Best 'encrypted' password manager for browsers (chrome/firefox/IE)?

Gangster said:
Ok so I've just tried LastPass and thought Google Auth was a good idea.

Only problem is, every time I login to a site to 'retrieve' my new random passwords, it doesn't ever ask for the Google Auth code and only asks for the master password?
Click to expand...

It's probably because the local device is marked as trusted.
 
Yup, I saw that but I didn't tick it because I want it to ask me everytime yet it continued as if I had ticked it.

Being OTT I know, but that way if worse case scenario I had a keylogger - then by them needing to use Google Auth every time would mean that they couldn't use it...

Thoughts on why it might not be letting me do that, or if what I want is possible?
 
Not sure - mine asks me every time.

The only thing I can think of is that the Google Authenticator pairing may have failed - might be worth re-doing it.



M.
 
FFS this again about Lastpass when are people going to learn how it frickin' well works!

Lastpass stores your data in a local file on the device which is then encrypted using AES-256 encryption and this encrypted file is sent to their servers. Lastpass can not give your details to anybody even if they were ordered by a court order to do so because they do not store the data required to login. When you enter your username and password to access your data that only happens on the device you use so it is never ever transmitted to the Lastpass servers.

Steve Gibson himself did a video review of Lastpass which is over an hour long and he pulled it apart at the seems to the point of him asking Lastpass about something and they set up a web page to specifically answer his question (I think it was about the hashing process).

I have been using Lastpass now for 5 years and not once I have felt my data was insecure.

Stoner81.
 
Last edited:
Gangster said:
Hey all

I know this was a while back, but finally got round to trying out KeePass.

I've done several entries, however I notice if i copy and paste the password it appears as asterix's in the password entry however when pasting it into word, notepad etc it literally pastes the password.

Might sound stupid, but how is this secure? Also, does KeePass pop up when you're at a login stage or do you need to manually open it, enter database password and then copy and paste what you want there?

Edit; looking at 1password and lastpass but don't like the idea of it syncing anywhere - want it locally really.
Click to expand...


Not sure about the notepad thing, sounds normal to me while keepass is working and running it will not show the passwords unless u unhide them to copy n paste it elsewhere.

Yes you can use keefox here it will integrate with firefox and allow easier logins to your websites etc

http://keefox.org/



Halfmad said:
Those moaning about Lastpass, then go store their keypass data on cloud - negating any claim about it being more secure as it's local.

If you want properly secured don't have a computer on the internet, anything else is a risk, accept it and move on. Lastpass is still IMO the best solution for those needing a secure platform, or ideally stop using Windows and move to Linux too.

I'm not knocking Keypass, I'm simply stating how silly some of the arguments against Lastpass are.
Click to expand...

Not myself ;) but yeah I see your point sounds bit funny storing it on cloud/torrent sync or drop box when lastpass/dashlane available.

Personal preferences suit each other as always can't go wrong with any really.
 
Last edited:
Stoner81 said:
FFS this again about Lastpass when are people going to learn how it frickin' well works!

Lastpass stores your data in a local file on the device which is then encrypted using AES-256 encryption and this encrypted file is sent to their servers. Lastpass can not give your details to anybody even if they were ordered by a court order to do so because they do not store the data required to login. When you enter your username and password to access your data that only happens on the device you use so it is never ever transmitted to the Lastpass servers.

Steve Gibson himself did a video review of Lastpass which is over an hour long and he pulled it apart at the seems to the point of him asking Lastpass about something and they set up a web page to specifically answer his question (I think it was about the hashing process).

I have been using Lastpass now for 5 years and not once I have felt my data was insecure.

Stoner81.
Click to expand...

That is excellent information was not aware of this, so they still require your file onto their own servers just to unlock data?

I would prefer lastpass allowed no contact with their side or server and did all the work local at least their competitor dashlane offers such a service.

Keepass no registration, no contact with website or server all done locally I love it:)
 
R3X said:
That is excellent information was not aware of this, so they still require your file onto their own servers just to unlock data?

I would prefer lastpass allowed no contact with their side or server and did all the work local at least their competitor dashlane offers such a service.
Click to expand...

I think you have a couple of features muddled a little so let me try to explain it for you...

When your data is sent to Lastpass it is done so in an encrypted form using AES-256 encryption. The server is not required to decrypt your data since the file is stored locally on your device, the decryption and encryption process only happens on your device and not on their servers. Whenever you change a password or add a new one etc then the new data is updated in the local file and then is sent to them for syncing reasons, this is how you can log in from anywhere and access your data.

Lastpass can generate single use passwords for you to use to access your vault if you are unsure about accessing it on another computer, once it is used and you log out the password is no longer valid.

All of this information is on their website it might just take a while to dig up since the site has changed a lot over the years. Before I started using it I was sceptical to say the least and spent about 3 hours going through their site and reading up on everything.

Here is the Steve Gibson video I mentioned earlier.

https://www.youtube.com/watch?v=r9Q_anb7pwg

Stoner81.
 
Gangster said:
Yup, I saw that but I didn't tick it because I want it to ask me everytime yet it continued as if I had ticked it.

Being OTT I know, but that way if worse case scenario I had a keylogger - then by them needing to use Google Auth every time would mean that they couldn't use it...

Thoughts on why it might not be letting me do that, or if what I want is possible?
Click to expand...

Only a trusted computer can access it?

3o1SX9b.jpg
ruPR0rS.gif
 
Stoner81 said:
I think you have a couple of features muddled a little so let me try to explain it for you...

When your data is sent to Lastpass it is done so in an encrypted form using AES-256 encryption. The server is not required to decrypt your data since the file is stored locally on your device, the decryption and encryption process only happens on your device and not on their servers. Whenever you change a password or add a new one etc then the new data is updated in the local file and then is sent to them for syncing reasons, this is how you can log in from anywhere and access your data.

Lastpass can generate single use passwords for you to use to access your vault if you are unsure about accessing it on another computer, once it is used and you log out the password is no longer valid.

All of this information is on their website it might just take a while to dig up since the site has changed a lot over the years. Before I started using it I was sceptical to say the least and spent about 3 hours going through their site and reading up on everything.

Here is the Steve Gibson video I mentioned earlier.

https://www.youtube.com/watch?v=r9Q_anb7pwg

Stoner81.
Click to expand...

thanks for the info will check out the vid do like lastpass so will bear in mind for now keepass does it all and well more so with the newer updated version:)
 
You must log in or register to reply here.
Back
Top Bottom