Password Security

Discussions of applications and operating systems and any problems, tips or suggestions. Win XP, 9x/2k, Linux, NT, photo editing, Virus/Spyware help
User avatar
Elmdea
Goober Member
Posts: 14
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Password Security

Postby Elmdea » Wed Jan 15, 2020 12:21 pm

Is Last Pass the best option out there? Part of why I'm asking is I've been slowly adding sites to it. When I log into those sites, UN and PW are already there, all I have to do is click. I'm not sure that's how its supposed to work. Doesn't feel "safe" to me, unless I shut down my computer every time I leave it, which is, ummm ... no.

User avatar
FlyingPenguin
Flightless Bird
Posts: 29454
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Password Security

Postby FlyingPenguin » Wed Jan 15, 2020 1:02 pm

Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.
- "It has been said that democracy is the worst form of Government except for all those other forms that have been tried from time to time." -Winston S Churchill

Image

User avatar
Elmdea
Goober Member
Posts: 14
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Postby Elmdea » Wed Jan 15, 2020 1:33 pm

Thank you. I suspect I'm using it incorrectly. Time to find some "how to use". As I recall, I signed up while John was still with us and I wasn't super focused on it. I'm catching up with a number of things these days. But boy do I miss him!!!

User avatar
psypher
Golden Member
Posts: 515
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Password Security

Postby psypher » Wed Jan 15, 2020 2:01 pm

FlyingPenguin wrote:Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.


Well, they have had issues in the past, like when they had vulnerabilities in their browser extension back in 2017, 2 years after the profit 1st company Logmein bought them out.
https://www.pcworld.com/article/3185731 ... tk.rss_all

They were bought out this past December by a private equity firm, which means it's only going to get worse.


Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
Last edited by psypher on Wed Jan 15, 2020 3:10 pm, edited 1 time in total.

User avatar
FlyingPenguin
Flightless Bird
Posts: 29454
Joined: Wed Nov 22, 2000 11:13 am
Location: Lady Lake, Florida
Contact:

Re: Password Security

Postby FlyingPenguin » Wed Jan 15, 2020 3:04 pm

Sigh. Hadn't heard about a PE firm buying them out. Good to know. I'll put Bitwarden on my recommend list.

I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything. :)
- "It has been said that democracy is the worst form of Government except for all those other forms that have been tried from time to time." -Winston S Churchill

Image

User avatar
Executioner
Life Member
Posts: 9083
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Wed Jan 15, 2020 7:43 pm

Bummer...I still use Last Past. Had no idea they were bought out. I've never had any issue with them. I use a 15 character master password, and all the other sites use a 12 character password.

User avatar
Losbot
Almighty Member
Posts: 3511
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Postby Losbot » Fri Jan 17, 2020 10:27 am

Same. Using LastPass with a long master password with special characters. PE firm buying them doesn't make me feel too good.
Might have to look into other options.

User avatar
Elmdea
Goober Member
Posts: 14
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Postby Elmdea » Fri Jan 17, 2020 10:45 am

Given that PE firms can get squirrely really fast, depending on who's at the helm, I'm going to take a look at Bitwarden.

User avatar
Executioner
Life Member
Posts: 9083
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Tue Mar 03, 2020 9:52 pm

Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
I have this app now installed, and transferred my LastPass data into the program. The only difference I've noticed is that BitWarden does not auto fill the sites automatically. I have to right-click then tell it to auto fill the info.

User avatar
Executioner
Life Member
Posts: 9083
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Wed Mar 04, 2020 12:12 am

Update - I found the option that will auto fill the log in fields, but it won't automatically log in. I have to hit the log in button. Not a big deal, and it does seem to work better than LastPass. In fact, LastPass has given FireFox some issues with the log in. I keep getting an error about the user name. I then have to manually click on the log in after it autofills. Never had this issue before.

So I think I'm slowly going to migrate away from LastPass. I had to manually enter in my 50+ logins after an export from LastPass to a CVS file.

User avatar
Losbot
Almighty Member
Posts: 3511
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Postby Losbot » Fri Mar 06, 2020 9:01 pm

No easy migration from LastPass to Bitwarden?

User avatar
Executioner
Life Member
Posts: 9083
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Fri Mar 06, 2020 11:30 pm

Losbot wrote:No easy migration from LastPass to Bitwarden?
Yes there is. Stupid me, I did not look at all the options, and it does import LastPass CSV file.

User avatar
Elmdea
Goober Member
Posts: 14
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Postby Elmdea » Sat Mar 07, 2020 11:16 am

I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3

User avatar
Executioner
Life Member
Posts: 9083
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Postby Executioner » Sat Mar 07, 2020 9:57 pm

Elmdea wrote:I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
Options - Tools from the setting menu when you click on the gears.
https://help.bitwarden.com/article/import-data/

User avatar
Losbot
Almighty Member
Posts: 3511
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Postby Losbot » Sun Mar 08, 2020 4:39 pm

Does it keep the categories?


Return to “OS / Software Forum”

Who is online

Users browsing this forum: MSN [Bot] and 1 guest