Page 1 of 1

Password Security

Posted: Wed Jan 15, 2020 12:21 pm
by Elmdea
Is Last Pass the best option out there? Part of why I'm asking is I've been slowly adding sites to it. When I log into those sites, UN and PW are already there, all I have to do is click. I'm not sure that's how its supposed to work. Doesn't feel "safe" to me, unless I shut down my computer every time I leave it, which is, ummm ... no.

Re: Password Security

Posted: Wed Jan 15, 2020 1:02 pm
by FlyingPenguin
Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.

Re: Password Security

Posted: Wed Jan 15, 2020 1:33 pm
by Elmdea
Thank you. I suspect I'm using it incorrectly. Time to find some "how to use". As I recall, I signed up while John was still with us and I wasn't super focused on it. I'm catching up with a number of things these days. But boy do I miss him!!!

Re: Password Security

Posted: Wed Jan 15, 2020 2:01 pm
by psypher
FlyingPenguin wrote:Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.
Well, they have had issues in the past, like when they had vulnerabilities in their browser extension back in 2017, 2 years after the profit 1st company Logmein bought them out.
https://www.pcworld.com/article/3185731 ... tk.rss_all

They were bought out this past December by a private equity firm, which means it's only going to get worse.


Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.

Re: Password Security

Posted: Wed Jan 15, 2020 3:04 pm
by FlyingPenguin
Sigh. Hadn't heard about a PE firm buying them out. Good to know. I'll put Bitwarden on my recommend list.

I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything. :)

Re: Password Security

Posted: Wed Jan 15, 2020 7:43 pm
by Executioner
Bummer...I still use Last Past. Had no idea they were bought out. I've never had any issue with them. I use a 15 character master password, and all the other sites use a 12 character password.

Re: Password Security

Posted: Fri Jan 17, 2020 10:27 am
by Losbot
Same. Using LastPass with a long master password with special characters. PE firm buying them doesn't make me feel too good.
Might have to look into other options.

Re: Password Security

Posted: Fri Jan 17, 2020 10:45 am
by Elmdea
Given that PE firms can get squirrely really fast, depending on who's at the helm, I'm going to take a look at Bitwarden.

Re: Password Security

Posted: Tue Mar 03, 2020 9:52 pm
by Executioner
Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
I have this app now installed, and transferred my LastPass data into the program. The only difference I've noticed is that BitWarden does not auto fill the sites automatically. I have to right-click then tell it to auto fill the info.

Re: Password Security

Posted: Wed Mar 04, 2020 12:12 am
by Executioner
Update - I found the option that will auto fill the log in fields, but it won't automatically log in. I have to hit the log in button. Not a big deal, and it does seem to work better than LastPass. In fact, LastPass has given FireFox some issues with the log in. I keep getting an error about the user name. I then have to manually click on the log in after it autofills. Never had this issue before.

So I think I'm slowly going to migrate away from LastPass. I had to manually enter in my 50+ logins after an export from LastPass to a CVS file.

Re: Password Security

Posted: Fri Mar 06, 2020 9:01 pm
by Losbot
No easy migration from LastPass to Bitwarden?

Re: Password Security

Posted: Fri Mar 06, 2020 11:30 pm
by Executioner
Losbot wrote:No easy migration from LastPass to Bitwarden?
Yes there is. Stupid me, I did not look at all the options, and it does import LastPass CSV file.

Re: Password Security

Posted: Sat Mar 07, 2020 11:16 am
by Elmdea
I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3

Re: Password Security

Posted: Sat Mar 07, 2020 9:57 pm
by Executioner
Elmdea wrote:I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
Options - Tools from the setting menu when you click on the gears.
https://help.bitwarden.com/article/import-data/

Re: Password Security

Posted: Sun Mar 08, 2020 4:39 pm
by Losbot
Does it keep the categories?