I don't think that there is a one-size-fits-all product. I am a cofounder of Passpack, an online password manager for workgroups. So for me I've found my optimal solution (I built it!), but that doesn't mean it is optimal for every use case. Sometimes I also use the browser's password manager, for example for some non critical sites. Firefox's built-in password manager has good security measures. However since I prefer to browse with Chrome, and Chrome does not have a master password protection, that leads me to rely entirely on Passpack. So as a first step, I think Chrome should add a master password to protect the stored passwords. There's little point in adding sharing features if basic in-browser protection is still missing.
Unfortunately, that doesn't encrypt the passwords Chrome stores on your computer, meaning that anyone who has access to your Windows account can access all your stored passwords as plaintext.
I agree. In fact, I specified that using the browser is good in some cases with the caveat that there is at least a master password protection. But a good password manager is always a better idea. Of course everyone chooses the one that best fits his needs, but the important thing is that you use one. 1password is a great product for consumer and individuals.
9 comments
[ 3.1 ms ] story [ 40.4 ms ] threadRef: http://lifehacker.com/#!5662970/add-an-extra-layer-of-securi...
A second issue: encrypted arbitrary note data
I use lastpass right now along with yubikey for two-factor auth. Pretty nice.