This is a work-in-progress. If you have suggestions on what to cover (and/or what not to discuss) please let Steve know.
This page last modified 2021.02.02 09:30
For what it's worth, I use KeePass and on multiple devices. I will summarize below. Note, there are no costs (to purchase or recurring) for any of the following (further down on the page some items may have a cost and it is noted). These are my practices and I'm only putting them here for readers to consider when setting up their database security system. You should do what you feel is best for you.
The major benefit for using a password manager are: (1) You only have ONE password to remember, and (2) You can use Long and Hard to guess passwords Easily
cqLbq2NHcuNmgU– 14 characters, upper and lower case letters, and at least one number. This one has entropy 82.06 which is “good”.
M6dehfJRn7dz7lM82Khas entropy 101.60 and is considered “excellent”.
There are other capabilities of a KeePass password manager like autofill (it'll copy and enter passwords for you) and URL entry (it'll enter your site's URL into your browser), and more; but I do not have experience with these.
The idea for this started when I heard that someone had someone access their Facebook page. It's possible this happened because Facebook passwords were stolen but it's also that the password was guessed. Let's explore ways that passwords are compromised and how to protect your passwords without causing unnecessary effort on your part.
And is there a way to store all of your account and login information, securely, and easy to access?
Much from How to hack like a pro
How long does it take to crack a password? (From link)
|Length||A-Z,a-z,0-9||with special chars @#$%& etc|
|9 characters||2 minutes||2 hours|
|10 characters||2 hours||1 week|
|11 characters||6 days||2 years|
|12 characters||1 year||2 centuries|
|13 characters||64 years||really long time|
You should assume that the attacker knows a lot about you: e.g., Facebook. Guessable things like the following have no business being in your password (or as one the answer to any of your recovery questions:
If a human is going to guess the password then make it unhuman. Consider: a password “safe”. Here are some free alternatives. From Tech Radar, The best free password manager 2019
Also see PC Magazine's picks
Do a DuckDuckGo (or Google if you're still using Google) search for “Best Password Managers” and look for those with 2020 or 2021 information.
All offer unlimited login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.
|Manager||Free version.||Paid version.||Cost.|
|LastPass||Access on all devices via their website||1GB Secure cloud storage|
Multi Factor Authentication
Contingency plan (loved one access in emergency)
|$3/month 1 user, $4/month 6 users (group and share items, family manager)|
|Dashlane||Up to 50 passwords||unlimited passwords||$4.99/month billed annually|
|Keeper Security||access on one device||other features (dark web, etc) cost/month||$2.50/month, $29.99 annually|
|RoboForm||sync across devices, cloud backup, web access, all cost||$99.50/5 years|
|KeePass Password Safe||* Can run from USB|
* Many customizable options
* A little intimidating? You judge.
|FOSS1) - there is no paid version – all features in free version|
Many ports, with different features and UI
|Note, no cost. Does not provide place to store the Safe, that's up to you|
You enter your email address and this site (https://haveibeenpwned.com/) will tell you if your email address has been picked up during a data breach and which sites. Note that it also suggests using a paid password manager system; check my advice on password managers above.
I use a combination of KeePass on my Mac, PC, and iPhone to access, create, maintain passwords and related information in a secure password safe (encrypted file). I store and access the safe using iCloud and Dropbox.
Note that KeePass has different applications you can use to access the password safe, as they differ by device.
While I started using Dropbox as you could access your free 5GB from any number of devices, they have restricted its use to 3 devices unless you pay. Now I am using iCloud to hold the password safe as there is no limit on number of devices.
If you do not want to use the cloud (Internet storage) to save your password crypt, you can store it on your computer and use a USB stick to copy it from machine to machine and as a backup.
|Password Crypt, Password Safe||A secure file where passwords and related information are stored and unavailable unless someone has the software and knows the password to access the contents|
|Port||As in “Application ported from Mac to Windows 10” means that the application has been rewritten from that on (Mac) and is also now available on (Windows 10)|
|FOSS||Free Open-Source Software|
|SPOF||Single Point of Failure|