Password Security

Discussions of applications and operating systems and any problems, tips or suggestions. Win XP, 9x/2k, Linux, NT, photo editing, Virus/Spyware help
User avatar
Elmdea
Goober Member
Posts: 10
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Password Security

Postby Elmdea » Wed Jan 15, 2020 12:21 pm

Is Last Pass the best option out there? Part of why I'm asking is I've been slowly adding sites to it. When I log into those sites, UN and PW are already there, all I have to do is click. I'm not sure that's how its supposed to work. Doesn't feel "safe" to me, unless I shut down my computer every time I leave it, which is, ummm ... no.

User avatar
FlyingPenguin
Flightless Bird
Posts: 29281
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Password Security

Postby FlyingPenguin » Wed Jan 15, 2020 1:02 pm

Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.
- "No matter where you go, there you are." -Buckaroo Banzai

Image

User avatar
Elmdea
Goober Member
Posts: 10
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Postby Elmdea » Wed Jan 15, 2020 1:33 pm

Thank you. I suspect I'm using it incorrectly. Time to find some "how to use". As I recall, I signed up while John was still with us and I wasn't super focused on it. I'm catching up with a number of things these days. But boy do I miss him!!!

User avatar
psypher
Senior Member
Posts: 480
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Password Security

Postby psypher » Wed Jan 15, 2020 2:01 pm

FlyingPenguin wrote:Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.


Well, they have had issues in the past, like when they had vulnerabilities in their browser extension back in 2017, 2 years after the profit 1st company Logmein bought them out.
https://www.pcworld.com/article/3185731 ... tk.rss_all

They were bought out this past December by a private equity firm, which means it's only going to get worse.


Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
Last edited by psypher on Wed Jan 15, 2020 3:10 pm, edited 1 time in total.

User avatar
FlyingPenguin
Flightless Bird
Posts: 29281
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Password Security

Postby FlyingPenguin » Wed Jan 15, 2020 3:04 pm

Sigh. Hadn't heard about a PE firm buying them out. Good to know. I'll put Bitwarden on my recommend list.

I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything. :)
- "No matter where you go, there you are." -Buckaroo Banzai

Image

User avatar
Executioner
Life Member
Posts: 9033
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Wed Jan 15, 2020 7:43 pm

Bummer...I still use Last Past. Had no idea they were bought out. I've never had any issue with them. I use a 15 character master password, and all the other sites use a 12 character password.

User avatar
Losbot
Almighty Member
Posts: 3424
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Postby Losbot » Fri Jan 17, 2020 10:27 am

Same. Using LastPass with a long master password with special characters. PE firm buying them doesn't make me feel too good.
Might have to look into other options.

User avatar
Elmdea
Goober Member
Posts: 10
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Postby Elmdea » Fri Jan 17, 2020 10:45 am

Given that PE firms can get squirrely really fast, depending on who's at the helm, I'm going to take a look at Bitwarden.


Return to “OS / Software Forum”

Who is online

Users browsing this forum: No registered users and 2 guests