Keepass password safe?
- Thread starter beachBOYken
- Start date
- Joined
- 18 Feb 2007
- Posts
- 13,396
- Location
- London
well I'm now using lastpass but just the free version, I'm not to fussed about any security concerns, if any, as I'm only using it for forums like this and sites that have none of my bank details.
thanks for the help guys
thanks for the help guys
well I'm now using lastpass but just the free version, I'm not to fussed about any security concerns, if any, as I'm only using it for forums like this and sites that have none of my bank details.
thanks for the help guys
No worries and welcome to the wonderful world of Lastpass! The premium version is only needed if you need it for mobile platforms like your smartphone, tablet etc. Everything else you get in the free version
it's one of the many reasons why I like it so much (and I've paid for it).Stoner81.
Use to love using lastpass I found it way more easier and lazier, keepass is great but it does not auto login on websites, maybe I just aint tweaked it right though.
It auto fills and then I have to hit login etc, it also fails on ebay and few other odd sites I visit regularly not a biggy but a quick refresh or hitting the detect forms keepass button it detects it.
The only reason why I kept keepass is the file with all my passwords or life as we know it is stored locally where no one can get at it !
But if I understand the above, the file is encrypted on last pass servers and only decrypted on your Pc side ?
I guess the thought or idea of an American company which is NSA bound having access to your encrypted file is off putting.
It auto fills and then I have to hit login etc, it also fails on ebay and few other odd sites I visit regularly not a biggy but a quick refresh or hitting the detect forms keepass button it detects it.
The only reason why I kept keepass is the file with all my passwords or life as we know it is stored locally where no one can get at it !
But if I understand the above, the file is encrypted on last pass servers and only decrypted on your Pc side ?
I guess the thought or idea of an American company which is NSA bound having access to your encrypted file is off putting.
It'll learn as you browse the sites and enter passwords (or the browser auto enters them), likewise if you go onto any site it doesn't know about and register there's always an option to generate a password for you.
It wont' try to log into a site until you've done it once and told it to remember the password
It wont' try to log into a site until you've done it once and told it to remember the password
You are nearly right, I think you got your wires crossed somewhere
Lastpass stores a copy of your encrypted data on your PC, when you "login" through the plugin the process then decrypts the data you have stored so you can access all your logins and all your other data. When you make any changes to the file your PC stores is then encrypted and that encrypted file is sent to the Lastpass server. The encryption and decryption processes only ever occur locally on your PC, so your master password is never sent directly to Lastpass.
That doesn't make any difference, your email address and master password are hashed which is a one way process. It is mathematically infeasible to go backwards. Even if Lastpass were ordered by a court to hand over your data that data is still useless because only YOU have the key to unlock it. Lastpass never know what your master password is because by the time you login that password has been hashed so it looks like gibberish.
If you install Lastpass to say Firefox and that is where you have all your current passwords stored Lastpass will offer to import them all in to Lastpass and disable the built in password manager in your browser.
Keepass I have no idea on since I have never used it.
Stoner81.
Last edited:
Thanks for clearing that up, do you use xmarks also in conjunction with last pass?
I found xmarks pretty cool at least I always had my bookmarks always backed up daily, I wonder though if that was in the same principle as last pass is perhaps its encrypted xmarks server side.
I found xmarks pretty cool at least I always had my bookmarks always backed up daily, I wonder though if that was in the same principle as last pass is perhaps its encrypted xmarks server side.
http://www.xmarks.com/
Its pretty cool, same company as lastpass owns it
Just checked does not seem to have any encryptions in place, perhaps due to the way bookmarks works in browsers I guess.
But yeah mozbackup does a good job, I think I found an ff addon which auto backs up the bookmarks to a specified folder.
http://softwarebychuck.com/febe/Welcome pages/FEBE8welcome.html
Its pretty cool, same company as lastpass owns it
Just checked does not seem to have any encryptions in place, perhaps due to the way bookmarks works in browsers I guess.
But yeah mozbackup does a good job, I think I found an ff addon which auto backs up the bookmarks to a specified folder.
http://softwarebychuck.com/febe/Welcome pages/FEBE8welcome.html
Last edited:
Just to also add to Lastpass, I have used it for years and my company also uses it for site passwords we pay for the business side which allows to sync passwords across accounts so when we are working on sites we never have to bother other people and get them to send it over email or skype.
I do love lastpass, saves me hours of time in my job
I do love lastpass, saves me hours of time in my job
This is the most secure solution.
I tried using Keepass but found that it didn't tick all the boxes. As an example my bank needs username, password and then three letters from a memorable word. Lloyds Clicksafe needs you to remember a sentence and letters from a memorable word, likewise Barclaycard.
I now use AX Crypt. I created a simple word table document for all passwords, user names etc. I'm able to enter which email address I use with each site etc etc
Additionally I try to make passwords esoteric only to me eg, I might use "Slaughterh0use5" as a password, but written in my table I'd enter "abattoir3+2" followed by "zero". Reminding me I've substituted "o" with "0"
With AX Crypt you only need to remember one password in your head.
I now use AX Crypt. I created a simple word table document for all passwords, user names etc. I'm able to enter which email address I use with each site etc etc
Additionally I try to make passwords esoteric only to me eg, I might use "Slaughterh0use5" as a password, but written in my table I'd enter "abattoir3+2" followed by "zero". Reminding me I've substituted "o" with "0"
With AX Crypt you only need to remember one password in your head.
Use the Notes part of KeePass.
Just to also add to Lastpass, I have used it for years and my company also uses it for site passwords we pay for the business side which allows to sync passwords across accounts so when we are working on sites we never have to bother other people and get them to send it over email or skype.
I do love lastpass, saves me hours of time in my job
Just tried the personal version and it's well conceived.
Only problem is that it doesn't work with apps that require a login (origin/EA games etc....)
Also the mobile version is unique which is a pity they don't have a family version for mobile....
I suppose for 12€ per year though can't complain.
Last edited:
KIA - If my memory serves me well, I seem to remember that when I tried KeePass albeit years ago, that when I'd tried pasting passwords from KeePass via the clipboard that some sites wouldn't allow pasting?
At the time I liked the look of the program, especially where it generates passwords etc but just found it too difficult to use. I think the program was beyond my capabilities.
I've updated Keepass and had another look at it. I might use it in conjunction with my AX Crypt Windows table to generate a much safer password to AX Crypt itself. Thanx
At the time I liked the look of the program, especially where it generates passwords etc but just found it too difficult to use. I think the program was beyond my capabilities.
I've updated Keepass and had another look at it. I might use it in conjunction with my AX Crypt Windows table to generate a much safer password to AX Crypt itself. Thanx