Password Manager Recommendations?

[Rod]

I can only comment on Enpass but all the devices under one Apple ID can be synced using the portable device version of the app.
Syncing your wife's device to all the others would not be possible. My wife has her own Enpass but I regularly share password with her version.

 

[Lifeisabeach]

The knowledge you folks have shared with me on this topic is amazing. Today is the day that I get on it.

I have one more question, that pretty much tells you how much of a rookie I still am after 10 years of being on this forum.

I have 5 devices: 2 iPhones, an iPad (my wife's), a laptop and an ancient iMac. How is synching them all together performed?

I intend to let all of you know how it goes...because maybe this thread will be helpful to someone else who needs to update their passwords.

With regards to 1Password, you could do it over Wi-Fi. So basically when you want to sync, you'd have to have your devices all on the same network (at home most obviously). You'd enable a WLAN server on one of the Macs in 1P's preferences and that would be the "master" repository.

Alternatively, you can sync 1P using DropBox, but you would both have to be using the same DropBox account. Same for iCloud. You can subscribe to 1Password's cloud service, but that's a monthly sub.

What I did with my wife when I wanted to share a login was to use AirDrop and send select logins directly to her device that way. She didn't need everything I have stored, so this method was good enough.

 

[pine man]

Syncing your wife's device to all the others would not be possible.

I sync both Enpass & SafeInCloud on all MY devices AND also on my wife's PC and iPhone. The apps are logged into my account on the cloud on her devices.

No problems doing that.

 

[Rod]

I sync both Enpass & SafeInCloud on all MY devices AND also on my wife's PC and iPhone. The apps are logged into my account on the cloud on her devices.

No problems doing that.

I too share passwords via Airdrop to my wife but I don't understand what you mean when you say the apps are logged into "my account on the cloud." Do you mean your wife's devices are signed into iCloud on your Apple ID? Or are you referring to a different cloud service? I can see how that might work if you used say, Dropbox to sync but I wouldn't trust my passwords to Dropbox.

 

[pine man]

Or are you referring to a different cloud service?

Enpass is synced with Dropbox and SafeInCloud is synced with OneDrive. I wanted to have all of our family devices synced but as they are governed by different iCloud accounts I decided the easy way forward was with one of the alternative cloud systems.

Both apps have a number of alternatives for syncing but SafeInCloud does not sync with iCloud. I have to agree that iCloud appears to be the most secure cloud system but, as far as the others go, research suggests that their security is pretty much the same as each other.

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

Each of these popular cloud platforms boasts robust security - but which does it best?

www.itpro.co.uk

Both apps are free for use on Macs and PCs but you pay for mobile apps.

 

[Rod]

I guess OneDtive would be okay and certainly doable on different devices, I just prefer iCloud for security.

 

[Lifeisabeach]

I guess OneDtive would be okay and certainly doable on different devices, I just prefer iCloud for security.

Yeah, DropBox just doesn't have robust security. I recall a few years ago where they changed some phrasing in their policies from saying that their team members cannot access your data to something along the lines of they are "not allowed" to access your data. Being unable to do it and not being allowed to do it are two entirely different things. The latter doesn't stop a rogue or worse, if an employee's access is compromised by a third party, well open door!

I would have thought they'd have tightened up more on this by now, but I found an article from 2020 that suggests differently. This is a really good read, especially the link they have that talks about "zero knowledge".

Dropbox Security 2024 [Recent Data Breaches & Alternatives]

Dropbox is no stranger to data leaks. We take a look at Dropbox security to determine the positives and potential negatives.

www.cloudwards.net

 

[pine man]

Maybe I'm over thinking this, and it's slightly off topic I'm sorry, but if I use one of the main cloud systems purely to sync something like Enpass and nothing else, then surely there is nothing for anybody to see or access in that cloud account except an encrypted file for which they would need to have both the program to run it and access to my unique password to open it, wouldn't they?

 

[Lifeisabeach]

Maybe I'm over thinking this, and it's slightly off topic I'm sorry, but if I use one of the main cloud systems purely to sync something like Enpass and nothing else, then surely there is nothing for anybody to see or access in that cloud account except an encrypted file for which they would need to have both the program to run it and access to my unique password to open it, wouldn't they?

Your Enpass files certainly should be encrypted, so it's not a simple matter of someone automatically being able to read the contents of your Enpass files if they had access to your DropBox account from the backside. The only question is how easily they could decrypt those files and from there, figure out your password for the database. So, it's not as insecure as it may sound, but hardly "best practice" when it comes to security. Me personally, given the contents and how badly I personally would be compromised if my 1Password database was compromised unknown to me (I don't just have bank account logins, but credit card details and so much more), I'm sticking with a service that I trust more.

 

[pine man]

I'm sticking with a service that I trust more.

I fully understand, you've got to stick with what you are happy with.

 

[MacInWin]

Security needs to be thought of on a global scale. Not global as in all over the Earth, but global in the sense of the overall approach to security. There is no "perfect" security scheme. Basically, if two people know something, it's not a secret. So you and your computer know your password, which means it's not secret. But if you do security in layers, you can get pretty close to airtight. It's called the "Swiss cheese" approach. You have several pieces of Swiss cheese. Each has one or more holes in it, but if you layer them up, you can accommodate for the hole in one with the solid area in another. Put enough slices of Swiss cheese together and you have no holes anymore.

