Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Using password managers

Using password managers
Thread Tools
kevs
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 19, 2017, 11:28 AM
 
I've never used one of these, I have always just kept in excel file. What is the opinion out there on this? For some reason, I feel with Excel I control more... maybe wrong...
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 19, 2017, 03:01 PM
 
You don't control your Excel file becoming corrupt, lost, or stolen.

Password managers are good, because they can also make it easy to create random passwords for everything. The obvious tradeoff is speed and convenience, but if you can live with that they are worth it IMO.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 19, 2017, 07:53 PM
 
B
what mean,
1) excel file will go corrupt? Wow very rare.. and backed up
2) I thought password managers are more convenient and speedier than me punching in my password manuall and creating it no?

Also:

'm with Firefox and they just annihilated all their addons/ plugin.

I had a autofiller / or auto log in? that would populate user/ pass or form that I filled in-- called Secure Log in.

But here is the deal: I'm confused now difference between the plug ins for web that do auto fill or fill in passwords you typed in that you created vs. true password management software that generate passwords. What is the difference?

I've been using a manual excel file for so long, it's hard for me to let go or trust a real password creator or manager, your opinon? I feel what happens if there is some glitch? Excel, I have it all in my palm still.

And what if you need to use another browser or 2?
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 19, 2017, 08:03 PM
 
Oh missed previous post to Joes last.
thanks guys:
A girl recommended Last Pass, have you tried that Joe?

Joe: Why is 1 password better or more secure than my old excel sheet? My excel sheet passwords have a code, snippint memorized in my brain plus a password. Isn't that better than a great password that maybe someone can find use?

And will it work for multiple browsers or just one?
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Nov 20, 2017, 05:29 PM
 
AFAIK the passwords browsers save are just browser data and not put anyplace safe for retrieval. I use those to save logging in, but don't count on them as a password record.

I use 1password. I have way too many passwords for work etc that are like this *(&YLKDJ*#L!@Kftgh45S to remember them all, and maintaining a spreadsheet or doc would be a PITA.

You don't have give up your code/snippet combos. The long random $%*(LJKdlskdj3q&!Jds strings are most secure but for less important sites I also use a code+keyphrase for password structure. Does your phrase mix letters, numbers, and at least 10 characters? 1password will rate the security.

1password: saves a tiny file to someplace in the cloud, for me, dropbox. This allows me to get my passwords anywhere - ipad, iphone, home, work, travel. Why not just put the excel file on dropbox? The 1password file is encrypted so no one should be able to hack it. It is searchable and the addons for browsers are integrated, so if I log in to a new site I will be prompted to add/update 1password. I put logins, reward numbers, etc.

For banking, those are the only ones I do not have in 1password, on the off chance Dropbox is ever hacked.
     
Chongo
Addicted to MacNN
Join Date: Aug 2007
Location: Phoenix, Arizona
Status: Offline
Reply With Quote
Nov 20, 2017, 05:36 PM
 
Is Apple keychain an option?
"The blood of the martyrs is the seed of the church" Saint Tertullian, 197 AD
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 20, 2017, 06:19 PM
 
Intersting Andi.
1 password, do you want to type in that one password each time? I imagine its' a good long one, and must be tedious to have to punch it in a lot?

Interesting you don't trust for bank. Neither would I. Anything can be hacked.... Imagine hackers getting that one.

Don't you want to keep 1 password in apples icloud?

Where is the simple basic secure log in add on for Firefox darn.
     
andi*pandi
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status: Offline
Reply With Quote
Nov 21, 2017, 01:32 PM
 
I usually log into 1password in firefox once per day. The password I use for that is code/snippet, but long enough to be secure, and easy to remember, so it takes me 3 sec to type. You can set timeout lock to expire after so many minutes (of unuse) I do 30.

I don't pay for apple cloud, so never tried it, but it is an option.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 21, 2017, 01:37 PM
 
I heard Andi, there is auto log in? I think for mostly everythng, who care? most of these site, maybe except Bank.. or maybe sites where you buy stuff. Is there way to tell 1 pass which sites want an auto log in and which dont?
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 22, 2017, 12:41 AM
 
Storing your passwords in an Excel file is a really, really bad idea. Apple has introduced Keychain Access with MacOS 9, I believe, and it is specifically made to manage your passwords and other secure information. You can create several keychains if you would like, keychains are of course encrypted and you can use iCloud to sync them across devices. Keychain Access is the default, so all passwords you enter on web pages or so are automatically stored there. The app also suggests secure passwords using various schemes. For most people, this is a more than good enough solution.

1 Password has more features, but is a bit pricey, especially if you intend to use it on iOS and OS X. But it works very well, no complaints here.
I don't suffer from insanity, I enjoy every minute of it.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 22, 2017, 12:46 AM
 
Oreo, you use 1 password?

