Is it good?

>>62128662
It's a closed-source cloud-based password manager based in the US. In what way could that be considered good?

>>62128662
No

>>62128662
http://www.pcworld.com/article/2936621/the-lastpass-security-breach-what-you-need-to-know-do-and-watch-out-for.html

>>62128662
Betnet

>>62128662
Here you go; a list of password managers that are worth a shit: https://www.privacytools.io/#pw

File: ddf40342f86a52d5068828ed927002c9b21ac3cacb63e41fe5268d83f42f5869.png (49KB, 1000x893px) Image search: [Google]

49KB, 1000x893px

Paying $24 yr for US based proprietary trash

>>62128662
No, use keepass or don't use password managers at all.

File: 12439269_494860324019211_4031562324755954362_n.jpg (18KB, 540x540px) Image search: [Google]

18KB, 540x540px

>>62128662
No, don't trust them.
Just store your password database offline and use any KeePass version you like.

Those are just as conventient with the auto-type option (which automatically enters your username and password for the program/website in question when you press the specified shortcut)

If you for some reason need your database to be online, you could just sync it with whatever cloud storage you use.

>>62128662
yes

>>62128777
>If you for some reason need your database to be online, you could just sync it with whatever cloud storage you use.

If the cloud storage servers aren't encrypted to keep the owner from reading your passwords, and your password list isn't encrypted, then you may as well use LastPass.

File: pass.jpg (2MB, 2448x2448px) Image search: [Google]

2MB, 2448x2448px

I use it out of convenience. The ability to auto generate passwords and save them means I can have semi-secure passwords and forget them for sites I don't frequent.

Anyway get this

https://www.tindie.com/products/Russtopia/pss-mark-ii-password-generatorrecall-key-fob/

>>62128662
>storing your passwords in the cloud botnet

>>62128850
Holy fuck that's a clever idea

>>62128831
True, it should not be done, I just wanted to state that KeePass databases can be equivalent to LastPass.

>The ability to auto generate passwords and save them means I can have semi-secure passwords and forget them for sites I don't frequent.
Well, any password manager should be able to do that.

I also used LastPass for about a year. I dropped it after one day when I changed all my passwords due to a new security breach and exactly during that hour LastPass had syncing problems. The next time I opened my browser, all my newly generated passwords were gone and I was locked out of every account I owned.

>>62128946
meant for
>>62128850

>>62128946
This is why its best to keep your passwords out of the cloud. If you're using Linux, if you keep your keepass out of your downloads folder, there shouldn't really be a way for a hacker to access them via a firejailed web browser. Furthermore, you can still secure it by doing something like having an image or file not located on your computer, and instead on a flash drive or the like) as a 2nd verification to get into your keepass document.

>>62128946
>Well, any password manager should be able to do that.

Yeah I guess so, but the added convenience of doing it in a browser / in the text field I'm already in and across multiple devices is nice.

Obviously LP isn't the only service do this, but any service that does would be an equal botnet on /g/

>>62128985
Well, yeah. You're trusting a cloud based browser to auto-insert passwords. This means that the server itself has the ability to read them, otherwise they wouldn't be able to insert them.

As with most things, you have to find your own balance between security and convenience.

>>62128662
No lol.

But I use it anyway because I'm lazy tbqh

>>62128850
wtf is this autism? someone give me a quick rundown please.

also I just had to solve 25 captchas to post this.

wtf is google doing now?

>>62128831
>If the cloud storage servers aren't encrypted to keep the owner from reading your passwords, and your password list isn't encrypted, then you may as well use LastPass.
No.
It's not the same boat.
You always have to assume that "cloud storage servers" (aka: someone else' computer HDD) aren't "encrypted". Still, storing your .kdbx in plain sight, even in a publicly available location, is NOT comparable to using services like LastPass or BitWarden. The .kdbx itself can be stored in NSA' servers, it doesn't matter. What matters is ****how**** you get the password from the database, i.e. if you're decrypting the database with javascript in your browser, or with a closed source app, or with an open source app running locally. What is the best security-wise solution among these options is left as an exercise for the reader.

>>62129031
Don't tell me don't use legacy captcha.
If you don't, get 4chan X.

>>62129077
+ you*

>>62128994
>This means that the server itself has the ability to read them, otherwise they wouldn't be able to insert them.
not technically correct
>>62128985
>added convenience of doing it in a browser / in the text field I'm already in and across multiple devices is nice.
you can have that "added convenience" with KeepassXC and passifox or equivalent extension.

>>62129070
I think I worded this poorly. What I meant to say was that "if the servers aren't encrypted from the server owners," OR "the password file isn't encrypted itself (like keepass is)," that uploading your password list to a server was a bad idea.

