LastPass

[Raumarik]

Keepass is great but only if you have a more secure PC/USB stick than Lasspass's servers. I use Lastpass but mostly as it has the mobile app which makes life a heck of a lot easier when using a tablet, open it up, click the site I want - off we go. No logging in. Cost is $12 a year I think, easily worth the money.

Mostly used on my desktop though, I did use Keepass for a long, long time and it took seeing Lastpass at a mates house to convince me to swap over.

I read a lot of reviews for Lastpass before moving to it, the security isn't a huge concern to me compared to having it stored locally (even on a bitlocker enabled PC etc). As the benefits are rather spectacular It's the age old risk assessment!

 

[Antar Bolaeisk]

It seems to be a password vault that synchronises across all devices meaning you only need 1 password and then all the other site passwords are remembered. Seems pretty interesting - but just another bit of software to install. However, it's better than keeping a file with all the site passwords and better than having 1 password for everything which I know some people do.

It also has a feature where you can share access to something without having to give up the password (provided the other person also has a lastpass account). I've found it to be a very useful piece of software.

 

[thenewoc]

Same people that are now behind xmarks since they bought the company some time back. Another great product, allows you to sync your bookmarks across various browsers, including open tabs.

 

[CaptainCrash]

Hmm, now I still use KeePass as I like the idea of not leaving the files up on someone else's cloud service. I'd be concerned that if lastPass has a security breach someone could potentially have access to a file with ALL my passwords, login IDs etc in one hit. With KeePass it's on local storage so as well as cracking the file they'd have to physically have the hardware/login etc.

Perhaps I'm being over cautious, last time I looked at this was a while back when Lulsec were breaching online user lists/passwords files left right and centre.

Have things moved on?

Well, everything is encrypted/decrypted client-side, so it should be pretty secure. There was in fact a possible security breach at LastPass a couple of years ago, although it was never confirmed... however, it seems only users with weak master passwords would have been at any appreciable risk.

I suppose those of us who aren't security experts do need to take these things on trust to some extent... to me, the extra convenience is worth the *probably* minimal risk of the master password database being successfully hacked and its encryption broken, but I do understand why some people may feel a bit wary.