I'm open, but why is Excel not good?

But I just looked at my Excel file with 400 user/ passwords, and 95% are for simple forums and small stores that don't store my credit card.

The real important ones are probably about 5 -- Paypal, Apple, 2 banks...

I've been on Mac for 18 years and still don't really have my head around what keychain is doing...
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 22, 2017, 05:16 AM
 
Originally Posted by kevs View Post
Oreo, you use 1 password?
I used to, but for complicated App Store-related reasons (and moving between countries), I could no longer download my mac OS version.
Originally Posted by kevs View Post
I'm open, but why is Excel not good?
Because you have zero security, no encryption and no password protection. If you lose control over this file, all of your passwords, credit card information and so forth are compromised.
Originally Posted by kevs View Post
I've been on Mac for 18 years and still don't really have my head around what keychain is doing...
It is easy to use actually: just launch it, and on the left you see a number of keychains. One is called login, and this one is opened as soon as you log in. The password is always the login password. This is the default place where mac OS adds passwords for websites or network shares. Select File > New Password Item or File > New Secure Note Item from the menu and add the necessary information. Passwords ask you to enter an account name, user name and password. Secure Notes are more flexible, they are small stickies that are encrypted. You can also use the iCloud keychain.

If you want to separate certain crucial information, you can create separate keychains for them. Each keychain is password protected, and the content of your keychains is encrypted.
I don't suffer from insanity, I enjoy every minute of it.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 22, 2017, 09:49 PM
 
But Oreo, on my excel file the passwords are not listed complete. So the beginning 4-6 digits are memorized and the rest is simple. So if someone finds it, they cannot do much with it.

And only there are only 4 that are really sensitive (banks, apple paypal)... And those are longer/ harder.

No credit card info there.

Keychain does not seem intuitive... Is it similar to one password? When you think about it: 99% of user/ pass is about logging into websites? Right? And Keychain was around way before the web.... so that's why hard to still get my head around keychain.

Can you please list a handful of keychain things that 1 password does not do? And you use what now for web?
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 22, 2017, 10:46 PM
 
Originally Posted by kevs View Post
But Oreo, on my excel file the passwords are not listed complete. So the beginning 4-6 digits are memorized and the rest is simple. So if someone finds it, they cannot do much with it.
Just don't. It's not safe. Most people overestimate the difficulty of other people guessing their passwords. I was able to guess both of my parents's passwords.
Originally Posted by kevs View Post
Keychain does not seem intuitive... Is it similar to one password? When you think about it: 99% of user/ pass is about logging into websites? Right? And Keychain was around way before the web.... so that's why hard to still get my head around keychain.
1 Password is a better version of Keychain, but Keychain is free and has worked well for >17 years. I'm not sure what's so hard about wrapping your head around Keychain. Safari and other Mac apps integrate with it, and so you won't have to manually enter user name/password combinations for most things. You have been using Keychain without even knowing about it ever since you started using OS X. If you enter a password into, say, OmniFocus to automatically sync your database across devices, you are using Keychain. If you log into a network share in the Finder, you use it. If you enter credit card information in a website, it will be in Keychain. That's the beauty of it. So probably most of the information you keep in your Excel file is already in Keychain. Also, if you change passwords, then they will be automatically updated — if you forget to do that in your Excel file, you have just lost login information.

Only a handful of times did I enter information manually, and then it was something like “IP address to server, user name, password + some other peculiarities”.
Originally Posted by kevs View Post
Can you please list a handful of keychain things that 1 password does not do? And you use what now for web?
It integrates seamlessly with mac OS and iOS, and is free. Feature-wise it is much more than good enough to so that you don't have to shell out money for 1 Password. I find 1 Password good, but the price is a little too steep for me for what it offers — especially if once you buy copies for iOS and mac OS.
I don't suffer from insanity, I enjoy every minute of it.
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Nov 22, 2017, 11:22 PM
 
At least put your password spreadsheet in an encrypted disk image. The problem with a bare file is it can be easily copied, then accessed. Your passwords should be protected by at least one layer of encryption. Keychain, 1password, or other managers do encryption internally.

Go to Disk Utility -> File -> New Image -> Blank Image

You'll get a dialog sheet:

Name: whatever you like. You can rename the image later without breaking anything.
Size: defaults to 100MB. Usually plenty to protect a few files.
Format: Mac OS Extended (Journaled)
Encryption: change from "none" to any of the offered choices.
... enter a master password, and verify it.
Partitions: Single
Image Format: "read/write" is ok. If you change the image size to a GB or bigger, you'd want to set the format as "sparse bundle".

