Revelation password manager mac os

But what if you forget a saved password in something like your Gmail email account saved within iOS? Revelation can help there, too. As you can probably tell by now, Revelation is a new jailbreak tweak that allows you to see your otherwise hidden passwords in the clear.

Snadboys Revelation - Download

Not only will it prevent your passwords from being masked as you type, you can also go back and reveal saved passwords in their unmasked form. Take a look at our video walkthrough inside, and decide if its something you might benefit from. As you can see from our video demo, Revelation unmasks hidden passwords in standard HTML password fields. It has the ability to reveal lost or forgotten passwords, and also showcases your passwords as you type them in native fields. By far, one of the coolest things about Revelation is the recovery feature. With this, you can recover passwords when the field contains a saved password, a field which is normally masked.

Hints appreciated. It even has an option to obfuscate the typing to trick keyloggers. For android, I recommend Keypass2Android: it comes with a custom keyboard you can enable temporarily, which inputs your password without going through the android clipboard.

I use it with the dropbox app as well, I'm not sure why it's not working for you. KeePassDroid is another good one for Android. It does use the clipboard though by giving you two notifications to click on. One for the username, and one for the password of the chosen credentials. I need to give KeePass2Android a try. I would try Keepass Droid[1]. I used a similar setup in the past and didn't have issues opening.

Personally, I don't like the idea of browser plugins and I'm perfectly happy using copy and paste. For personal use, I've been using LastPass for a few years but have been slowly migrating away from it in recent months. I have intentionally avoided the Mono-based applications. KeePassX has similar "auto-fill" functionality as well. It's not as perfect or as seamless as LastPass but it is definitely usable after a bit of one-time per-site tweaking in some cases. Although I don't do it now, I have in the past kept my password databases in Dropbox.

LocalPCGuy on Feb 4, As others have said, why migrating away from LastPass? They definitely seem to be doing things properly in terms of security and I've been very happy with the security, as well as the ease of use when I set it up on a new machine. The problem with in-browser password management is that the attacker does not need to escape the browser. Addons like LastPass are mainly concerned with remote server weaknesses, but nothing will protect the browser from itself. I also have the mobile app installed on my iPhone. Why the switch? I work for an ISP and also manage systems and networks for schools, government organizations, health care facilities, investment firms, law offices, you name it.

How to Protect Your Mac with Password Manager

If someone were to gain access to all of my stored credentials, they could do a LOT of damage -- to myself as well as many, many others. While I have no reason to believe that there's anything wrong with LastPass from a security point of view , I am certain that the level of risk is lower with, i. LastPass user here, wondering why? I looked into LastPass last week.

It looked great on desktops, but on Android it's basically a separate browser. That's a no-go for me, I'd rather stick with Chrome. It's not a password manager, it's just an open source hashing algorithm that protects you from sites storing your password poorly. Instead of depending on them to store your password in a one-way hash, it does it on your end before sending the password to the site.

The form on the site is just a demo and backup if you need to use it outside of your own browser. What you really want is the extension for most major browsers. You can type in the same strong password to every site and the extension will always hash it to the site specific password so you don't have to worry about them storing it poorly. You can also use unique master passwords for certain sites, if you so choose. I ended up ditching it in favor of KeePass mostly because if a site is hacked and your plaintext hash is compromised there isn't a clean way to generate a new password every time.

I used pwdhash for a long time, and moved to KeePass. Oh nice, I've been thinking about something like this a lot lately. I don't really like the idea of truncating the generated password, though. I'd rather it use a proper KDF and fill the password field to its limit. I think the reason they did it is because a lot of sites have maximum password lengths that would prevent the full output. Those are exactly the type of sites that you want to be using something like this on.

Sure, but as long as the site actually sets the password length limit on the field it shouldn't matter. It will obviously be truncated a lot of the time, but I'd rather it be truncated at thelongestpossible point. From looking around it seems like the reason is that they wanted the visual representation of typing the password to reflect the number of characters you actually typed as you type them. I'm not sure if this comes out true, though, as I can't actually get it to work in chrome.

