Question Can any password vaults retrieve my passwords?

[Desertprep]

I am way past the point where I need a password vault and am shopping now. There are several pretty good options. I already have at least 50 websites that I use that require passwords. Is there a password vault app that can read my browser (they are all stored in Firefox) and import all of the relevant information into its databases so that I don't have to?

 

[Math Geek]

you'll have to check out how to do it for the manager you end up using. every one may not do it.

a quick google search will net the directions from what i am seeing.

ie: "import passwords into lastpass/keypass/1password/etc"

should bring up directions on importing from firefox

 

[Deleted member 14196]

Using those kind of services is not for me because if they get hacked, they’ve got all of your passwords

And they do get hacked

 

[Math Geek]

Your passwords are encrypted. So any hack just gets a bunch of useless hashes.

If your passwords are weak and easily figured out with a dictionary attack, then that's your fault!!

Otherwise there is no risk unless your stuff is stored in plain text which none of the popular services do.

 

[hotaru.hino]

A lot of the password manager apps can import logins from the browser, assuming they have a plugin as well.

With regards to which one to choose, most people are saying Bitwarden is the best free one. I use 1Password, which isn't free, but I haven't had any real issues with it. One thing that I think is useful about 1Password is it requires two passwords to access: the master password to access it and a randomly generated key. Coupled with 2FA, this should make it highly impractical for someone to brute force the password.

 

[Grobe]

I prefer KeePassXC, because:

Pros:

• near instant search function
• Support all major OS.

Cons (actually this depends on personal preferences)

• Default setting for auto-save is ON after install. Personally I'm worry to loose data by accidentally overwrite passwords or delete something (Assume this can be beneficial if you're used to work like this).
• Occupies more screen space (than e.g. Password gorilla - abandoned project)

[edit]

Some time ago I read a statement about the Windows OS - if you're not the administrator of the computer, then there is a greater risk of those that have admin rights can actually snoop off your (passwords). Maybe this was stated in one of the manuals for password vault software (unfortunately I cannot remember the source).

Maybe some having better knowledge about Windows OS can confirm or reject this claim.

Sorry for potential useless edit of the post, but if you ask me, if there is any substantial about the claim, it's better to know about it.

 

[hotaru.hino]

Some time ago I read a statement about the Windows OS - if you're not the administrator of the computer, then there is a greater risk of those that have admin rights can actually snoop off your (passwords). Maybe this was stated in one of the manuals for password vault software (unfortunately I cannot remember the source).

Snoop in terms of what?

I mean, this is a standard security issue with any OS. Whoever has admin rights basically owns the computer.

 

[Deleted member 14196]

The Pros and Cons of Password Management

expert.services

 

[Math Geek]

it sounds like some are not clear 100% on how a password manager works in general.

whether your vault is stored locally or in the cloud, it is encrypted. meaning you have to put in your master password and any other 2FA needed to access your stored passwords.

if it is stored in the cloud, then it does not matter what user is logged in at the moment whether it is a standard or admin user. if the software is present to access the vault and they know the master password, then they have access to the vault and all contained within.

same if it is stored locally, unless the vault is itself on an encrypted drive, then anyone can get to the file to access it but again would need the software and master password to access any of the contents. without it, it is just an encrypted file using space on the drive.

so a user, admin or otherwise, trying to "snoop" would need to capture your password to be able to do anything at all. a keylogger or other type thing would be needed. that's not a windows security issue really. there is not really anything just having admin rights automatically would do to just magically allow access to your vault. that's the whole point of the manager, to keep your data so only you can get to it if and only if you have the master password and any other 2FA needed.

that's also the con of a manager. if you forget your master password or lose access to the 2FA device, then you lose access to your vault and there is NOTHING anyone can do about it since by its very nature, you can't crack the master password to get access. that of course assumes you use a truly secure password long enough and with varied characters to make it impossible to crack at this time.

 

[Math Geek]

Some time ago I read a statement about the Windows OS - if you're not the administrator of the computer, then there is a greater risk of those that have admin rights can actually snoop off your (passwords). Maybe this was stated in one of the manuals for password vault software (unfortunately I cannot remember the source).

no idea what you saw but i am willing to bet it was not an issue with a password manager but rather passwords stored within windows in some way. maybe edge browser or other windows storage option. i don't use ssuch options so not really well versed on what the new options are inside windows itself.

something like that, i could see an admin being able to get access to that type data. windows is not that hard to mess around with if you know what you are doing.

but as i noted above, a password manager itself is a totally different beast and much more secure.