Finder will save the master pass in the Keychain without needing to be asked. Result: the disk image will just open if you click on it. If anyone else tries to open it (another user account, or JoeBlow Hacker after he copies it over the internet) it won't just open. It'll ask for the password. No password, no access.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 01:29 AM
 
Thanks Oreo, what is 1 password, $36 year? And I hear Last password is about same $24 year. (they go across all the platforms and devices you want, unlimited)
But again, how is anyone going to guess my password, when the excel file only has a partial password-- unless they knew my methodology of the pre number.

(I've been using excel for 10 years or so)

Also I'm not on an Apple browser I'm in Firefox. So keychain probably does not work with it.

Reader I have in in an encrypted disk image when I travel, but not when home.. too much of a pita. What do you use?

But for both, the bottom line is, this is what I'm trying to remember: 99% of everything is for the web basically right?

I can't imagine keychain has any of my credit cards stored.

Never heard of Omni focus.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 23, 2017, 02:53 AM
 
Originally Posted by kevs View Post
Thanks Oreo, what is 1 password, $36 year? And I hear Last password is about same $24 year. (they go across all the platforms and devices you want, unlimited)
To me it isn't really worth $36 per year much, and Keychain works well enough for me. But the earlier version I had worked very well and the user interface is indeed much nicer than that of Keychain which hasn't seen much love since the early days of OS X.
Originally Posted by kevs View Post
But again, how is anyone going to guess my password, when the excel file only has a partial password-- unless they knew my methodology of the pre number.
Trust me, just switch away from Excel, no matter how “safe” you think it is to use your system. You are creating a single point of failure that is neither password protected nor encrypted. I don't want to speculate on your system here, since it could compromise your passwords, but in my experience, most systems are not that clever. As I said, I was able to figure out my parents's passwords in seconds, and anyone who knows how to use Google would probably be able to figure them out, too.

Go with Keychain, you'll get password syncing across Apple devices for free, and a lot of your passwords will be stored in there anyway. You won't have to manually manage encrypted disk images and the like.
Originally Posted by kevs View Post
Also I'm not on an Apple browser I'm in Firefox. So keychain probably does not work with it.
Firefox does not, but many other apps that you use do. Do you use Mail? iTunes? The Finder? Wifi (yes, wifi passwords are saved in Keychain)? Skype? Fantastical? Firefox is a bit of an outlier here, most Mac apps save their user names and passwords there. If you switched to Safari, you'd also automatically manage your web passwords with pretty much zero effort.
Originally Posted by kevs View Post
I can't imagine keychain has any of my credit cards stored.
If you used Safari, it would automatically store your credit card info. By design, it would not store your three-digit security code on the back, though.
I don't suffer from insanity, I enjoy every minute of it.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 03:38 AM
 
Oreo, but these non Web things are probably using keychain without me knowing and 100% of what is on my excel file is for the web. And I switched to FF long time ago as Safari was so unstable. Never gone back. Why would you trust credit card..? I think Firefox wont remember those on purpose.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 23, 2017, 04:11 AM
 
Originally Posted by kevs View Post
Oreo, but these non Web things are probably using keychain without me knowing and 100% of what is on my excel file is for the web. And I switched to FF long time ago as Safari was so unstable. Never gone back.
Of course, you are free to use whatever browser you want. But these days, Safari and Chrome are much faster than Firefox, and Safari integrates much better into mac OS. Switching to Safari would obviate the need for your Excel file — you wouldn't have to even open Keychain Access, it would just work™.

Out of curiosity: do you use an iOS device?
Originally Posted by kevs View Post
Why would you trust credit card..? I think Firefox wont remember those on purpose.
Yes, I do. And of course, you can always choose that Safari will not remember user name and password or credit card info.
I don't suffer from insanity, I enjoy every minute of it.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 04:20 AM
 
OK Oreo, maybe Safari is not as good as FF? Is so bad... 8 years ago when I switched. Remember when FF was much better? But FF just had a huge upgrade, maybe it's as fast as them now?

Do then on Safari, would be like 1 password? But have to worry if someone got you laptop then? All be in there?

You could tell it to just not hold onto credit card info?

