9 comments

[ 3.1 ms ] story [ 40.4 ms ] thread
I don't think that there is a one-size-fits-all product. I am a cofounder of Passpack, an online password manager for workgroups. So for me I've found my optimal solution (I built it!), but that doesn't mean it is optimal for every use case. Sometimes I also use the browser's password manager, for example for some non critical sites. Firefox's built-in password manager has good security measures. However since I prefer to browse with Chrome, and Chrome does not have a master password protection, that leads me to rely entirely on Passpack. So as a first step, I think Chrome should add a master password to protect the stored passwords. There's little point in adding sharing features if basic in-browser protection is still missing.
There is an optional feature to encrypt with a master passphrase.

Ref: http://lifehacker.com/#!5662970/add-an-extra-layer-of-securi...

Maybe. But it seems to only be connected to sync. Do you know if there is a way to simply protect your stored passwords without start sync?
@kpozin, obviously I was replying to kylekramer :)
Unfortunately, that doesn't encrypt the passwords Chrome stores on your computer, meaning that anyone who has access to your Windows account can access all your stored passwords as plaintext.
1Password is my weapon of choice. Leaving a universal login on your browser isn't always a good idea.
I agree. In fact, I specified that using the browser is good in some cases with the caveat that there is at least a master password protection. But a good password manager is always a better idea. Of course everyone chooses the one that best fits his needs, but the important thing is that you use one. 1password is a great product for consumer and individuals.
I'd like to find out if this uses google's two factor auth (if you opt to use your account passphrase).

A second issue: encrypted arbitrary note data

I use lastpass right now along with yubikey for two-factor auth. Pretty nice.