[Michael G.]

I been tempted many times to use one of the password managers that are available.

My son works out of his house for a national bank, and keeps reminding me
they can and known to be hacked and recommends against them.

Your Thoughts

[Stu from NYC]

Have been wondering myself have a large stack of passwords on my desk and a pain to go thru them to find the one I need

[retiredguy123]

I don't trust them. I list all of my passwords on an MS Word document that requires a password to open. If I forget a password, I can use the document to find it. The Word document is on my Google Drive which can be accessed from anywhere.

[Altavia]

Are password managers secure? | Norton.

Are password managers secure?

You might worry about trusting a program or app with your master password and other private information. Can't app makers be hacked, too?

The quick answer is “yes.” Password managers can be hacked. But while cybercriminals may get "in" it doesn't mean they will get your master password or other information. The information in your password manager is encrypted. And deciphering that encryption, which is usually industry-standard encryption like Advanced Encryption Standard (AES), is almost impossible.

Plus, most password managers do not store or have any access to your master password or the encrypted information in your password database.

Much of the security of your password manager depends on the strength and safety of your one master password. And for many password management systems, that master password is not stored on the same server as your encrypted information. This adds an additional layer of security.

...


Password managers like Dashlane do not have your master password. All information is encrypted before sending to their database. Flip side, if you forget your master password, they can't help recover your data.

...

[Altavia]

Quote:

Originally Posted by retiredguy123

I don't trust them. I list all of my passwords on an MS Word document that requires a password to open. If I forget a password, I can use the document to find it. The Word document is on my Google Drive which can be accessed from anywhere.

Umm, MS Word can be hacked in about 10 seconds with tools really available on the Web...

Also risky to trust Google Drive with information...

Is Google Drive Secure? How to Protect Your Files

[Pugchief]

Quote:

Originally Posted by Altavia

Much of the security of your password manager depends on the strength and safety of your one master password.

Minimum 12 characters, 14+ is better. Mix upper and lower case letters, numbers and symbols.

[retiredguy123]

Quote:

Originally Posted by Altavia

Umm, MS Word can be hacked in about 10 seconds with tools really available on the Web...

Also risky to trust Google Drive with information...

Is Google Drive Secure? How to Protect Your Files

So, they would need to hack my Google account, find my Google drive, hack it, then figure out which MS document has my passwords, hack it, and then figure out my username and find a website that would somehow benefit them. And, they still couldn't access my financial accounts. I feel pretty safe with my system.

[spinner1001]

I use an online password manager and I am pretty careful about such things.

LastPass was famously hacked but the hackers could not get a customer passwords because the online customer password files are encrypted and LastPass does not store customer encryption keys. Only customers know their own encryption keys. So even though hackers got into LastPass, the best they got were encrypted customer password files. The hackers, however, likely got some unencrypted files such as billing addresses, email addresses, and phone numbers. LastPass, of course, says it learned from these hack experiences and improved their security. That is likely true.

I use two factor authentication in addition to an access key for my password manager (not LastPass) that makes my online encrypted files even safer from hackers. It is two layers of protection. Also, the online password manager helps me create complex, randomized passwords that would be impossible to guess and it alerts me if I use the same password for more than one website.

For websites requiring my log in information, I use two factor authentication for all important websites that offer it (most do now). This means they require my password and a separate two factor authentication tied to my personal device.

All of this means is my online password manager has multiple layers of security and my important websites offering two factor authentication have two layers of security.

Personally, I would not use Google’s or Apple’s password managers for anything important. I want a reputable company mainly in the business of password security rather than only a small part of their business.

I have over 500 stored passwords. For me, the alternative to an online password manager carries more risk.

[spinner1001]

Quote:

Originally Posted by retiredguy123

So, they would need to hack my Google account, find my Google drive, hack it, then figure out which MS document has my passwords, hack it, and then figure out my username and find a website that would somehow benefit them. And, they still couldn't access my financial accounts. I feel pretty safe with my system.

If your computer has a setting to have your Google Drive files stored on your local storage drive, you may have another area of exposure with your Word file. A hacker into your computer or evil local tech support person could get to your Word file on your local drive. But you still might have good protection if your local Word document is password protection for document encryption rather than only for limited access. Encrypted files are generally the gold standard. And better yet under these conditions is if your entire local storage drive is encrypted by your operating system.

[retiredguy123]

Quote:

Originally Posted by spinner1001

If your computer has a setting to have your Google Drive files stored on your local storage drive, you may have another area of exposure with your Word file. A hacker into your computer or evil local tech support person could get to your Word file on your local drive. But you still might have good protection if your local Word document is password protection for document encryption rather than only for limited access. Encrypted files are generally the gold standard. And better yet under these conditions is if your entire local storage drive is encrypted by your operating system.

My Google drive can only be accessed in the cloud and my Word document name is not identified as having passwords. Also, my financial account passwords are not located in the Word document. So, if someone gets my Publix app password, so what?

[MidWestIA]

Password managers have been hacked.

Put it all in excel and password protect it that encrypts it and backup to a usb drive - that is all they do

[M2inOR]

I use what is built in to Google Chrome, and have multifactor authentication enabled. Having my password won't get you into anything I saved inside, except for the few files and folders I have shared publicly.

I don't keep a file with passwords in it. Instead I have a list of places I have used that require usernames and passwords. Instead of storing the password, I have clue formulas that remind me of the password for that site.

So for each account, there is a link to the account, a username, and a password clue.

Make those clues impossible to guess.

[sdeikenberry]

Kaspersky has long been a trusted name for anti-virus protection and they also offer a password manager that is very good. I've used it for some 10 years now along with their anti-virus, and I have never had any issues. I also have the extension installed on Chrome and my password protected websites open automatically with the master password. Your master password is not stored so you have to remember that one. The Kaspersky Total Protection software is outstanding IMHO.

[bobmiller267]

Check out 1Password. Very secure and highly recommended and used by.a lot of internet professionals.

[ElDiabloJoe]

I concur w BobMiller, 1Password is the ultimate, and I have 247 saved passwords there. The important ones, like my investment accounts and the 1Password Master PassWord are 25 digits, and kept written down and kept in a sealed envelope in my gun safe and a copy in an off-site family members gunsafe in a sealed envelope. Security is an onion, good security has a lot of layers, and good security is not convenient.