villaafrican.blogg.se - Enpass vs keepass

#Enpass vs keepass software#
#Enpass vs keepass password#

Using a popular password manager increases this risk. We'll have to base ourselves mostly on the reputation and security practices of the author of the manager.

#Enpass vs keepass software#

Software vulnerability: Compromise of the password manager.

For good defense against this, you probably need something like Qubes. Generally if something has access to your computer it's over, although OS-level sandboxing is getting better. Let's assume it gets into the hands of a skilled hacker.

Device theft: Someone stealing my device.

Also shoulding surfing can be a concern, which is why something like autofill is good.

Snooping: Someone briefly accessing my device, when I am logged in.

Bruteforce attacks on the services – see "Using short and predictable passwords".

Service isolation: One service being compromised doesn't lead to another service being compromised – see "Reusing passwords" above.

Here's what I came up with for my situation. Secure against what? What you want to defend against of course fully depends on your personal needs. Security by itself is a sort of empty term.

Basically, I want easy access to services (websites, computer accounts, etc.) from any of my devices (laptop, phone, work computer, etc.). But before we can talk about threats, we need to look at what we want to achieve.

The downside of this, is that someone who wants access to your accounts only needs to look in a single place. With a password manager you can use a strong, unique password for each service you use. The shorter the password, the easier it is for the hacker to figure out your password. When a hacker steals the password database of a site you use, passwords are usually encrypted. But they're also easier to bruteforce, for someone wanting access to your accounts. Using short and predictable passwords Short and predictable passwords are easy to memorize. You can of course choose different passwords for different categories of websites, like one for your social media accounts, another for your bank, and another for websites you don't really care about, but when that last category keeps growing it can get a pretty big deal if suddenly all of your accounts on those websites are accessible by someone who doesn't like you. Note that this is true regardless of how website A stores their passwords, because each time you log in you send them your password. Reusing passwords If you use the same password to log in to websites A and B, then if website A gets compromised (or the admin has ill intentions for you), then can also access your account at website B. (Even though for Steemit you couldn't even pick your own password, so unless your memory is really good, you're already storing that one somewhere.) A password manager helps you avoid two pitfalls: In case you're not yet fully convinced you need a password manager, let me try to convince you. Thus, a few days ago I decided to take action and invest some effort into finding a good password manager. But that last category has by now gotten so large and I actually started to care about some of my accounts on these websites, so I need a new approach. Of course I don't have just one: a unique one for my email, another one for my bank, one password for websites I don't care about. And as a cryptographer (although a theoretical one – I'm basically a mathematician), I really should know better. No browser extension, no mobile sync – so I end up with memorizing most of my passwords anyway, which means I reuse a lot of my passwords.īut, as you might know, reusing passwords is bad. I can store and retrieve passwords, but it's cumbersome. It works, it's probably fairly secure (because of good crypto, but also: who's gonna attack my password manager that only I use?). I've been using a home-brew password manager I came up with a few years ago, but I'd never really invested much effort in it.

It's something I've been telling myself for a couple of years now. "You really should use a proper password manager." I then compare 1Password, Lastpass, Enpass, KeePass, pass, iCloud Keychain, and memorization with a paper notebook as backup, and see how they each stack up in terms of security and usability. Summary: To evaluate the various password managers available, I come up with desired features and a threat model.