• Store your passwords locally or in the cloud?

    Home » Forums » Newsletter and Homepage topics » Store your passwords locally or in the cloud?

    Tags:

    Author
    Topic
    B. Livingston
    AskWoody MVP
    March 4, 2024 at 2:44 am #2644853

    PUBLIC DEFENDER By Brian Livingston Do you create a different username-password combination for every website where you register? This can prevent a d
    [See the full post at: Store your passwords locally or in the cloud?]

    5 users thanked author for this post.
    lmacri, fisher75, ibe98765, DLivesInTexas, Casey S
    Reply | Quote
    Viewing 8 reply threads
    Author
    Replies
    • KernowSteve
      AskWoody Plus
      March 4, 2024 at 3:52 am #2644861

      I’d be grateful for clarification on this point: is “offline” use of Bitwarden the same as “storing data locally”?

      Or is offline use, as I suspect, merely using a local copy of the online password database on devices that are disconnected from the internet, probably temporarily.

      True “self hosting” seems to be an entirely different setup, from what I can gather. Thanks.

      Reply | Quote
    • bbearren
      AskWoody MVP
      March 4, 2024 at 5:08 am #2644867
      B. Livingston wrote:

      Do you create a different username-password combination for every website where you register?

      Yes, I do.

      B. Livingston wrote:

      But it almost demands that you install a password-manager app to remember every combo.

      I beg to differ.  I have 101 unique username-password combinations for websites where I’m registered, but I do not need an app to navigate them.  I have an Excel password-protected spreadsheet stored locally that is very easy to use.

      I also allow Firefox to supply username-password combinations for most of the sites I use.  Yes, I know that this list is stored unencrypted locally, but direct access to my PC is required to make use of that, and I could add a master password to that if I wanted.  So far I just don’t feel the need.

      There are also a number of sites I visit that require registration, but I use a throwaway email addresses for these, and never bother checking the email.  What I don’t want to do is store all this information in the cloud.  That’s a level of complexity (and risk) I can do without.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.
      We were all once "Average Users".
      Computer Specs

      2 users thanked author for this post.
      TechTango, NaNoNyMouse
      Reply | Quote
      • B. Livingston
        AskWoody MVP
        March 4, 2024 at 5:06 pm #2645173

        Please see Part 1 of my series, which discusses the use of a browser to store passwords. Firefox is a secure way to do this, but I urge you to set a master password in the browser. This encrypts your password file, which otherwise is stored as plain text. If your device catches a silent Trojan horse, hackers will look for such a file and then transmit it to themselves. Watch out, bank account!

        2 users thanked author for this post.
        Andy M, PL1
        Reply | Quote
    • Bernie Cosell
      Guest
      March 4, 2024 at 8:59 am #2644940

      I still don’t understand why you never mention what I think is the perfect password manager — password safe [or pwsafe].   Originally by Bruce Schneier but now open source.

      It stores the passwords locally in a securely encrypted file and you set a master password to open the password file.   I have over 350 passwords in my database.   Since the password file is well encrypted, I feel safe “cloudifying” it by using dropbox to sync it between my devices.

       

      3 users thanked author for this post.
      Tom in Az, DLivesInTexas, windbg
      Reply | Quote
      • B. Livingston
        AskWoody MVP
        March 4, 2024 at 5:56 pm #2645188

        Part 1 of my series listed 12 major testing labs that ranked password managers. Those labs rated a total of 19 different apps favorably.

        In a process of analysis, I narrowed the focus of my series to discuss the five apps that were the most highly ranked by the greatest number of test labs.

        My series then narrowed the consideration to the two apps — Bitwarden and Dashlane — that were highly rated as well as offering both a free version and a paid verison with additional features. (Most password manager apps are paid-only with a short, free-trial period.)

        Roboform was included in my list of the 19 apps that were ranked highly. However, I’m sorry to say that Pwsafe and some other apps were not top-rated by those reviewers. Please contact the test labs that are listed in Part 1 of my series to ask those reviewers to add your favorite password manager to their test suite (or to rate it more highly than they already did).

        1 user thanked author for this post.
        TechTango
        Reply | Quote
    • rafisher1
      AskWoody Plus
      March 4, 2024 at 1:27 pm #2645084

      The article did not mention  RoboForm.

      I and others have been using RoboForm for years without any issues.

      I holds inportant information in SafeNotes, holds card and bank information, and holds a lot of personal information that is all encrypted, synced, and stored in the cloud, which makes it available to multiple devices.

      Most of the information is available for inserting in fields that RoboForm can read on a page.

      Maybe a review of RoboForm would be helpful to your readers.