So what does that mean to us as users? Well, we need to layer up security. I have a strong password on my Mac. Slice one. I don't encrypt the drive, but I could if I wanted another slice of cheese. But for now, I have a strong password. I keep my laptop in a relatively secure place, don't leave it around. When I used to be a road warrior, I had the Kensington lock and always locked down my laptop to a strong fixture. Slice two. Then I have a password keeper and generator with another strong password. Three slices. I use individual randomly generated passwords of 16-18 letters, numbers, symbols for each account. Four slices. Then for all accounts online that offer them I have 2FA activated. Five. I password protect my iPhone and use facial recognition on it (no children around that look much like me, so that's pretty safe). Up to six layers now. Sometimes I use a VPN, but not religiously. If you used a good VPN that could be layer 7, encrypt the drive and you have 8. Firmware password would be 9 but I'm not working for any spy agencies, so that is really overkill.

Now some of those layers are more vulnerable than others, and some are about to become immaterial. Quantum computing is going to make passwords of any length or complexity easy to crack. One can only hope that someone is working on quantum passwords to counter that. But even with a cracked password, the malefactor still needs my devices for the 2FA. If it gets bad enough, I'll pull out of the online economy and keep my stuff in a mattress.

If Apple comes out with facial recognition, or some other biometric, for security, I'll add that layer as well. You have to keep inspecting the slices of cheese in your stack for weaknesses and threats. But don't trust in any ONE slice. You need the stack.

 

[twizzard]

I use Lastpass because it is very secure. Your passwords never leave one of your devices unencrypted. They encrypt using your username, password, a salt and run the result through over 100,000 cycles of SHA-256, and then use that result to encrypt and decrypt with AES-256. Yes, your passwords are on their server but neither Lastpass nor a hacker can decrypt them. I use Lastpass on iPhone, iPad, Macintosh, Linux, Windows, Chromebook and more. If I update a record on one device it updates on all devices with the next network connection. The free version is all you need. Highly recommended.

To be honest, I am guilty of password mismanagement. Yes, I use the same one for a few log-ins here and there, but now the way things are rapidly changing out here, it's time I get off my lazy rear end and invest in a password manager.

Why I am here is that I've been searching around for a password manager and the amount of choices out there is overwhelming. Currently, between my wife and I we have 5 devices that can log onto the net so the program would have to be able to be used by both of us over 2 phones, 1 iPad, 1 laptop and one desktop device.

I do not mind having to pay for it either....I am looking for the most secure program out there that is relatively easy to use.

As always, TIA!

Cheers!

Pat

 

[Rod]

Well I for one would love to know which one you decide on and whichever one that is just make sure you back it up and cannot forget your master password. Once you become dependent on a PM loosing access to it would be a disaster.

 

[neilf]

Just to add another positive for 1Password, although it is subscription based. I have also found that their customer support is excellent.

 

[Rod]

Well I guess that goes hand in hand with a subscription based app but good to know.

 

[AirBear]

I've used LastPass and Roboform. Roboform has been my favorite for the past few years. It's a web browser add-on that is cross-platform. I have it on my Win10 gaming rig, my iMac and my iPhone. It stores your name, address, etc. and will fill it in automactically. It can also store your credit card info and fill that automatically if you so desire. It will make complex passwords for you but I don't use that usually. I have simple easy to remember passwords for non-critical stuff like my game log in's and more complex passwords for financial stuff.

 

[macnicol]

I use an Excel spreadsheet to store my passwords. Safari & Firefox both generate excellent random long passwords. I copy these as they are generated and enter them into my spreadsheet which contains ALL of the info about my accounts and credit cards. This file is stored on my home based iMac. To use this info on my iPhone and iPad, I create a password protected pdf of the excel spreadsheet. No one has access to my info but me, no worries about compromised cloud servers and no payments for an app or cloud service. Have used this method for many years and has not failed me yet. Good luck. Never trust anything to the Cloud which is just a matter of time to be hacked.

 

[Chaver4u]

To be honest, I am guilty of password mismanagement. Yes, I use the same one for a few log-ins here and there, but now the way things are rapidly changing out here, it's time I get off my lazy rear end and invest in a password manager.

Why I am here is that I've been searching around for a password manager and the amount of choices out there is overwhelming. Currently, between my wife and I we have 5 devices that can log onto the net so the program would have to be able to be used by both of us over 2 phones, 1 iPad, 1 laptop and one desktop device.

I do not mind having to pay for it either....I am looking for the most secure program out there that is relatively easy to use.

As always, TIA!

Cheers!

Pat

I use 1Password on my MacBookAir and iPhone. Works perfectly. Their customer service is also fast and efficient. I only have to memorize 3 passwords: of 1Password, my Mac and my iPhone.

 

[Rod]

I use an Excel spreadsheet to store my passwords. Safari & Firefox both generate excellent random long passwords. I copy these as they are generated and enter them into my spreadsheet which contains ALL of the info about my accounts and credit cards. This file is stored on my home based iMac. To use this info on my iPhone and iPad, I create a password protected pdf of the excel spreadsheet. No one has access to my info but me, no worries about compromised cloud servers and no payments for an app or cloud service. Have used this method for many years and has not failed me yet. Good luck. Never trust anything to the Cloud which is just a matter of time to be hacked.

For some years I used a similar method but the drawback was updating.

 

[chscag]

The spreadsheet idea has merit. My only problem is that I'm so rusty on using Excel or any other sheet program that I would probably mess it up.

I vote for 1Password or LastPass. Both excellent.