Password Manager?

[GameBoy27]

I have many passwords. I used to use Password Keeper on my BlackBerry which served the purpose. Now that I have an iPhone, I went with 1Password. I've entered 30 or so passwords and have many more to go. Then I received a notice my "free trial" is over and I have to pay $50 a year. I guess I missed that. Not interested in one with annual fees.

Is there a free manager available that I can access both on my iPhone and PC?

 

[CapitalGuy]

Your risks are: etc

Hi. Thanks for responding to my question. Much appreciated.

 

[cancowboy2001]

But what's the risk of someone hacking lastpass and getting access to ALL your accounts? Is it hackable?

Google's Project Zero found a vulnerability as reported last week. Lastpass has 90 days to create a fix. No exploits in the wild yet. They have acted quickly in the past with other reported flaws in their product.
https://arstechnica.com/security/20...derscores-the-dark-side-of-password-managers/

The vulnerability is the third one Ormandy has privately reported to LastPass this month. Last week, he described bare-bones details of two different flaws found in LastPass extensions for multiple browsers. LastPass developers quickly implemented changes on their server that made the flaws harder to exploit and released patches two days later.

Here's an attack on their servers from 2015
https://arstechnica.com/security/20...-lastpass-exposes-encrypted-master-passwords/

 

[CapitalGuy]

Makes me think that a paper-based record locked is the best bet lol.

 

[james t kirk]

But what's the risk of someone hacking lastpass and getting access to ALL your accounts? Is it hackable?

Right now I keep my passwords on an encrypted notes app on my phone only, not linked to the cloud, and for some accounts without full information. So to get into it someone has to get my phone, access it via the access code, then access the app with a code. Then there is a list of accounts with mixed information. Some are account numbers and passwords, others are stuff like "Rogers: yahoo, Dave's cottage". So, I know that for Rogers I used my yahoo email and the name of the lake Dave's cottage is on. That part is unhackable, as it's meaningless to anyone but me. But the ones that have full account number and actual password are vulnerable if hacked. But I need to list the full account number and password or I'll forget. Is last pass any safer than that - stored on my phone on an encrypted note?

I keep hard copy in my safe deposit box at the bank in case my phone dies, lol.

I had the same thought as you with respect to Hacking where accounts are involved.

What I do is 2 fold.

1. I scramble account numbers by transposing 4 of the numbers in a particular pattern. I do this for all accounts involving numbers.

2. My password is not really THEE password, but is a reminder to me that would only mean something to me.

So if someone busted into my phone and password keeper, they would encounter gibberish on both fronts.

That said I think the thing you need to be really concerned about is key stroke spy ware. That will get around pretty much every safeguard you can think up.