      Robert

      1 user thanked author for this post.
      PL1
      Reply | Quote
    • Sueska
      AskWoody Plus
      March 4, 2024 at 1:52 pm #2645109

      Depending on your comfort level of storing passwords in the cloud, one could opt to double encrypt. For example, I use Keepass as a locally encrypted password manager. To store it online I would double encrypt a copy of the the KeePass password file with PGP or an alternate method of encrypting a file.

      1 user thanked author for this post.
      windbg
      Reply | Quote
      • Paul T
        AskWoody MVP
        March 5, 2024 at 5:00 am #2645347
        Sueska wrote:

        I would double encrypt

        No need to double encrypt.
        KeePass with a strong password is effectively unbreakable.
        A second password makes recovery more difficult – you need to remember 2 passwords.

        cheers, Paul

        Reply | Quote
    • TechTango
      AskWoody Plus
      March 4, 2024 at 7:36 pm #2645231

      Do you create a different username-password combination for every website where you register?

      Yes, to 350 websites, each with a different email address.  I keep this data locally in an encrypted (SHA-256) Word doc with a very complex 20 character PW.  Brute force crack time estimate 80 years+.  I never say never but the probabilities are on my side.

      Desktop Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.

      Reply | Quote
    • Alex5723
      AskWoody Plus
      March 5, 2024 at 4:08 am #2645341

      Use Passkey when available

      ..Passkeys are a way to reach a passwordless future. With the security feature activated, users do not need to input their username or password when they log into a service or app…

      To that end, the passkey standard was created by Apple, Google, and Microsoft in partnership with the FIDO Alliance and the World Wide Web Consortium. It is a cryptographic key directly associated with a specific device, which is used to confirm the user’s identity…

      Apps and services that support passkey as of March 3, 2024

      Apple
      Adobe
      Amazon
      Binance
      Best Buy
      Coinbase
      eBay
      Dashlane
      DocuSign
      GitHub
      GoDaddy
      Google
      Home Depot
      Instacart
      Kayak
      LinkedIn
      Microsoft (Windows)
      Nintendo
      Nvidia
      OnlyFans
      PayPal
      Robinhood
      Roblox
      Shop Pay
      Shopify
      Sony PlayStation
      Target
      TikTok
      Uber
      WhatsApp
      WordPress
      X
      Yahoo..

      Reply | Quote
    • davidm16
      AskWoody Plus
      March 7, 2024 at 4:31 pm #2646384

      In the original article mention was made that Dashlane offers an “off-line” option.

      According to their FAQ “off-line ” is not available. Everything is stored on their servers.

      Davidm

      Reply | Quote
    • KB6OJS
      AskWoody Plus
      March 7, 2024 at 6:44 pm #2646408

      I’m glad Dashlane made the list, because I’ve been using it for years and absolutely wouldn’t trade it for anything.

      The only thing I dislike about it is that they discontinued the Windows standalone app.  That takes away Dashlane’s ability to work outside the browser on Windows applications.  I have to do the copy/paste BS instead, whereas before it worked great.  If you have an “in” with the people there, maybe you can put in a good word for me and see if they’ll bring it back…. 😁

      Reply | Quote
      • davidm16
        AskWoody Plus
        March 7, 2024 at 9:38 pm #2646438

        I agree about Dashlane. It works well. The stand alone, “off-line” version was much preferred. I’ve had been using the free version for many years with the 25 (I think) item limit. Last Fall, they offered an “introductory’ subscription for about $30 which I took & I now have a much larger list of PWs. The full price is too much, over $50+, & I’ll be trimming my list back to the free limit of 25 soon & using an Excel file for my lesser-used items.

        Davidm

        Reply | Quote
        • Paul T
          AskWoody MVP
          March 8, 2024 at 1:19 am #2646510

          I would move off Dashlane if they have a 25 entry limit and use any of the other managers.

          I keep everything in my password manager because then it’s all in one place when I need it, bank, CC, passport, online sites, hardware details and warranties, etc. I currently have over 400 items in my manager.

          cheers, Paul

          Reply | Quote
          • David Milne
            Guest
            March 9, 2024 at 1:14 pm #2646958

            I use Dashlane only for passwords and I probably have less than 25 that I use regularly so  their free limit of 25 is not a problem. I’m not inclined to store other personal data anywhere near the “cloud”, even Dashlane.  I don’t doubt their claim to have very good security, but hacking history on the internet is meaningfull. I would prefer their previous off-line version.

            Reply | Quote
            • Paul T
              AskWoody MVP
              March 10, 2024 at 1:30 am #2647136

              Get an offline manager (KeePass/XC – they are free) and store everything in it. No downside.

              cheers, Paul

              Reply | Quote
    Viewing 8 reply threads
    Reply To: Store your passwords locally or in the cloud?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.