Password Security
Password Security
Is Last Pass the best option out there? Part of why I'm asking is I've been slowly adding sites to it. When I log into those sites, UN and PW are already there, all I have to do is click. I'm not sure that's how its supposed to work. Doesn't feel "safe" to me, unless I shut down my computer every time I leave it, which is, ummm ... no.
- FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Password Security
Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.
It's a good solution for most people, and I recommend it to clients.
It's a good solution for most people, and I recommend it to clients.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: Password Security
Thank you. I suspect I'm using it incorrectly. Time to find some "how to use". As I recall, I signed up while John was still with us and I wasn't super focused on it. I'm catching up with a number of things these days. But boy do I miss him!!!
Re: Password Security
Well, they have had issues in the past, like when they had vulnerabilities in their browser extension back in 2017, 2 years after the profit 1st company Logmein bought them out.FlyingPenguin wrote:Yes, Last Pass is safe and secure ASSUMING you have a strong master password. Lastpass never has your passwords. They encrypt and decrypt them with your master password locally. All that's stored in the cloud is an encrypted blob no one can read without the master password.
It's a good solution for most people, and I recommend it to clients.
https://www.pcworld.com/article/3185731 ... tk.rss_all
They were bought out this past December by a private equity firm, which means it's only going to get worse.
Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
Last edited by psypher on Wed Jan 15, 2020 3:10 pm, edited 1 time in total.
- FlyingPenguin
- Flightless Bird
- Posts: 32784
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
Re: Password Security
Sigh. Hadn't heard about a PE firm buying them out. Good to know. I'll put Bitwarden on my recommend list.
I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything.
I personally use Sticky Password in self hosted mode myself, but that's for the everyday passwords. My old school technique for all my passwords is to keep them in an AES256 encrypted Zip file on my workstation that I sync to a pocket flash drive and my laptop regularly. But that's because I've been doing it that way forever and I'm old school and don't trust anything.
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
- Executioner
- Life Member
- Posts: 10141
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Password Security
Bummer...I still use Last Past. Had no idea they were bought out. I've never had any issue with them. I use a 15 character master password, and all the other sites use a 12 character password.
Re: Password Security
Same. Using LastPass with a long master password with special characters. PE firm buying them doesn't make me feel too good.
Might have to look into other options.
Might have to look into other options.
Re: Password Security
Given that PE firms can get squirrely really fast, depending on who's at the helm, I'm going to take a look at Bitwarden.
- Executioner
- Life Member
- Posts: 10141
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Password Security
I have this app now installed, and transferred my LastPass data into the program. The only difference I've noticed is that BitWarden does not auto fill the sites automatically. I have to right-click then tell it to auto fill the info.Personally, I recommend https://bitwarden.com. They have pretty much the same features and implement the same security measures. A big difference is BitWarden is open source, so easier for security researches to audit them. You can also self host if technically inclined, otherwise they have a free plan which offers more features than LastPass's free option and paid service as well that adds many useful features and is cheaper.
- Executioner
- Life Member
- Posts: 10141
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Password Security
Update - I found the option that will auto fill the log in fields, but it won't automatically log in. I have to hit the log in button. Not a big deal, and it does seem to work better than LastPass. In fact, LastPass has given FireFox some issues with the log in. I keep getting an error about the user name. I then have to manually click on the log in after it autofills. Never had this issue before.
So I think I'm slowly going to migrate away from LastPass. I had to manually enter in my 50+ logins after an export from LastPass to a CVS file.
So I think I'm slowly going to migrate away from LastPass. I had to manually enter in my 50+ logins after an export from LastPass to a CVS file.
Re: Password Security
No easy migration from LastPass to Bitwarden?
- Executioner
- Life Member
- Posts: 10141
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Password Security
Yes there is. Stupid me, I did not look at all the options, and it does import LastPass CSV file.Losbot wrote:No easy migration from LastPass to Bitwarden?
Re: Password Security
I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
- Executioner
- Life Member
- Posts: 10141
- Joined: Wed Nov 22, 2000 11:34 am
- Location: Woodland, CA USA
Re: Password Security
Options - Tools from the setting menu when you click on the gears.Elmdea wrote:I'm such a chicken about this stuff, sigh. Reading the posts is helping big time! Soooo grateful there's an option to import the CSV file! Thank you <3
https://help.bitwarden.com/article/import-data/
Re: Password Security
Does it keep the categories?