB stick, started an Excel sheet and wrote them all in in catalogue mode. The beauty of this is that it is not online but inpocket. Goes where I go, that kind of thing. Maybe a little simplistic to the new generation, but will do me, especially as I have been using GRC passwords and they are not the easiest thing to remember.

- Collapse -
Password Manager
Sep 12, 2014 10:59PM PDT

I write my passwords down. Don't trust the features out there for storing passwords.

- Collapse -
Local but firewalled
Sep 13, 2014 9:26PM PDT

I use KeePass, but I also firewall the application, just in-case.

- Collapse -
Other
Sep 14, 2014 6:53AM PDT

I chose other but could have just as easily chosen "store them in a file". This file is kept on a rather old and therefore small thumb drive which I only use for a couple of purposes and is kept safely away (Yes a thief could find it without much trouble). I only put the thumb drive in when I can't remember which password I used for a particular website. I do have 20 different passwords. I have recently installed KeePass and if I can figure out how to use it, I will probably go in that direction. Now that I am in my mid-80's it is getting hard to remember which password to use for which site. At the present moment I have 59 websites not including a couple dozen Yahoo email accounts.

- Collapse -
old Age
Sep 14, 2014 8:18AM PDT

Please do not tell me about being 80+. I am nowhere near you, at 77, but do feel that we should not be written off, just as yet. I have mentioned elsewhere of what I use to remember my passwords.

Actually, just between you and I, the feeling that Parkinson's and Alzheimer's are just waiting round the corner, and I am determined not to let them in, is in part why I have attempted to keep my computing alive. Keeps the brains active. The body is not as once it was, but the mind still is, I think. (hope)

- Collapse -
store in truecrypt file
Sep 14, 2014 7:29AM PDT

but also have the most commonly used ones password protected in Firefox system.

- Collapse -
Yes - and all my devies are sync'ed
Sep 14, 2014 2:40PM PDT

I have been using RoboForm for many years. It is the best one that I could find, and for twenty bucks a year, you can't get any better support. They also keep their product updated as soon as any new feature somes out on any browser. It is very fast and seamless. It even anticipates when you are entering a site that you have password protected, and automatically slips in a tab to fill it, fill and execute it, or edit it. You don't need to look it up. Or if you want to start a protected site, you can look it up, and it will flil it, or fill it and start it automatically.

Sometimes sites will change their logon methodology. When that happens, you can just logon with the <alt> key, and it will reset the process to the new method. I even have some sites that use two step logons, and it handles them as well.

It also has safe places to store secure notes about anything that you would like to be protected: Items like your safe combination; lock combinations for your bicycle, gym, luggage, etc.; safe deposit box key locations; location of personal papers; vehicle entry combinations; and on and on.

You can also have multiple identities, such as for home, business and personal.

Now my favorite feature: I have all of my password information in the cloud and sync'ed between my laptop, Android phone, and both of my desktops - and all on different platfoms. I have over a hundred passwords on various applications, but the only password that I have to remember is my master password. However, lose that one and you are toast. There is no way to recover it - period. You might want to put that one in your safe deposit box along with your will, deeds and other important papers; then change it about every six months or when you happen to go to the box.

- Collapse -
what's the password for?
Sep 16, 2014 5:48AM PDT

OK, think of this as just some food for thought, not a hard recommendation.

You know, there's the standard advice about how to make strong passwords, and how you're not supposed to use the same password for different accounts, and statistics about how many people use "password" or "123456" as their password, but the question I ask is what site is the password FOR?

For banking, credit cards, etc., sure, I can see using strong, well-constructed and different passwords. But do I really need a password other than, oh, "password" for, say, a sports forum where I discuss last night's game results? Can't I use the same password for my fishing hobby and RC plane hobby forums? If someone hacked my CNET account, what would they do, sully my reputation by posting imbecilic comments? Even if they hacked my phone/cable/internet account, what, should I worry that they might, er, pay my bill without telling me?? Yes, I guess they could do some temporary mischief by changing my service, but they can't actually get any personal information or buy anything to be shipped to a PO box in Malaysia.

