Talk of The Villages Florida - View Single Post - Password Manager
Thread: Password Manager
View Single Post
 
Old 02-28-2025, 05:53 AM
kkimball kkimball is offline
Junior Member
Join Date: Jun 2020
Posts: 18
Thanks: 2
Thanked 41 Times in 7 Posts
Default
All the major password managers, cloud or otherwise, work roughly the same.

Your passwords are stored in an encrypted file, which requires your master password to decrypt. Some password managers only store the encrypted file on your computer, while others store it "in the cloud", which is less far likely to fail and is more convenient to access across devices, i.e. desktop, laptop, phone, etc.

As long as your master password is sufficiently complex and not leaked, then your passwords are secure. This was proven when LastPass was compromised back in 2022. Note that when quantum computing matures, today's encrypted data will be easily decrypted. This is likely decades away and encryption will evolve in the meantime.

Personally, I use Zoho Vault. It's free and the browser and mobile apps work well. It's encryption is not better or worse than the others. They store your encrypted passwords in the cloud, and you can directly download the encrypted file at any time.

Zoho Vault can also store your 2FA TOTP codes and automatically fill them on websites. While this is convenient, it's less secure since your passwords and 2FA info will be in the same file.

There are some passwords that I do not store including my email, computer, and phone credentials.

For my master password and passwords that I do not store, I use unique pass phrases instead of passwords because they are easy to remember.

To create a passphrase, pick four words that you can remember, but others will not guess. For example, villages-holeinone-golfing-today. This passphrase is sufficiently complex, easy to remember, and is not vulnerable to a simple dictionary attack.

If you store sensitive information, then you can get a FIDO security key (actually multiple keys so you have a backup). With a FIDO key, your passwords cannot be decrypted without the physical key. You can also use it for multi-factor authentication on websites that support it.

To summarize, use a password manager is far better than using the same password on multiple websites. Pick a password manager that's easiest to use for you as they all basically use the same encryption. Consider using a pass phrase for your master password and a FIDO key (or passkey) for additional security.
Last edited by kkimball; 02-28-2025 at 06:05 AM.