Question Password Managers and Keypasses ?

[liberty610]

Hi all. I've recently been diving into the world of online security. A friend of mine who is somewhat tech savvy had a major breach occur along the way, which lead to a rabbit hole of his online accounts getting hacked.

So I have been looking into more security options to not only help him out, but also expend on my own knowledge and practices. I am a NordVPN user, and they have their password manager offerings. And I have done a little bit of research and I am just not sure if I should expand on my Nord account and take on their PW manager or not. I currently do not use one, mostly because to me, the idea of putting all your passwords in one place and then shooting it up to someone else's server just seems absurd. I know there is usually encryption involved, and Nord touts itself as one of the standard encryption methods being used, but again... I am not really cozy to the idea of putting my entire online identity in one place; encrypted or not. And a lot of videos I have watched online all seem to come from the same people, so that tells me they are being paid by Nord to sell the product.

I have also just stumbled on passkeys devices such as yubikeys and what not, but they don't seem to be widly supported on everything yet.

I have decent online practices. I never leave accounts logged in on any browser (even on my home desktops), I always clear out cache, history, and cookies, and I use NordVPM regularly. I have Bitlocker encryption on some hard drives as well, so I consider myself pretty solid digitally. But again, looking for ways top help out not only myself, but friends and relatives who are not very online savvy,

Thoughts, suggestions? Thanks.

 

[hedwar2011]

Nord Password Manager isn't really all that good. I currently use BitWarden and love it. I can sync it across all my devices and it has several layers of security abilities included and the personal edition is completely free to use.

 

[liberty610]

Nord Password Manager isn't really all that good. I currently use BitWarden and love it. I can sync it across all my devices and it has several layers of security abilities included and the personal edition is completely free to use.

I see Bitwaren mentioned a lot while looking into all of this. I've also stumbled on horror stories where a password manager company was hacked. That's where my concearn comes in.

Now you say, NordPass 'isn't all that good'. Why do you say that?

You say you use Bitwarden, and one of the perks of it is because you can sync it across all your devices. Nord does the same. And you mentioned there are several layers of security. What all does that include? Nord touts military grade encryption, but I also know how marketing depatments work, so I always go into these claims with skeptisms.

I already have a Nord account, so adding Pass to it is a cheap upgrade. But I also don't mind pay for a different service that will increase my online securities. I'm just genuinely looking for as much info on this as possible.

 

[hedwar2011]

I see Bitwaren mentioned a lot while looking into all of this. I've also stumbled on horror stories where a password manager company was hacked. That's where my concearn comes in.

There are going to be stories about password manager companies being hacked or information compromised. Some are true, some aren't, and depending on who talks about it they are almost always over-embellished. No one can be 100% completely uncrackable. But if you practice safe practices and are taking those measures then you are doing everything you can.

Now you say, NordPass 'isn't all that good'. Why do you say that?

I say that because it doesn't fit my lifestyle and I've read mixed reviews on it. I don't personally use NordVPN or any VPN because I live out in the middle of BFE and our internet isn't the best so there isn't really a need.

Here are three review sites and their breakdowns of who they like in several different categories:

https://www.pcmag.com/picks/the-best-password-managers

The best password managers in 2023

Easily store and autofill your passwords securely with one of the best password managers

www.tomsguide.com

Best password manager of 2023

We’ve whittled down the very best password managers after testing nearly 30 of them

techradar.com

You say you use Bitwarden, and one of the perks of it is because you can sync it across all your devices. Nord does the same. And you mentioned there are several layers of security. What all does that include? Nord touts military grade encryption, but I also know how marketing depatments work, so I always go into these claims with skeptisms.

90% of password manager companies tout that they support "military grade encryption". Whether they deliver on it or not, who knows because last I checked the military's encryption level was a closely guarded secret (again just my opinion).

I already have a Nord account, so adding Pass to it is a cheap upgrade. But I also don't mind pay for a different service that will increase my online securities. I'm just genuinely looking for as much info on this as possible

If you are a user of Nord then I can certainly see sticking with them and they may even offer a discount on it which is great. With me, I usually will try something out first (free is even better) than sinking money into something that I've never used before.

 

[Flayed]

I've been using Password Safe for years. I know it isn't the best option for these things and it's tricky with multiple devices but it is standalone so it doesn't have servers that can be hacked.

 

[liberty610]

I've been using Password Safe for years. I know it isn't the best option for these things and it's tricky with multiple devices but it is standalone so it doesn't have servers that can be hacked.

I have looked this one over before, but it does look like a pain to jump between android and windows with it. I'm torn on which one to go with.

 

[Archon of the Valley]

My personal recommendation is Proton Pass, though it's a new product. It offers the conveniences you find in other cloud options like Bitwarden but adds the ability to use email aliases (10 free ones, unlimited for paid users) so you can mask your email from sites and further protect against data breaches and spam. The only downside is that this solely works for Proton Mail addresses, as it forwards the emails through your alias to your Proton address. For someone like me who only uses Proton Mail now, this isn't an issue but it's worth considering if you don't want to use Proton Mail (not sure why you wouldn't, it's great).

That said, I also do keep an offline backup in KeePassXC and I also ensure that anything that's more sensitive is kept strictly in the offline vault. It's a bit tedious to manage and perhaps it's unnecessary but I'm a geek about things like this. But yeah, Proton Pass is my go-to these days. It has most of what Bitwarden has (and is improving quickly), the email aliasing option and the UI is 100x more appealing than Bitwarden in my opinion. I'm also a much bigger fan of Proton as a company.

 

[liberty610]

My personal recommendation is Proton Pass, though it's a new product. It offers the conveniences you find in other cloud options like Bitwarden but adds the ability to use email aliases (10 free ones, unlimited for paid users) so you can mask your email from sites and further protect against data breaches and spam. The only downside is that this solely works for Proton Mail addresses, as it forwards the emails through your alias to your Proton address. For someone like me who only uses Proton Mail now, this isn't an issue but it's worth considering if you don't want to use Proton Mail (not sure why you wouldn't, it's great).

That said, I also do keep an offline backup in KeePassXC and I also ensure that anything that's more sensitive is kept strictly in the offline vault. It's a bit tedious to manage and perhaps it's unnecessary but I'm a geek about things like this. But yeah, Proton Pass is my go-to these days. It has most of what Bitwarden has (and is improving quickly), the email aliasing option and the UI is 100x more appealing than Bitwarden in my opinion. I'm also a much bigger fan of Proton as a company.

Thanks for the detail reply. I spent some time kicking around which one to go with. I ended up going a different route, but I would have considered proton had it popped up more often I was some what unaware of it, to be honest.

But I have dug deep into the topic, and went ahead and took some extra steps and grabbed some Yubi keys. I too, also won't be adding sensitive accounts to the cloud based solution and have been looking at KeePass XC. I figured that was the best option to keep my important accounts out of the cloud.

I also started doing proper offline backup methods and using a combination of Veracrypt and Bitlocker on those offline backups. It's been some work prepping all the accounts and backups, but once it is done, it's done and you end up doing what you can on your end to protect your digital world. And once you practice these methods, they become second nature. Well worth it in my opinion. Especially when I see how many failed login attempts have been done on certain accounts from hack attempts.