The chrome extensions requires putting ' ' at the start of the password field. This turns it yellow to indicate it is now active for that field. Yes, but in my experience sites rarely implement this. If they do, it's probably inconsistent i. Yep, tried that. Just doesn't do anything at all as far as I can tell. Maybe it has issues with linux chromium? I dunno. Re password lengths, my experience is that they usually truncate on the server side at that point, rendering it pretty moot. But yes, I do see this problem.

I'm just not sure you're not going to run into it either way if you're practicing good password hygiene. I'd still prefer it make an attempt at adding as much difficulty to the password as possible, though. This is an unbelievably audacious security shell game; I can't really believe this nonsense idea has somehow managed to gain traction. The server is ephemerally delivering the code that supposedly encrypts your content securely. How do you not have to trust the host?

  • how to type x bar in microsoft word mac?
  • Related Articles?
  • Revelation - Download.
  • Snadboy Revelation For Mac;
  • Disclose hidden passwords in an intuitive way;
  • how to set password on my mac computer.

By saving the HTML file and opening your local copy. You can audit the code and verify yourself that nothing will go over the wire unencrypted to their servers, so you get the benefit of them hosting the encrypted passes without having to trust them with your data. If you want it available anywhere, you don't want to save the file locally, and you don't trust the host, just host it yourself or grab it from Github.

And hoping it includes all the java it needs, and doesn't go out and pick up some 3rd party library? You would have to audit it to ensure it never includes everything else, or posts anything externally with every release. Not my cup of tea, personally. What Java? What dependency are you imagining you're not going to have? Exactly as you would with KeePass, or any other conceivable solution. If you don't want to audit future releases, save the last one you audited and use that.

Oops, JavaScript, not Java. Fasebook on Feb 4, Don't forget to audit your browser the thing without a version number anymore and with various metatemplates and it dynamically downloads on every load and it's implementation of ECMAScript. But everyone already knew that. Really, auditing this is impossible. By that logic, you can't know KeePass is safe without auditing Mono, your compiler, your checksum tool, the editor you used for the audit, the logic gates of your CPU, etc.

Auditing anything is impossible. If you can't get a copy of Firefox that you trust hasn't been altered as part of a conspiracy to make you believe OneShallPass is a legit password manager, you've got bigger problems. Additional features: - It works offline. ScottWhigham on Feb 4, The obvious and huge difference then would be that KeePass requires a password or key file to open but an HTML page requires only a browser or text editor. Major, major difference to me. Did you spend even two seconds looking at OneShallPass? Literally the second thing on the page is a field asking for a passphrase, and yet you came here to complain that it doesn't require a passphrase.

The passwords are encrypted. The fact you can read the decryption algorithm in your text editor doesn't let anyone know your passwords, any more than you being able to download and read the source of KeePass lets you read other people's KeePass passwords. I use a password locker. It makes me wish there was an open standard for sites to negotiate a new entry with a password manager, something automatic in the background for new registrations.

Site could send password restrictions, like allowed and required character types, minimum length, even maximum length, though that last one would be frowned upon.

Honorable Mention: iCloud Keychain

The locker would reply with a preferred username and random password and add same to the database upon acceptance. God damn what you mentioned is a brilliant idea.

I wish there was some standard for it. These are problems that I'm often inclined to work on solving, but unfortunately they are also the kind that need lots of time and adoption and formal procedures and acceptance from a large group of people to go anywhere so I tend to just day dream about them for a little while then give up, hoping some standard body or an organization like Mozilla do something about it.

Whats the barrier to an RFC? Can just anyone submit one? I'll try a writeup if anyone thinks it's worth putting out there. I don't think there's any significant barrier to publishing it probably no barrier at all. But my perception is everything comes after that I do want to get away from LastPass as my trust in the cloud especially US based cloud services took a dive after Snowdon. Except that Lastpass doesn't know your passwords.

