Password Manager - LOCAL storage

[Needkeys]

I've never used one before. I maintain a password protected spreadsheet, with all of my passwords on it, stored on a local drive and have never had a problem. I realize this cuts against the almost universal grain of recommended practices. And I've also come to accept that my method is tedious given the growing number of sites and apps for which I need login credentials. So I'm looking to take the plunge, but under no circumstances do I want all of my passwords stored in a third party's cloud. That just seems insane to me. Nor do I want to use browser extensions to pre-populate webpage fields with login info. I simply want my passwords secure and local...I'll type or paste them into wherever I need to myself.

Is there a password manager that that allows for this, without having all of my passwords out there in the cloud? Again...just local protection is all I'm looking for.

Thanks.

 

[N4Newbie]

I have used eWallet for years and like it more than any other password manager that I have tried. It's database is local on your device or, if you prefer, you can leave a copy (encrypted) on your Dropbox account and then sync multiple devices as desired. For example, I currently use both eWallet/Windows and eWallet/Android (purchased separately for one-time fee) and allow both to sync to Dropbox. Previously, I skipped the Dropbox sync and simply synced Windows/Android "on demand" over my home Wi-Fi connection (there are other options for syncing, also).

Ilium Software :: eWallet

https://play.google.com/store/apps/details?id=com.iliumsoft.android.ewallet.rw

 

[bigzdog]

Keepass is what I use. It is offline and has a database file which holds all passwords. https://keepass.info/

There is an Android app which opens the same database file, but you will need to manually copy between devices or use some cloud storage to hold it.
https://play.google.com/store/apps/details?id=com.android.keepass&hl=en

 

[Mooncatt]

To be blunt, if what you want is only a local file with no automated functions and other benefits of a manager, then I think you may as well stick to your password protected spreadsheet. That's about what any manager would be reduced to anyway to meet all of your goals.

I get that you don't want all of your passwords out on the cloud, which would be a huge security concern. I can't speak for other managers, but I love what Last Pass does regarding the security of your information. It's encrypted in multiple ways, and this is all done locally on your devices. No plain text data is sent to their servers. All they get is this massively encrypted blob of data that they don't even have a back door to.

They even go so far as to not give you an option to reset your master password. When you create it, you can make your own hint. If you forget your password, your only option is to have your hint provided to you. If you can't figure it out, your data is completely locked out. I would go so far as to say I wouldn't be concerned if they sent my blob to the NSA. For a very thorough explanation of their security measures, check out this video and it may put some fears to rest. Fast forward to 1:13:00

https://youtu.be/r9Q_anb7pwg

Last Pass does store on the cloud, but locally as well. So with them, you do still get that benefit. If you don't want it to auto fill, you could go to the entries in their app and copy the passwords.

So yeah, if you want to explore a full fledged password manager, you're going to have to accept a lot of such features.

 

[Needkeys]

Thanks for the replies. I watched the video, and LastPass obviously sounds very compelling. Frankly, this whole area is one of the more unnerving security issues for me. I'm the guy that long ago froze all of my credit reports with all of the agencies, uses 2FA wherever and whenever possible, and have never placed a single thing into the cloud (except, I suppose, the spotify playlists that I haven't downloaded to my phone). I'm paranoid...period. And, to be just as blunt, it seems that every week there's another shocking piece of news out there about private data being stolen that everyone thought was safe. LastPass seems great....as long as no one is ever able to somehow discover, or decrypt, or hack into my phone and steal, my LastPass password. With that one password, they would have access to my life. I'm just saying it's very scary to me.

All that aside, I will look at both e-wallet and LastPass. Using any true password manager requires a level of trust that I have a hard time with, but I suppose we either evolve or evaporate. Thanks again for the suggestions here.

 

[Mooncatt]

LastPass seems great....as long as no one is ever able to somehow discover, or decrypt, or hack into my phone and steal, my LastPass password. With that one password, they would have access to my life. I'm just saying it's very scary to me.

Lets put this into a better perspective. Yes, it's possible for anything to be hacked, be it the password to your spreadsheet or the password to your manager account. So in either case, the worst scenario is them getting access to all of your passwords. Now let's look at the possible outcomes.

With your spreadsheet, what can you do? You can not remotely wipe it or reset the master password, meaning they could have a field day with it. It'll also be more time consuming to change your passwords because you have to go through the "forgot password" options and you will have to be extra careful to not forget any sites (By the sounds of it, I'm guessing you don't have any off site backups to reference). You literally would be starting from scratch.

With Last Pass (and maybe some others), you can remotely kill the active session on all devices. If your phone is stolen, you can log in on a computer to log out and delete your vault from the phone. Yes, there's a chance they could prevent this by deactivating data, but it's still more of a fighting chance than a spreadsheet. You'll also still have the ability to remotely change your master password to re-secure your data, and still have your vault to easily reference every site and use your existing passwords to log in and properly change them. It's not full proof (and nothing is when it comes to a hack), but it's a better chance of limiting the damage and recovering than your current method.

I know I sound like a paid spokesman for Last Pass, but no. I just learned a lot of their system while researching what would work best for me. In my case, it fit the bill. If you look into it more and find something else may be a better fit for you, go for it. It just sounds like you're not up to speed of the various security measures in place for these systems, or the other benefits they have.

 

[Needkeys]

I’ll readily admit I’m not up to speed on the effectiveness and security of the measures in place. But as I read on this, I encounter very informative and compelling posts like yours...and I also encounter snippets like these:

"Browser-based password manager extensions should no longer be used because they are fundamentally risky and have the potential to have all of your credentials stolen without your knowledge by a random malicious website you visit or by malicious advertising."

Or this...


“Also, I'm not sure I would trust any form of encryption to take "thousands of years" to crack, at least for an organization with enough resources and specialized hardware. Of course, that goes for all encrypted communications, not just password storage. It's usually enough to keep out random criminals though, but there's still the possibility that they might use a vulnerability or malware to get to the stored data without actually having to break the encryption.”

I’m sure opinions run the spectrum on this. I’m going to keep reading and hopefully make the right decision for me at the end of it all.

FWIW, my ss is backed up on an external hard drive, and I keep a hard copy in my safe at home....right next to my Trezor.

Thanks again for all the info.

 

[ManiacJoe]

Another vote for KeePass
https://play.google.com/store/apps/details?id=keepass2android.keepass2android

https://keepass.info/

 

[N4Newbie]

FWIW, the one primary thing that I dislike about LastPass (there are others, but let's stick with the primary) is the way it arranges items in its storage bin.

With eWallet, I have a folder called "Work" in which I can quickly find everything work-related: my company credit card info, airline frequent flyer stuff, work-related websites with login/password info, "note" cards both tiny and extensive, etc. I have similar folders for "Personal Accounts", "Insurance", "Automobiles", and so on.

LastPass doesn't work this way at all. All websites are under one group, notecards under another, credit cards yet another. I dislike this arrangement immensely.