1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Manager Recommendations

Discussion in 'Windows & Other Software' started by WuMyster, 23 Nov 2016.

  1. ChrisD.

    Caporegime

    Joined: 20 Sep 2006

    Posts: 27,073

    Why pay when LastPass is free?
     
  2. Stoner81

    Wise Guy

    Joined: 8 Jul 2010

    Posts: 2,246

    Location: Derbyshire

    Originally mobile support was for those who paid only, things have since changed, personally I don't mind paying it it is a bargain to begin with for something that I could not live without now so I have no qualms about sending a few pounds a year to keep them running :)

    Stoner81.
     
  3. edscdk

    Soldato

    Joined: 17 Jul 2008

    Posts: 7,210

  4. KIA

    Man of Honour

    Joined: 14 Nov 2004

    Posts: 13,620

    Restore from backup/snapshot.
     
  5. lmfy2k

    Soldato

    Joined: 12 Feb 2004

    Posts: 6,965

    Location: Manchester

    Been a Lastpass Premium Customer for ages, its time for my renewal and its gone up from 12USD to 28USD!

    guess it was going to happen eventually :/
     
  6. ChrisD.

    Caporegime

    Joined: 20 Sep 2006

    Posts: 27,073

    Just use the free option.
     
  7. Glanza

    Capodecina

    Joined: 13 Mar 2007

    Posts: 11,048

    Location: South Yorkshire

    Is anyone else having issues with Lastpass this evening? Mine doesn't want to save passwords for new sites and the addon is popping up with sorry error while attempting to connect to server.
     
  8. kindai

    Sgarrista

    Joined: 9 Aug 2013

    Posts: 7,931

    Location: Bromsgrove

    Fine here
     
  9. Glanza

    Capodecina

    Joined: 13 Mar 2007

    Posts: 11,048

    Location: South Yorkshire

    Seems to be a issue with Firefox 57 from what little info I can find on their forums.
     
  10. Spacedeck

    Mobster

    Joined: 14 Sep 2007

    Posts: 3,197

    Location: West Yorkshire, England

    When did this change? This was my #1 reasoning for buying LastPass for the time I've been using it. Now I have the ability to use LastPass on my phone and my PC for free? That should save me some money after it expires in 5 months :D. In the time I've had LastPass, I've never used any of the features that they now class as premium.
     
  11. Pho

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 9,240

    Location: Derbyshire

    Since November 2016 :)
     
  12. Zbornak

    Wise Guy

    Joined: 12 Jan 2010

    Posts: 1,879

    Yes, I am getting the same message in Chrome.

    Reinstalling the application has generated a question that I wanted to ask on here...

    During installing a dialogue has popped up saying that LastPass has the "following usernames and passwords stored insecurely on my system". There are dozens of websites and they all appear to be from Chrome's autofill and a few from IE. I was clueless until now, but I take it things like Autofill are not encrypted if LastPass can find them during an installation?
     
  13. El Pew

    Wise Guy

    Joined: 1 Sep 2009

    Posts: 1,064

    Passwords stored by Chrome are stored in an SQLite file in your Windows profile. It's trivially easy to extract passwords from this file, I have a test application that will dump all of them out to a text file in about 5 seconds. IE and Firefox use slightly different approaches but again it's trivially easy to extract credentials from them. The same goes for other applications which store passwords like Putty, FileZilla, WinSCP and that kind of thing.
     
  14. Zbornak

    Wise Guy

    Joined: 12 Jan 2010

    Posts: 1,879

    Oh dear, that's not very secure. But I suppose without physical access it's not very easy unless the OS is remotely accessed.
     
  15. El Pew

    Wise Guy

    Joined: 1 Sep 2009

    Posts: 1,064

    The danger with Chrome is that it syncs between every browser that you sign-in to with your Google account. So if you go to a friend's house and borrow their laptop, sign in to Chrome with your account...now all your passwords and credit card details are stored on that laptop. It's an even bigger problem if you use the same Google account on your personal and work machines - potentially you could have business credentials on your personal device and personal credentials on your work device. It massively increases the attack surface.

    I'm not a big fan of LastPass (it's an insecure piece of crap with multiple documented and exploited security flaws) but it's certainly better than just relying on Chrome alone.
     
  16. ChrisD.

    Caporegime

    Joined: 20 Sep 2006

    Posts: 27,073

    This nonsense again. :rolleyes:
     
  17. El Pew

    Wise Guy

    Joined: 1 Sep 2009

    Posts: 1,064

    The only 'nonsense' last time around was you defending LastPass without providing anything to back it up.

    The key vulnerability of LastPass is the 'last mile', where it has to decrypt the password and inject it into a web page. Time and again the browser extensions of LastPass have proved hilarious insecure, it's been surprisingly easy to trick it into injecting the password into a webpage with a URL crafted to look enough like the true URL. LastPass claimed to have fixed it, only for the exact same vulnerability to be found again a few months later. LastPass themselves harp on about their awesome cloud encryption or whatever, but it's totally irrelevant in this sort of vulnerability.

    Fundamentally, the LastPass architecture is broken because the browser extension is 'reactive' rather than 'proactive' - this is, it reacts to the appearance of a web page and injects the credentials. A much more secure method would be for LastPass to enforce a 'proactive' process by having the user click on a link within LastPass, which is configured to trigger the correct URL only. Other password managers do exactly this, but LastPass don't.
     
  18. jpaul

    Capodecina

    Joined: 1 Mar 2010

    Posts: 15,519

    the current spectre discussion seemed a good reason to revive this thread, theoretically should make all these password systems vulnerable ( excepting dual factor authorization ?)

    per this reddit article
    good description of how exploit works, BBC do not even attempt an explanation.
    The spectre paper it references (if you are into up architecture) even has prototype java script to take the passwords from chrome.


    [had wondered if this would impact aacs key's for uhd blu-rays, but seems these have been breached]
     
  19. ddoubleep

    Gangster

    Joined: 5 May 2017

    Posts: 437

    Location: London

    Is anyone using Enpass? I have never used a password manager before but need something to collate all the family logins, notes and important information. The new beta of Enpass 6 looks good. It also allows sync to mobile devices for a one off fee.

    Anyone using it to give long-term feedback on it?

    I did take a look at Lastpass and 1Password but this could do the trick.
     
    Last edited: 26 Oct 2018
  20. ChrisD.

    Caporegime

    Joined: 20 Sep 2006

    Posts: 27,073

    Nope, used Lastpass for years and it does all of the above, I've never had an issue with it so don't see any reason to change.