Password manager

Only idiots use password managers for things other than shitty accounts you don't care to lose.

What am I supposed to do then

Divide accounts into two groups: accounts you care about and everything else. Create and memorize strong passwords for every account in the first group. Not hard, because you shouldn't have more than 4-5 accounts in the first group anyway. For the second group, you might as well use notepad file, who cares.

But my understanding is that passwords can be bruteforced quickly, unless they're literally long random strings of upper & lower case characters, special characters etc.
So where the password is stored isn't as important as how easily it can be guessed.

Nobody is bruteforcing login page nowadays, people stop doing ten years ego.
High entropy is stopping attacker from cracking hash quickly, in case if he hacks the service and obtains the database. If you don't reuse passwords much, it doesn't matter to you.

Dashlane

if its true, why all services recommend use strong passwords?

To defend from something, you have to understand the attack.
Most people don't know shit about security or trying to sell you the service (like passmanager) by misleading you.

I want to buy lastpass but I can't because they don't have any lifetime membership plan. What if my parents kick me out next year and I don't have any money to pay for lastpass? What happens to my passwords then?

Which company offers lifetime membership?

use free keepassx.

You're a fucking dumbass.
That's just more work, dumbass.

Why would I waste my fucking time digging through my folders for a text file, copy & paste the login info EVERY SINGLE time I wanted to access a 'shitty account'? dumbass.

OR

I could be sane and intelligent, and use a password manager such as KeePass, in which I can use a 50-char password on every account and not have to worry about typing in logins ever again.

I don't need to save cookies either. If the url is recognized by KeePass, my login will automatically get input inside the login fields. I haven't had to manually enter my login in 5 years.

You're a fucking dumbass.

I want to use it but I don't think it has any android client.

KeepassDroid (or similar) is on F-Droid and works with Keepass/x/c databases

KeePassDroid (for Android)
KeePass2Android (for Android)
KeePassMob (for Android)
KeepShare (for Android)

1Password

How are the passwords shared across the various clients? Via things like Google Drive and Dropbox? Is that really secure?

It stores them in an encrypted file (.kdb or .kdbx). You can use any file syncronizer (clouds, syncthing, etc) to share the file.

Learn to read, you fucking idiot.
Shitty accounts are the only good use case for passmanager.
First zero-day, and attacker will be very grateful because you are such a good goy and store every single account in passmanager. I bet, you idiot, even store your credit card there. Keep up good work.
>a 50-char password on every account
>look at me, i don't know shit about security!
One day you will learn your lesson. I hope it would be painful.

I use google drive to sync my database across devices but I use a keyfile that's not on google drive and a decent password.

I think some versions of KeePass also support OTP among other things?

Also goes without saying, by not revealing what you use to unlock it (i.e. password vs pass+keyfile) can also help keep it secure.

Unlocking, in this case, requires two files. One of which should be otherwise non-existent from the attacker's perspective.

Write them on a piece of paper and keep it in your ass

You are too young and innocent, and new to Sup Forums.

Last pass is free. I get to use the auto fill on desktop/Android, autosave new passwords, pass generation and pretty much all the basics that I use. They also have a premium subscription but I don't need any of those features.

I use a small encrypted volume with password text files. Tell me why this is worse than using a password manager.

keeweb & keepass2android

>Paying to store passwords
Well yeah, that should be a red flag.

anyone any experience with this?

ssl.masterpasswordapp.com/

i keep seeing this pop up

How is someone going to 0day my offline database
They'd have to compromise so many things to get to it

my brain because I'm not a brainlet

LastPass with a yubikey

No autotype

An excel file in a passworded zip.

I write them down on a piece of paper and keep it in a book.

That's LastPass Premium by the way. I actually have a job.

What's a good cross platform password manager? Specifically for Windows and Android? And preferably open source and user friendly?

...

KeePassX. Both windows and android version work great. Been using it for about half a year now with no issues.

...

keepassx is an insecure poorly implemented fork of keepass2. not sure why people recommend it so much. just use keepass2.

memorize 16 digit numbers

You have no idea how it works clearly. The encryption and decryption is not done server side, they don't even have the key you stupid fuck.

So what's the server for? What are you paying for?

How about you go to the site and read about it instead of being a poorfag with a shitty manager that doesn't have any features

So you don't know either? I have no intention of visiting lastpass' website.

what can lastpass do what keepass can't?

charge for a free service

I didn't even realize that it was a fork. What makes it insecure?

>What makes it insecure?
I don't use it

I honestly don't see a reason to switch unless there's some big known issue with it. I can't just port over my passwords and don't feel like copying them all over.

Autofill on desktop and mobile, yubikey support

??

yubico.com/support/knowledge-base/categories/articles/enable-yubikey-keepass/

Make your own

LastPass can also automatically log into an account for you and update the password for you without any user interaction. Let's see PoorPassX do that. Not to mention we have a better logo, better UI, and LastPass also is the top rated manager in the world.