Help for save password securely

[killer bee]

Recently someone in USA hacked my gmail account, I normally use "Lastpass" for save password, but now i think its not secure. Is it OK if i put my passwords into text files (encrypted) and save it my PC. Because if i forget them i can't use my emails ad FB accounts.
Is it ok if i save passwords using web browser password manager? But i have Xmarks and Firefox sync.
Actually i have 6 email address (4 personal use and other 2 for my blog)

How do you save your password securely?

 

[allend66]

Roboform Desktop Pro (there's also a free version).

keep your password somewhere else - not on your pc.

 

[BriceH]

Hi, killer bee. I use a piece of software called KeePass to store some of my important passwords that are hard to remember. I have found it very useful, and I highly suggest it.

KeePass Password Safe

 

[RoloDman]

I agree with BriceH, KeePass is great and it even offers to generate passwords for you. I have used it for years and and it highly customizable and easy to use. One nice feature is that you can set a password to access your KeePass passwords but you can also have KeePass require a key file in conjunction with your password. This mean you could save your password on one source and then save your "key file" on say a usb thumb drive or even just on your desktop.

 

[logicearth]

The problem is not Lastpass never was. No point in moving an insecure password to another system it is still an insecure password. What you should be doing is change all your passwords by using the "Generate Password" Lastpass provides, make it long and complicated. But it doesn't matter what you use an insecure password is still insecure.

Just for the record, Lastpass is secure. As long as the passwords it stores are secure and the master password is secure. The same applies to every password manager.

 

[killer bee]

I think "Roboform", "KeePass Password Safe" and "last pass" also use same thing. They sync passwords with the server? Am i right?

 

[logicearth]

I think "Roboform", "KeePass Password Safe" and "last pass" also use same thing. They sync passwords with the server? Am i right?

Wouldn't matter, the software is not the problem.

 

[killer bee]

I think "Roboform", "KeePass Password Safe" and "last pass" also use same thing. They sync passwords with the server? Am i right?

Wouldn't matter, the software is not the problem.

If not then what is the problem.

 

[mickey megabyte]

keepass stores its files locally, using an encryted database .db file.

if you use multiple computers (including smartphones), you can do special tricks with syncing software such as sugarsync (or dropbox), but that kind of defeats the benefits of keeping it local.

 

[value]

keepass stores its files locally, using an encryted database .db file.

if you use multiple computers (including smartphones), you can do special tricks with syncing software such as sugarsync (or dropbox), but that kind of defeats the benefits of keeping it local.

Don't these services like sugarsync and dropbox store your files encrypted too? So there is basically no chance that the KeePass .kb file could be related to your system?

 

[logicearth]

If not then what is the problem.

Well not to be rude, but you are. PICNIC, problem in chair not in computer. As long as your passwords are insecure (apple) then they can be bruteforced or if you fall for a phishing attack. It doesn't matter what software you use they cannot protect from PICNIC issues.

 

[mickey megabyte]

keepass stores its files locally, using an encryted database .db file.

if you use multiple computers (including smartphones), you can do special tricks with syncing software such as sugarsync (or dropbox), but that kind of defeats the benefits of keeping it local.

Don't these services like sugarsync and dropbox store your files encrypted too? So there is basically no chance that the KeePass .kb file could be related to your system?

i'm not sure if synced data are encrypted before or after being sent from your pc to their servers.

maybe i didn't make myself clear - i was just pointing out that if you keep your files local, then you're not exposed to security vulnerabilities BUT if you have multiple machines and want access to your keepass database from them all, then there's a slight exposure risk.

it's something i've been thinking a lot about lately, and it seems there is no perfect solution. if your data is out there in the cloud, then there's possible dangers that somebody else can get at it.

saying that, i don't have any vitally important top-secret data, but i still wouldn't want people logging into all my stuff.

 

[logicearth]

it's something i've been thinking a lot about lately, and it seems there is no perfect solution. if your data is out there in the cloud, then there's possible dangers that somebody else can get at it.

As long as it is encrypted and you use a secret private key that never is shared then you don't have much to worry about. For example, Lastpass only ever stores the encrypted data on their servers. Your computer does the encryption and decryption locally only. Your master password never leaves your computer, Lastpass does not even have it stored in their database.

Now if you find a way to decrypt secured-keyed AES without the key the NSA would like to talk to you.

But again if your passwords are insecure it won't matter.
I suppose you could look here: https://www.grc.com/haystack.htm