Everything is encrypted before it is sent to Lastpass using a password you control. I use LastPass, but just sayin'. SideburnsOfDoom on Feb 4, Been using them for a long time. Best software for these purposes. Developers, if you see this, please enable Bitcoin donations. I have been using this for right at 2 years now and I like it. I havent tried others but it serves my needs and satisfies whatever attributes I need to feel safe. At times, it contributes to what I call "log in anxiety" in that it necessitates opening the program, and inputting a password to get my other password.

But no one ever said the extra security was synonymous with convenience. And I dont leave it open, nor do I allow it to store any information in browser plugins as this seems counter productive to the sensitive passwords I use in this program. Brajeshwar on Feb 4, I'm, to this day, a dedicated proponent of Keepass. Even for OS X, if one cannot afford 1Password yet or do not want to buy it just yet, Keepass is the one.

Suggestion is to open it as "read-only" unless you're adding new entries. You can have that on a thumb-drive or some place you know. One can set parameters of what password is generated. I have click to get that in 1Password. If I remember correctly, Keepass even has a portable version.

Snadboys Revelation

Regarding password generation, if you're using OS X you can use Alfred with a workflow to generate a password. If I may, I have a question that was inspired by using password managers. Does anyone see any security issues with supporting on a website allowing the user name and password to be entered together in one field? The normal way of entering the user name into one field and the password into another would continue to work.

The site would simply check and if the user name field content is blank, and the password field content has a space in it, the password field content will be assumed to actually be the user name and password together, separated by a space. This would be convenient when using a password manager on an iPad.

I sometimes get tired of having to do this: 1. Password managers would become useless then, because you would be able to use simple passwords that you may remember, while being even more secure. A while back I set off half a day to setup KeePass, not that setting up KeePass takes that long - but generating random passwords for all the sites that I use did.

KeePass is great, there's an app for Windows Phone that is great and there is a third party plugin for Chrome that will both enter and help me save passwords when the vault is open. Great software, everyone should be using password vaults. ParadisoShlee on Feb 4, I love KeePass, but I want the freaking policy to apply to the database and not the application opening the database - Which is crazy talk! Anyone know if the U2F thing is worth waiting for?

DDR0 on Feb 4, I started using KeePassX because it was a good cross-platform way to store my passwords. I'd had a couple cases where a password had simply gone -missing- for me, so I figured it was time to put all my eggs in one basket and try to not drop that. I figured it was less of a security vulnerability than reusing the same password a bunch of times.

I've currently got the kbd file up on the internet at large, in case my house burns down. I figure it'll make HN if the.

What Makes a Password Manager the Best for Mac

It's a sort of wishful, hopeful approach to password security, really. I wouldn't recommend using it yet, but any feedback would be super helpful. I have been using it since version 1. I'm syncing it via ownCloud for as a testrun https, non-US site and it works fine. Not sure I ultimately want to do that via the cloud though. I have this problem as well. For some reason KeePass 2. So if I want to exchange between the 2, I have export from KeePass 2.

So not ideal. I'm considering switching from KeePass 2. TuxLyn on Feb 4, Installed it, seen "I understand that my encrypted data will be sent to LastPass" then uninstalled it. Passwords should never be stored online no matter how secure the service claims to be. Using it and loving it. At the office, we have a usb key that contains the key file to open Keepass.

So it's like a key that's also a key, you know Is this a desktop-only solution, i. Then it is bound to be a no-go for most users. My checklist is pretty short: 1. Synced or Shared database between all clients. No subscription cost upfront cost OK. Nice-to-have things would be browser plugins, command line interface etc. It has mobile counterparts. I think syncing is always through some other service, some apps claim a nice integration with dropbox, some are more tedious I use miniKeePass on iOS and it's not fun to sync , but you won't have any fees other that what you pay for dropbox or some other third party storage.

Overall keepass is far from perfect and lacks polish, but it's good enough for most purposes, and doesn't require an internet connection, which opens more use cases keeping banking info or wifi passwords for instance. Fogest on Feb 4, If I save the database to dropbox so that I have it on multiple PC's at once, how can I ensure I do not overwrite a database that has new entries?

For example say on PC-A I make a change and save it. What happens if I then save in PC-B without opening the database up?