I see in keychain many internet passowrds, so maybe it does work in Firefox?
( Last edited by kevs; Nov 23, 2017 at 04:30 AM. )
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Nov 23, 2017, 05:26 AM
 
Originally Posted by kevs View Post
OK Oreo, maybe Safari is not as good as FF? Is so bad... 8 years ago when I switched. Remember when FF was much better? But FF just had a huge upgrade, maybe it's as fast as them now?
If you haven't used Safari in 8 years, how would you know? Safari is a top notch browser and all the sites out there are optimized for it. That used to be a problem with e. g. online banking sites that would not be tested against it. This is no longer the case. Note that it isn't just speed, but also battery life. I don't know about Firefox, but Safari gives you much better battery life when browsing than Chrome.
Originally Posted by kevs View Post
Do then on Safari, would be like 1 password? But have to worry if someone got you laptop then? All be in there?
No, you don't have to worry, because everything is encrypted and needs your computer password. Even if you leave your computer logged in, they would need the password to see the passwords in clear text.
Originally Posted by kevs View Post
You could tell it to just not hold onto credit card info?
Of course, but you would tell that to Safari, not Keychain.
Originally Posted by kevs View Post
I see in keychain many internet passowrds, so maybe it does work in Firefox?
I don't know whether Firefox uses Keychain. It didn't used to, I think, but it might now. If it does now, you can just forget about your Excel list.
I don't suffer from insanity, I enjoy every minute of it.
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Nov 23, 2017, 06:42 AM
 
AI did browser testing a few days ago, comparing the latest Firefox to Safari and Chrome. Results were mixed depending on test, but Firefox did quite well. Safari is faster on average, while FF is shocking efficient at using little RAM and CPU.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 03:00 PM
 
Good point Oreo, and Reader I can forget about excel list, realiy is I need just in case glitch. But FF is fine, fast, and got all passwords there, reality it 99% of passwords are just lame and meaningless, for forums like this!

Only 4 passwords that matter! So why rack ones head with Keychain and Last Pass? aNd those 4-5 in my excel file.. not really listed. Coded very well.

Thanks Reader.. I had just decided to stay with FF and then read your post!
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Nov 23, 2017, 06:08 PM
 
I use 1Password for several reasons. First, it crosses platforms - though I only use it (currently) with Apple products, it works great on both iOS and OS X, and it syncs among the platforms so an update or new password on my phone is almost immediately available on my iPad or my Macs. There’s an Apple Watch app as well, but I don’t use it (I just haven’t bothered to set it up).

The password data is stored in an robustly encrypted form in a “cloud”, in my case it’s a reason to use Dropbox. The apps decrypt the password database with your password/passphrase. And they support TouchID, so I only need to use my fingerprint to access everything.

What’s included in everything? Passwords and logins, email access data, server settings, personal data including driver licenses and passports, credit cards, and more. Secure, and available wherever I am.

1Password provides a very flexible password generation tool as well. It will let you do things like include a specified number of digits, alphabetic characters, and symbols, up to 64 characters to include 10 digits and 10 symbols which are randomly generated and randomly positioned. Refer to the Wikipedia entry on password strength for the math, but a 64 character, randomly generated password that includes all possible printable ASCII characters is technically infeasible to break through brute force attack within human lifespan limits.

Now, what’s wrong with a spreadsheet, even one that only includes partial passwords? Here’s a list:
Your spreadsheet includes parts of your passwords, and usernames (or at least parts of or hints at those usernames). It doesn’t take a lot of effort to observe or puzzle out most people’s password schemes. Even the old “strong password” suggestion of memorizing a “seed” of random gibberish to which you add something meaningful to complete a password is susceptible to logical attacks.

Excel sheets can be encrypted, but the built in encryption isn’t terribly robust. And being a Microsoft product, Excel’s encryption has been examined by the bad guys in depth; MS’s internal encryption scheme is something that black hats like to attack for various reasons.

Unless you go to some extremes to keep your special password spreadsheet synced across whatever methods you use to store it, you wind up with version problems. My attempts with lists similar to yours caused me to change passwords frequently because of the high overhead needed to keep everything synced.

I don’t get any compensation for suggesting 1Password, but it’s also not the only quality password manager out there. But using some manager allows you to create really complex, really strong passwords that are infeasible to attack, while available to you whenever you need them.

Glenn -----OTR/L, MOT, Tx
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 09:38 PM
 
Gh thanks. I heard Last Password was just as good...

Oero is right keychain is doing a ton of stuff behind the scenes: it's creating that long list of auto Google user pass that I assumed firefox or even Google was doing. And much more...

Firfox has a preference, just checked to remember log in info.

And I mentioned that of the 400 passwords 395 are of no meaning or value if discovered... one is logging into Macc NN.

The other 4-5 are not on the excel file, only in my head.
     
mindwaves
Professional Poster
Join Date: Sep 2000
Location: Irvine, CA
Status: Offline
Reply With Quote
Nov 26, 2017, 03:09 AM
 
I only use Apple Keychain and I store all of my passwords also in a text file in an encrypted disk image. However, I don't really like it. Some websites don't seem to use it (like Chase.com) sometimes, so I have to manually type in my password.
{{{ mindwaves }}}
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:10 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,