trash
25
Dessalines
admin
link
177M

Lastpass and all those centralized pass stores scare the shit out of me. I don’t care how secure they say they are, hell even if it’s been audited, it’s still a giant bullseye for any hacker to get everyones passwords and bank accounts.

I’ll stick with keepass and syncthing ( self hosted bitwarden is also good ).

@reverseHexdump
link
37M

pass is also very nice. It has git integration, so you can use that for syncing. It also has got a decent android app. https://www.passwordstore.org/

@someone
link
107M

I get locking support behind a paywall that makes sense, but device type limitation? That’s some A+ bullshit right there 👌🏼 KeePass for the win 😎

@Sensei
link
87M

+1 for Keepass, excellent open source password manager

Travis Skaalgard
link
97M

I’m glad I switched to KeePass. I have to manually sync my password database but it doesn’t change that much and I have a USB dock for my phone so it’s easy anyway.

Elbullazul
link
87M

If I hadn’t already switched to bitwarden, this would have made me do it

@someone
link
87M

tl;dr From March 16th onwards free users will no longer be able to make use of email support. Additionally you’ll be limited to one device type, computer or phone. Which one you’ll be limited to will depend on which device type you’ll use LastPass on March 16th.

@Sensei
link
77M

They really fucked me with this. The entire reason I migrated from Keepass last year was for the shared database on mobile and PC.

@haych
link
67M

swap to Bitwarden

Bilb!
link
57M

And if you’re self hosting, consider using bitwarden_rs. It’s a drop in replacement for the official Bitwarden server. I used to use regular bitwarden, but it was pretty resource heavy for a single person, and it’s nice having just one docker container instead of… four?

@techbolt
link
57M

Much like everyone else has said switch to bitwarden. I did that two years back and its fantastic. It also has an import tool to get all your data migrated from lastpass so it will be fairly simple move to be honest.

@Sensei
link
57M

Absolutely, I play on migrating to Bitwarden this weekend, it looks like a great product.

They even have a KB article explaining how to migrate:

https://bitwarden.com/help/article/import-from-lastpass/

@someone
link
47M

You could’ve used syncthing…

@semenlogistics
link
47M

if they don’t have an iPhone they can. last time I checked there was no SyncThing client for ios.

@someone
link
17M

I’ll be optimistic and assume they don’t.

@decaprecated
link
47M

Definitely look into Bitwarden, it syncs between phone & computer, you can host the sync server yourself but especially if you’re used to lastpass it just works.

@roastpotatothief
link
27M

Where we’re going you don’t need databases. Try the lesspass way.

@Sensei
link
27M

Not sure what you’re trying to say here. Do you use the same password for multiple sites? I have unique passwords all over the place, so trying to remember passwords without some kind of tool is impossible.

Adda
link
3
edit-2
7M

With Lesspass, you have only one password to remember, but for every website (every account) Lesspass generates a unique password from your single password to Lesspass and the website itself (and your login to that website). Therefore, you need no sync at all as Lesspass only computes the password from the given input (even offline). It might just be a bit problematic with having to remember logins for every site. Changing the password for a single website is a bit tricky too.

@roastpotatothief
link
47M

The ELI5 version: take your master password for all sites, take the name of the site, scramble them together. This is your password for that site.

Lesspass does this for you but there are other ways too. You should find it more convenient and more secure.

@metalxt
link
17M

How does this handle the inevitable case of site requiring password rotation? How does this handle password strength/composition rules? (theres so many stupid ones!)

@roastpotatothief
link
17M

You’ll see if you go on the website. All you ask for is right there, and more.

@lps
link
17M

Is there anyway to back this up, is it necessary in the case you lose a phone/device etc?

Adda
link
27M

What do you want to backup? There is the master password, but that is it. Nothing more. You have to remember the master password, the website you were using, and possibly the login to that website, but there are no more passwords to backup. The algorithm to generate the password is the same for all of the passwords.

@lps
link
37M

Okay, I get it, but what happens if your master password is compromised? I assume all of your passwords would need to be recalculated.

Adda
link
17M

Sorry, I didn’t understand what you were asking about earlier. Yes, exactly. That is the reason why I don’t use Lesspass. From what I know, you would have to change the password for every single website to ensure no one guesses your login used by some website, and consequently, with your leaked master password, has access to that particular site.

@roastpotatothief
link
27M

His could someone ever get your master password though?

And i think it’s the same for lastpass. If someone (somehow?) gets your lastpass login details, you have to change them, and also change all your other passwords.

Adda
link
1
edit-2
7M

It’s not so easy for sure, but still I feel it is much easier to change the master password to your database as well as other passwords, when you actually can change every password to every side individually (which you would have to do with Lesspass too) or not at all, if the site is not important enough right now. With Lesspass, you would have to remember both the old and the new password to be able to change the site’s passwords. It just seems safer to me this way. But you are right about it being difficult to get to a very sophisticated master password anyway, the same for the second point, I’d guess. When someone gets your Lesspass password, they have access to everything for sure. With, in my case, Bitwarden, there is possibly a chance it might be harder to get to the individual passwords one after the other. It is a bit more tedious to work with it, not just calling the algorithm at different websites to see whether you use these. But this is an interesting though.

@roastpotatothief
link
26M

I didn’t think if that - with a password manager, the attacker who gets your master password also gets a list if all the sites you use, and all your username/password pairs for each site. With lesspass or similar, he needs to guess which sites you use, and your username, before he can do anything.

But i still don’t see this as an important threat. There are other threats and inconveniences which IMO are bigger, and which the lesspass model mitigates.

Adda
link
2
edit-2
6M

You are right, when your master password gets stolen, the attacker doesn’t know which sites under which usernames you use, but it is not so hard to get to this information in these days, I’d say. Still, once the password is stolen, you won’t just say “Oh, nobody knows my username for sure, so I won’t bother changing it.” and I find the process of changing passwords much easier with a standard password-username-site database. And for sure, Lesspass solves other issues, but with all of its quirks / security features, Lesspass doesn’t interests me that much.

Adda
link
1
edit-2
7M

I am using Bitwarden as I find the standard database system more convenient yet still secure enough. Somehow, I still cannot believe myself with Lesspass. Otherwise, Lesspass is a fantastic “password manager” for sure.

@glennsl
link
14
edit-2
7M

deleted by creator

Subscribe to see more stories about technology on your homepage


  • 0 users online
  • 44 users / day
  • 77 users / week
  • 165 users / month
  • 465 users / 6 months
  • 3243 subscribers
  • 1495 Posts
  • 3808 Comments
  • Modlog