Password Security

Discussions of applications and operating systems and any problems, tips or suggestions. Win XP, 9x/2k, Linux, NT, photo editing, Virus/Spyware help
Post Reply
User avatar
Elmdea
Goober Member
Posts: 17
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Password Security

Post by Elmdea »

Is Last Pass the best option out there? Part of why I'm asking is I've been slowly adding sites to it. When I log into those sites, UN and PW are already there, all I have to do is click. I'm not sure that's how its supposed to work. Doesn't feel "safe" to me, unless I shut down my computer every time I leave it, which is, ummm ... no.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Password Security

Post by FlyingPenguin »

Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Elmdea
Goober Member
Posts: 17
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Post by Elmdea »

Thank you. I suspect I'm using it incorrectly. Time to find some "how to use". As I recall, I signed up while John was still with us and I wasn't super focused on it. I'm catching up with a number of things these days. But boy do I miss him!!!
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Password Security

Post by psypher »

FlyingPenguin wrote:Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.

It's a good solution for most people, and I recommend it to clients.
Well, they have had issues in the past, like when they had vulnerabilities in their browser extension back in 2017, 2 years after the profit 1st company Logmein bought them out.
https://www.pcworld.com/article/3185731 ... tk.rss_all

They were bought out this past December by a private equity firm, which means it's only going to get worse.


Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
Last edited by psypher on Wed Jan 15, 2020 3:10 pm, edited 1 time in total.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Password Security

Post by FlyingPenguin »

Sigh. Hadn't heard about a PE firm buying them out. Good to know. I'll put Bitwarden on my recommend list.

I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything. :)
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Post by Executioner »

Bummer...I still use Last Past. Had no idea they were bought out. I've never had any issue with them. I use a 15 character master password, and all the other sites use a 12 character password.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Post by Losbot »

Same. Using LastPass with a long master password with special characters. PE firm buying them doesn't make me feel too good.
Might have to look into other options.
User avatar
Elmdea
Goober Member
Posts: 17
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Post by Elmdea »

Given that PE firms can get squirrely really fast, depending on who's at the helm, I'm going to take a look at Bitwarden.
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Post by Executioner »

Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
I have this app now installed, and transferred my LastPass data into the program. The only difference I've noticed is that BitWarden does not auto fill the sites automatically. I have to right-click then tell it to auto fill the info.
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Post by Executioner »

Update - I found the option that will auto fill the log in fields, but it won't automatically log in. I have to hit the log in button. Not a big deal, and it does seem to work better than LastPass. In fact, LastPass has given FireFox some issues with the log in. I keep getting an error about the user name. I then have to manually click on the log in after it autofills. Never had this issue before.

So I think I'm slowly going to migrate away from LastPass. I had to manually enter in my 50+ logins after an export from LastPass to a CVS file.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Post by Losbot »

No easy migration from LastPass to Bitwarden?
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Post by Executioner »

Losbot wrote:No easy migration from LastPass to Bitwarden?
Yes there is. Stupid me, I did not look at all the options, and it does import LastPass CSV file.
User avatar
Elmdea
Goober Member
Posts: 17
Joined: Wed Jan 08, 2020 9:22 pm
Contact:

Re: Password Security

Post by Elmdea »

I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Re: Password Security

Post by Executioner »

Elmdea wrote:I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
Options - Tools from the setting menu when you click on the gears.
https://help.bitwarden.com/article/import-data/
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Password Security

Post by Losbot »

Does it keep the categories?
Post Reply