Even if your email is hacked, it's really just more of an inconvenience. You shouldn't use email for any sensitive personal or financial reasons at all. I suppose if my company email was hacked it would be worse, but not devastating (OK, I do use a strong password for some of my email accounts, especially for business).

For on-line shopping, yes, maybe a little more security is in order, but again, it's just an easily rectified inconvenience if you were hacked, with no loss of personal information and no actual liability.

If you consider just how few of your accounts actually need the highest security, can't you just remember them? For the rest, just use "password" or your kid's name, or Happycucumber1% , two easily remembered but unrelated words, greater than 8 characters, one capital letter, one number, and one symbol. That should keep your password from being rejected from those sites with stringent minimum requirements (very annoying when the fishing forum requires NSA-proof password construction).

- Collapse -
Uh Oh Watch email hackers
Sep 16, 2014 3:25PM PDT

porche10, more food for thought...

You may want to reconsider your position regarding email password strength. A good friend of mine got her password stolen. They then got into her contacts and pulled more email addresses and personal info off the list. From this point it is really easy to write emails to them asking for money to be sent to her "vacation" motel or address. A scam of this type was just on TV last week. They also got chat names and were chatting with her friends feigning as her. Of course, they also got any attribute data that she may have had saved with each contact. Her boyfriend finally figured something was wrong after the hacker tried to break up with him via email. It was several weeks before she realized that her email data was compromised. The password thief did not change her password, so she was lgging on as usual and had no clue what was happening. They even stripped the "Sent" folder from leaving tracks.

Now she has a password manager. She uses a free one called KeePass, pretty nice. There also is a newer free one called DashLane, which I have not used. I use RoboForm at $20 a year. If you want to put easy passwords into inconsequential sites, you can still do that. If you want the password manager to generate one, it can do that for you as well. If you want to add your own more complicated passwords, you can do that, too.

One more very nice feature of a password manager is when you get word that a site has been compomised by hackers. You can look into the password file and find out immediately if you have an account with them. One click and you are entered into that site. Then make your password change and have it updated. You don't have to rely on your memory whether you have an account with that site. For me, this feature alone is worth the use of a passwod manager.

BTW, my last Android update had facial recognition logon in it. I asked a tech support rep about using a picture to trick the recognizer. He said that pictures don't work, because the recognizer has depth of field perception. I haven't used it yet, because the Help file said that key strokes are still more secure. Now developers have retina scanning. I have never heard of anyone beating that.

- Collapse -
E-mail For Me
Sep 18, 2014 7:56PM PDT

I tend to store my passwords in an e-mail that I only send to myself. Then I only need to remember 1 password at all times. I update the e-mail whenever a password needs to be added or changed. I've never had any issues with this approach. Yes, I know it's not the most secure method, but with my own code words, I'm confident that if someone were to hack my e-mail, or otherwise gain access, they wouldn't be able to find the e-mail and if they did, I feel they wouldn't understand the significance of any of it.

- Collapse -
Best choice for password
Oct 2, 2014 7:04PM PDT

I have tried many different solutions but my choice goes to Lastpass.

I also believe it's worth the paid version as it would allow you to use the phone apps and keep all your passwords with you.

I used Roboform in the past but i must say that i find Lastpass much better. You only need to remember 1 password, that's all!

- Collapse -
re
Nov 10, 2014 4:51PM PST

No.I don't use password manager .In case of malware infection ,all passwords will be stolen

- Collapse -
Do you use a password manager to store your passwords?
Jan 8, 2015 4:38PM PST

No, I store them in a file. I use to protect/lock the file if required. But i would definitely like to try if i would get some secure & good password manager.

- Collapse -
give one a try
Jan 9, 2015 10:38AM PST

there is nothing wrong with giving them a try to see which one works for you. There are a bunch of good ones out there that are safe and secure. some are free some are not. One of the biggest advantages of using a password manager is you have access to your passwords no matter what computer or device or browser you are using. Even if there is no addon or app for it for the specific device or browser you will still have access to the storage through a website. See the following for a list of them

https://en.wikipedia.org/wiki/List_of_password_managers

I personally use Lastpass and have so for at least 5 years (maybe 6 but I have slept a few times since then so can't remember).