Solved Which programs should I not include in a password manager?

[386DX]

I'm thinking about the single point of failure problem. I use Bitwarden for most sites, but what about email, banking, router... For those sites, I use a long complex password, as with the Bitdefender master password. It'd be nice to make logging on easier, but not at what risk to security. Thanks.

 

[RolandJS]

This password manager comes active within Windows? Local or online based?

 

[Alejandro85]

NONE

The main function of a password manager is to make logins more secure, not easier (that's a consequence), and that they can generate very secure passwords and store them also securely is their main goal in life. Therefore things like email, banking or anything else you deem important are the first things you should put in your password manager. Forums and ocasional logins can wait (but there is no harm inputting them too).

Of course, you should seriously consider to what password manager you trust all that information. At the very least, a good password manager MUST be offline (anything that reads "cloud" should be deemed as compromised immediately) and open source (if they refuse to show how they handle your passwords, they're not worth the risk).

 

[386DX]

Good info. I'm using Bitwarden, but I don't understand if it's kept locally, how to do that without a higher level of IT knowledge. Is there an easy way to store locally? I haven't stored bank info yet until I understand this better. I agree, if it's cloud only, I'll be looking for another program.

Also, which do you think is more secure, a complex password entered manually each time, backed up on paper, or an equally complex master password storing the same manual password locally?

 

[386DX]

Maybe you can explain this. In Bitwarden there's an option to sync passwords, but then there's a separate option to log onto their site. How can it sync if I'm not logged in? Or, what is it syncing with?

 

[RolandJS]

My stickypassword premium syncs amongst 2 laptops, 2 tablets, 1 smwrtphone via its cloud, however, I can set it to work only offline and store locally. I am still quite new working a password manager.

 

[386DX]

I'll check it out, thanks.

 

[386DX]

At the very least, a good password manager MUST be offline (anything that reads "cloud" should be deemed as compromised immediately) and open source (if they refuse to show how they handle your passwords, they're not worth the risk).

I agree 100%. I've found out Bitwarden saves to their cloud. I'm told the most user-friendly, non-cloud password manager is Keypass. I'll be checking that out. Do you have any other suggestion for a password manager with a local vault without needing a lot of technical knowledge?

 

[maxseven]

I like KeePass and have used it for many years now. It can be used with local storage only, though in my case I keep my (encrypted) keys file on Dropbox. In that way I have access to all my passwords from any device that can access DB including my portable devices.