Browser password manager or stand alone?
Discussion
For years I’ve used windows os, with google browser and Norton av. But following sone advice on here I’ve ditched google and Norton and now just use edge. Really please as this saves me money and pc is faster.
Anyway I always used Google’s pwd manager and now use edge’s.
Question: is a browser pwd manager safer, or as safe, as a standalone third party pwd manager?
I’m getting paranoid about putting all my pwd in one place now.
Ty
Anyway I always used Google’s pwd manager and now use edge’s.
Question: is a browser pwd manager safer, or as safe, as a standalone third party pwd manager?
I’m getting paranoid about putting all my pwd in one place now.
Ty
Edited by Scarletpimpofnel on Wednesday 1st February 21:44
I think the most convenient option is a third party app that integrates with your web browser.
Example, I use BitWarden, which is free/open source. It has extensions for all web browsers, a standalone Windows app for logging into desktop apps, and an iOS app that replaces Keychain and manags both web and app passwords, and works with FaceID. It also stores credit/debit card info so lets me autofill these in checkouts.
If I'm really desperate I can login to BitWarden via its website with a username and password (and 2FA).
If I just used a browser password manager, it wouldn't work across multiple browsers, or for desktop or mobile apps. I would also need a sync account to get it to work on the same browser on more than one device. I also would not have the option of logging in to my password vault on any computer.
These things are only as strong as your master password though. The encryption is strong enough that brute forcing isn't really an option. If you have a weak master password and no 2FA set up you are vulnerable.
Example, I use BitWarden, which is free/open source. It has extensions for all web browsers, a standalone Windows app for logging into desktop apps, and an iOS app that replaces Keychain and manags both web and app passwords, and works with FaceID. It also stores credit/debit card info so lets me autofill these in checkouts.
If I'm really desperate I can login to BitWarden via its website with a username and password (and 2FA).
If I just used a browser password manager, it wouldn't work across multiple browsers, or for desktop or mobile apps. I would also need a sync account to get it to work on the same browser on more than one device. I also would not have the option of logging in to my password vault on any computer.
These things are only as strong as your master password though. The encryption is strong enough that brute forcing isn't really an option. If you have a weak master password and no 2FA set up you are vulnerable.
Edited by Brainpox on Wednesday 1st February 21:39
I've just moved my personal pwm from LastPass to Bitwarden and we use 1Password at work. 1Password is better to use than Bitwarden but then Bitwarden is free for personal use so churlish to complain.
LastPass actually had the best interface and functionality but they shat the bed and let everyone's vaults get nicked so f
k 'em.
Try Bitwarden and if you don't like it then cough up for 1Password - it's a doddle to migrate between them as I've found when getting out of LP to Bitwarden.
LastPass actually had the best interface and functionality but they shat the bed and let everyone's vaults get nicked so f
k 'em.Try Bitwarden and if you don't like it then cough up for 1Password - it's a doddle to migrate between them as I've found when getting out of LP to Bitwarden.
Scarletpimpofnel said:
Thanks above.
Bitwarden sounds good because my phone is iOS and I was wondering about how to integrate to that.
I assume bitwarden generates strong passwords for you?
What is a master password? I’d definitely use 2FA.
Thanks again.
Yes Bitwarden has a password generator with a few options for length/complexity for those websites that, for some reason, don't let you use symbols, or more than a handful of characters...Bitwarden sounds good because my phone is iOS and I was wondering about how to integrate to that.
I assume bitwarden generates strong passwords for you?
What is a master password? I’d definitely use 2FA.
Thanks again.
Master password is the one you use to login to the vault and access all your other passwords. For obvious reasons it needs to be unique and difficult to guess.
Brainpox said:
Scarletpimpofnel said:
Thanks above.
Bitwarden sounds good because my phone is iOS and I was wondering about how to integrate to that.
I assume bitwarden generates strong passwords for you?
What is a master password? I’d definitely use 2FA.
Thanks again.
Yes Bitwarden has a password generator with a few options for length/complexity for those websites that, for some reason, don't let you use symbols, or more than a handful of characters...Bitwarden sounds good because my phone is iOS and I was wondering about how to integrate to that.
I assume bitwarden generates strong passwords for you?
What is a master password? I’d definitely use 2FA.
Thanks again.
Master password is the one you use to login to the vault and access all your other passwords. For obvious reasons it needs to be unique and difficult to guess.
Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
Scarletpimpofnel said:
Thanks. But the master pwd is used in conjunction with 2FA I assume? So even a weak master pwd is difficult to crack due to the 2FA?
Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
Storing passwords in the browser doesn't offer as much protection as a proper password manager.Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
Also, 1Password uses your email address, password and a secret key or authentication (during initial setup).
After that, you have a master password to unlock your password vault. All data stored in the vault is encrypted.
Scarletpimpofnel said:
Thanks. But the master pwd is used in conjunction with 2FA I assume? So even a weak master pwd is difficult to crack due to the 2FA?
Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
They didn't lose master passwords, only users' encrypted vaults. Which is OK as long as your master password was sufficiently long/complex, but I bet a lot of people were using inadequate passwords.Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
As a result of the breach I've ditched LastPass (as previous posters have), I've moved to BitWarden. The migration process was very straightforward.
edit: The benefit of something like Bitwarden over a specific browser's password manager is you're not tied to a specific browser. LP and BW have browser extensions for Chrome, Edge, Firefox etc so you can use whichever browser you like.
Edited by underwhelmist on Wednesday 1st February 22:12
Another user who ditched Last Pass before this hack due to their change from free to charging, seems that was a blessing.
I now use Bitwarden, primarily because I can use it on multiple OS/Devices and always have my passwords available. If you use 1 browser product then swapping browsers becomes a problem.
I now use Bitwarden, primarily because I can use it on multiple OS/Devices and always have my passwords available. If you use 1 browser product then swapping browsers becomes a problem.
Scarletpimpofnel said:
Thanks. But the master pwd is used in conjunction with 2FA I assume? So even a weak master pwd is difficult to crack due to the 2FA?
Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
2fa isn’t perfect so can’t be relied on entirely. However your master password can be easy to remember but still complex to crack. For example you could make a short sentence with punctuation. Easy for you to remember but would take a computer to the end of time to brute force. Didn’t lastpass get cracked and lose all their master passwords recently? That’s why I was wondering if the might of Microsoft behind edge’s pwd manager would be more secure as greater resources to ensure it is so?
somouk said:
Another user who ditched Last Pass before this hack due to their change from free to charging, seems that was a blessing.
I now use Bitwarden, primarily because I can use it on multiple OS/Devices and always have my passwords available. If you use 1 browser product then swapping browsers becomes a problem.
Unless you deleted your account you still might not be safe as they moved non-payers onto the free level & kept the database/vault active. They are not saying who actually had their data stolen though.I now use Bitwarden, primarily because I can use it on multiple OS/Devices and always have my passwords available. If you use 1 browser product then swapping browsers becomes a problem.
Scarletpimpofnel said:
PS - Was getting the dreaded 403 forbidden when posting the above as text so posted as an image which worked. Text came from notepad so no hidden chars etc. Why is PH objecting to the baove text?
Edit: Was going to suggest it doesn't like pwd and other XSS related commands, but it accepted it.1Password for me BTW, using as an app on phone and accessible via browser when on laptop.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff