-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
What is the best password manager, 1Password or Bitwarden?
- Thread starter OZ9000
- Start date
V1LÆM
Gold Member
Bitwarden
Used 1Password (paid) for a while but ended up with Bitwarden (free with paid options).
the free tier of bitwarden is more than enough for most people. premium is $10/year. 1Password starts at $35.88/year.
If you are really concerned about security Bitwarden lets you host it yourself
i seen on amazon there are notebooks for writing down passwords. yeah fuuuuck that lol.
also with the push to TOTP and the upcoming passkeys then your notebook will be useless. the future is password managers with built it TOTP and passkey support.
Used 1Password (paid) for a while but ended up with Bitwarden (free with paid options).
the free tier of bitwarden is more than enough for most people. premium is $10/year. 1Password starts at $35.88/year.
If you are really concerned about security Bitwarden lets you host it yourself
the only password i have written down is the masterpassword to my bitwarden account and that's locked in a box in the loft.
i seen on amazon there are notebooks for writing down passwords. yeah fuuuuck that lol.
also with the push to TOTP and the upcoming passkeys then your notebook will be useless. the future is password managers with built it TOTP and passkey support.
Last edited by a moderator:
dr_octagon
Banned
My neogaf password
daveonezero
Banned
It is so inconvenient.
there is no solution that is fool proof. Your note book can be stolen and read by anyone.
You can steal a 1password file from the server but can’t read it in plain text without 3 different secrets.
Password, recovery key and a 2fa token.
Keepass, 1password and Bitwarden all have had security audits iirc. 2 of them are open source and continually looked at.
1password has quite an impeccable record and good integration with iOS.
If you are paranoid and don’t want to use a central server you can setup bitwarden and self host on something like the start9 embassy. But that route takes some know how.
Last edited:
mutt765
Member
As a compromise between going completely offline and services like LastPass, I recommend Keepass and onedrive/dropbox. Even if your cloud storage of choice gets hacked, your "vault" file is still encrypted. https://keepass.info
Con_Z_ǝdʇ
Live from NeoGAF, it's Friday Night!
I know, i just found it funny that after all he went through he will dive into the next password manager. He wouldn't have the problem if he'd written it down.
Like, oh i burned myself, which fire do i touch next. Of course this is highly simplified.
daveonezero
Banned
He didn’t though. He can backup the last pass archive and import it into another manager.
Last pass has a history of this now multiple times.
The others do not.
What happens if you lose a notebook with passwords in it? That’s a fire I decided I didn’t want to mess with.
Kenneth Haight
Gold Member
They also salt and encrypt the passwords. You’re much better using a password manager than using a notebook lol
Bitwarden is fantastic and free. Exported my lastpass creds after they began getting greedy and asking for money. Please don’t listen to this person and write your passwords down or keep them in plaintext on your phone. You’re asking for trouble.
Last edited:
Spaceman292
Banned
It doesn't matter what password you use. Just use phone authentication.
Can I self host my Bitwarden file on Google Drive?It is so inconvenient.
there is no solution that is fool proof. Your note book can be stolen and read by anyone.
You can steal a 1password file from the server but can’t read it in plain text without 3 different secrets.
Password, recovery key and a 2fa token.
Keepass, 1password and Bitwarden all have had security audits iirc. 2 of them are open source and continually looked at.
1password has quite an impeccable record and good integration with iOS.
If you are paranoid and don’t want to use a central server you can setup bitwarden and self host on something like the start9 embassy. But that route takes some know how.
All my important accounts are backed by 2FA and have been since the beginning.
I need to migrate my email provider however. My current one is beyond awful and doesn't have 2FA.
I don't have anything exciting to hide on the internet other than online websites linked to my bank card eg eBay, PayPal, Amazon.
Last edited:
TheDraconian
Member
The trusty ol' brain is still the best password manager.
Patrick S.
Banned
If you write the passwords down somewhere, make it a rule to put three random, false characters at the front and three random characters at the end of the passwords you write down. That will probably fool most casuals who might steal your notepad, because none of the passwords they try as written will work.
Last edited:
analog_future
Resident Crybaby
iCloud Keychain is the best IMO, but only if you have all or mostly Apple devices.
daveonezero
Banned
you could put a backup there like what people do with Keepass. But with the Start9 embassy or similar setup Bitwarden is self hosted and will act more like a 1password or Lastpass cloud service.
It’s ok. I find it sort of clunky.
Last edited:
negator2vc
Member
KeePass!
If you need your passwords in more than one device you can simply use a file sync service like dropbox to sync the database file between them.
Personally I have 2 databases, one main database that contains all my passwords which is used only on my main PC
and one secondary database that contains some of my passwords that I sync with my secondary devices (mainly my phone).
If you need your passwords in more than one device you can simply use a file sync service like dropbox to sync the database file between them.
Personally I have 2 databases, one main database that contains all my passwords which is used only on my main PC
and one secondary database that contains some of my passwords that I sync with my secondary devices (mainly my phone).
Last edited:
Winter John
Member
I put them down in my notebook and take a photo of them with my phone. My phone's got a passcode and finger scanner on it, so I figure anyone who can get past that shit could probably get past anything
BlackTron
Member
I've used Keepass (uh, the same .exe lol) for over 15 years. I just want a way to save my passwords on my own local device with a layer of security above Notepad.
I keep a copy on my PC for easy reference and it gets backed up with a bunch of other stuff on my own media. Sure I guess someone could get my file but the amount of fucks you'd have to give to crack it, if it was ever even plausible, is insane. I feel like in most cases, all you need to do is to not have it sitting in plain text free for the taking.
Don't store passwords in the cloud, or in your browsers PW manager....
I keep a copy on my PC for easy reference and it gets backed up with a bunch of other stuff on my own media. Sure I guess someone could get my file but the amount of fucks you'd have to give to crack it, if it was ever even plausible, is insane. I feel like in most cases, all you need to do is to not have it sitting in plain text free for the taking.
Don't store passwords in the cloud, or in your browsers PW manager....
cormack12
Gold Member
Why? I've never heard of Google's password manager being broken into or breached for example.
I've used keepass and last pass and I find them a pain to be honest. I iust went to the simplicity of GPM
OP, I run a cost free service where I allow people to email me their usernames and passwords and I put them in a password protected csv on a thumb drive in my safe. Please choose us.
cash_longfellow
Member
People really pay for something to store their passwords? Man, I’m in the wrong business 
LiquidMetal14
hide your water-based mammals
How about a f@#$_&? pen and paper?
Reading about these password storage sites/apps being hacked has moved me more to this.
Contradictory to that, I do save my stuff on Google (not everything) but LastPass or whatever has scared me too much.
Pen and paper. My wife and her parents still do this. No shame on taking the 2 minutes or whatever and just putting it in a safe if necessary.
And sorry but the "this is 2022" argument doesn't invalidate the fear of your stuff being hacked by placing in the trusting hands of a company with track records of security issues.
Reading about these password storage sites/apps being hacked has moved me more to this.
Contradictory to that, I do save my stuff on Google (not everything) but LastPass or whatever has scared me too much.
Pen and paper. My wife and her parents still do this. No shame on taking the 2 minutes or whatever and just putting it in a safe if necessary.
And sorry but the "this is 2022" argument doesn't invalidate the fear of your stuff being hacked by placing in the trusting hands of a company with track records of security issues.
BlackTron
Member
It's a personal preference thing. I don't save payment info through the browser either...I hit no every time. I also do most of my browsing in private windows without being logged in to Google so that I don't get 1000 retargeting ads for every game or accessory I looked at.
It also means anyone who comes over can use my PC without accidentally buying something or logging into whatever they want lol. More an issue with trigger happy kids.
I do save login info for select sites, mostly gaming stuff like Steam. Between that and remembering my passwords pretty well, I don't need to open keepass that often.
I also like how it has a space for memos so you can type extra info too. For example, the login info for your bank but also your account numbers, pins etc can go in the memo. You can see it as an encrypted notepad datebase you open with one password. The utility is a bit more than just a PW manager.
daveonezero
Banned
It’s ok. I find it sort of clunky.
that is a horrible solution. It’s not hard to force and unlock or get past the Lock Screen.
You’d be wrong. It is a bad idea to store information in a browser.
Putting it in a sandbox dedicated apps is more secure.
This thread is showing how horrible most people’s personal online security is.
I bet you all use the same email for everything too.
Last edited:
cormack12
Gold Member
Why? It's a far cry away from interrnet explorer auto fill on forms etc. I think it's more an historical stigma rather than an actual valid concern backed up with data/evidence at this point. If you are a secure user generally then GPM is fine imo.
Using any password manager whether it's a third party client, secure browser password manager or a cloud based provider all carries the same risk. They are still susceptible to one hack = all passwords, and still dependent on user behaviour supplementing that security or not.
And no, I have seperate emails for every service.
StreetsofBeige
Gold Member
All you guys using password managers must have some giant bags of money in accounts or have credit cards with juicy million dollar limits.
I just wrote mine down on a piece of paper and keep a spreadsheet back up copy on a usb stick.
Just about every website with important stuff will have that dual authentication system where you got to type in a code from your phone. Just activate that option.
And activate that option browsers to never save your login and password. I don’t. But pretty sure that option is there somewhere in privacy settings.
I just wrote mine down on a piece of paper and keep a spreadsheet back up copy on a usb stick.
Just about every website with important stuff will have that dual authentication system where you got to type in a code from your phone. Just activate that option.
And activate that option browsers to never save your login and password. I don’t. But pretty sure that option is there somewhere in privacy settings.
Last edited:
Winter John
Member
Why? Who the fuck is going to do all that to my phone?
TaylorSwiftFan
Member
Only words on computers though.
Maiden Voyage
Gold™ Member
I just use the same password for all of my accounts: 123456789
Easy to remember that way.
Easy to remember that way.
V1LÆM
Gold Member
i forgot i threw Bitwarden $10 for the premium a while back. I was going to try use the TOTP feature but mostly wanted to give them some money because of how much I liked it.
i was using iOS password manager for my 2FA TOTP codes but now i'm going to change them over to Bitwarden.
the official KeePass only works computers but there are android and ios versions you can download.
on Android you have KeePassDroid and on iOS you have KeePassium which seem to be the most popular. It's not official but since KeePass is open source anyone can build their own apps. The official KeePass site has a list of them...
keepass.info
i used KeePass for a while but the only issue I had with it was syncing my database between devices. I used to put it on my Google Drive and point the app to it. Not everyone wants to do that and I got tired of it so moved to Bitwarden. With KeePass your database is stored locally and if you want to sync it then you need to do it yourself. With Bitwarden your database is stored online so no matter what device you're on you can access the database through the app or if the device doesn't have an app (unlikely) then you can log in through the web browser. Bitwarden is supported on Windows, Mac, Linux, Android, iOS, Chrome, Firefox, Edge, Brave, Safari, and more. If you don't want to store your database on Bitwarden's servers you can host it on your own server.
i was using iOS password manager for my 2FA TOTP codes but now i'm going to change them over to Bitwarden.
false.
the official KeePass only works computers but there are android and ios versions you can download.
on Android you have KeePassDroid and on iOS you have KeePassium which seem to be the most popular. It's not official but since KeePass is open source anyone can build their own apps. The official KeePass site has a list of them...
Downloads - KeePass
i used KeePass for a while but the only issue I had with it was syncing my database between devices. I used to put it on my Google Drive and point the app to it. Not everyone wants to do that and I got tired of it so moved to Bitwarden. With KeePass your database is stored locally and if you want to sync it then you need to do it yourself. With Bitwarden your database is stored online so no matter what device you're on you can access the database through the app or if the device doesn't have an app (unlikely) then you can log in through the web browser. Bitwarden is supported on Windows, Mac, Linux, Android, iOS, Chrome, Firefox, Edge, Brave, Safari, and more. If you don't want to store your database on Bitwarden's servers you can host it on your own server.
Last edited by a moderator:
Tams
Member
Having it digitally and encrypted is more convenient and secure.
And by that I mean the combination of the probability of it being hacked and lost (through carelessness, fire, water, silicon failure, etc.)
Fuz
Banned
Holy shit, no!
West Texas CEO
GAF's Nicest Lunch Thief and Nosiest Dildo Archeologist
I use Microsoft notepad.
It's pretty good.
It's pretty good.