>>62128662
Only use it for sites you don't care about and want easy access too.
Use local password manager or memorize for important stuff.

>>62129105
>What I meant to say was that "if the servers aren't encrypted from the server owners," OR "the password file isn't encrypted itself (like keepass is)," that uploading your password list to a server was a bad idea.
And I'm challenging this opinion of yours. You should assume that the servers aren't encrypted and the fact that the servers aren't encrypted should NOT matter.

>>62129126
to add on this,
>>62129105
>OR "the password file isn't encrypted itself (like keepass is),"
this OR is all you need.

>>62129126
Meh, well tested, open sourced encrypted clients should be fine. If you wanted to send yourself your password list unencrypted on, say Protonmail's servers, you'll probably be fine.

That said, its best just to keep it off-line altogether.

>>62128777
>>62128739
Any ideas how to migrate?

>>62129077
I use 4chanx but I use that image selection captchas. Legacy is the one with nigger text right? Legacy doesn't always work on 4chanx.

Anything more complex than Pass is bloat.
http://passwordstore.org/

>>62129166
https://www.qwant.com/?q=migrate%20lastpass$20to%20keepass&t=web

>>62129166
Do you have that many passwords? I've done it manually.
Also, if you really want to switch to an offline database, you should change all passwords you had on LastPass anyway.

>>62129165
>If you wanted to send yourself your password list unencrypted on, say Protonmail's servers, you'll probably be fine.
>>62129165
You're deciding to trust BOTH protonmail's storage/internal policies AND protonmail's protocol used to deliver the unencrypted password. It would be bad even if you decided to serve your _unencrypted_ password database from your own server in your own basement, since you're relying on TLS quirks & bugs---err, I meant, features. The security layer used to deliver the message does not and shall not inherently *add* security or privacy to the message. What matters is message security, not transport layer security. I could digress on how TLS means shit nowadays, thanks to professional MITM services like Cloudflare, but that would be quite a different topic.

Why are there like 5 differeent keepass versions in the repository

ree which to install

>>62129348
the community version. KeepassXC. It's the currently maintained one and improves on KeepassX v.2 ; keepass0 opens just .kdb, the other keepassx use .kdbx format and can import from .kdb just fine.
keepass (without x) is the original windows package, built with .NET. It requires mono. You do not want it.

>>62129348
>>62129379
I can also recommend KeePassXC.

Check out the Arch wiki if you want to know the differences.

>>62128662

I'm still not sure there's a good alternative.

Every autistic "I use a local keepass database I never sync to the cloud" is clearly written by someone with multiple computers. I need to save shit at home and get it from my work computer.

As soon as you say "I use keepass and Botnet Drive to sync" you might as well just use Lastpass.

How do you share Keepass files across platforms? I assume it's not an online thing, so changes to one machine wouldn't sync, right?

>>62129417
>As soon as you say "I use keepass and Botnet Drive to sync" you might as well just use Lastpass.
No. They are not comparable. See >>62129070
>What matters is ****how**** you get the password from the database, i.e. if you're decrypting the database with javascript in your browser, or with a closed source app, or with an open source app running locally. What is the best security-wise solution among these options is left as an exercise for the reader.

>>62129417
Don't you carry a flash drive around?

>>62128662
Botnet

>>62128662

Yes, it's good.

But like anything else that you don't have control over, you run the risk of exposure.

>>62129379
So I don't want the one from keepass.info?

>>62128662

No. Its not even the best of the cloud based password managers. It has been vulnerable in the past etc.

If you want the best one, use Encryptr . Sure, its still cloud based (run by SpiderOak, which is the best, client open source, so-called "zero knowledge" hosted dropbox alternative of its kind. Only things better right now are NextCloud installs etc).

Otherwise, use a database password manager, like Keepass / KeepassX and store the database itself online. But yeah. No LastPass, Dashlane or other shit.

>>62128703
That site is kinda shit.

It should at least have references to why they shouldn't use something instead of "HEY don't you use that.. Use these instead, just trust us.."

>>62130941
>It has been vulnerable in the past etc.
Except this is a good thing for a couple reasons
1. they fixed the issues
2. they were open enough to discuss the issues

You DO NOT want to trust the smaller password managers that still use the cloud because it's much harder to secure them when they just don't have funding to do so.

>>62128662
recently switched to firefox pass manager. don't give a shit anymore

>>62131270
As long as it has a password generator you're fine.

>>62131326
Since I use duckduckgo I just type in the search bar 'password average 15' and use that. don't need another pass generator

>>62131399
That also works just fine.

>>62130838
Exact.

>>62128662
keepass is better

There is no way to have a encrypted Keepass databass on a cloud server? Say you were to host your own cloud server using something like ownCloud wouldn't that be fine?

>>62131764
sure it is possible, what kind of dumb question this is?