Browsers' password managers vs KeePass? (when auto-entering passwords)

[TOMxEU]

Well it happened over years, that was one the reasons, why I picked Keepass over Laspass at that time. Security triangle applies (security - functionality - easy of use).

[tlu]

Quote:

Originally Posted by TOMxEU

Well it happened over years, that was one the reasons, why I picked Keepass over Laspass at that time. Security triangle applies (security - functionality - easy of use).

You still fail to provide any evidence for your claim. The only case I'm aware of happened in April/May 2011 and was explained in detail in this Lastpass blog post.

The most important point is: Since the Lastpass master password is not stored on their server but only on your computer (and encryption/decryption is only done on your computer), your data was not in danger unless you had a weak master password which was prone to a dictionary attack.

The other important point is that Lastpass introduced several crucial steps since then to improve their security like implementing PBKDF2, CSP etc.

[happyyarou666]

evidence ?, you dont need evidence just some common sense , password databases get hacked daily , sure files may be encrypted but still its sure as hell not worth it if you cant revover them, no offense , but it shouldnt even stand to debate , storing ones passwords locally vs online,

be it encrypted or not , sorry , thats unless you really dont have high risk passwords in use , then it doesnt matter if you store them online , sure its up to each individual how he handles his security ,once again , i sure as hell wouldnt use the cloud storage/online service model , sorry

[tlu]

Quote:

Originally Posted by happyyarou666

evidence ?, you dont need evidence just some common sense , password databases get hacked daily ,

I requested evidence for TOMxEU's specific claim that the "LastPass database has been hacked at least 3 times and accounts stolen".

Quote:

sure files may be encrypted but still its sure as hell not worth it if you cant revover them,

What are you talking about? If you were familiar with Lastpass, you would know that an encrypted copy of your data is also stored locally on your computer. Thus, if the Lastpass server is hacked or not accessible or Lastpass is even bankrupt you would still have access to your passwords.

Quote:

no offense , but it shouldnt even stand to debate , storing ones passwords locally vs online,

No offense, but it's rather obvious that you're not familiar with Lastpass.

Quote:

be it encrypted or not ,

Ah, I see, it doesn't make a difference to you if the data is encrypted (with AES-256 in the case of Lastpass) or if PBKDF2 is used.

[happyyarou666]

its been a while since ive used lastpass , so i might be a bit rusty , since last time ive used it it wasnt so, so an encrypted copy is stored on your pc , thats good to know ,and of course it makes a difference in that context if you use aes256 or pbkdf2 -.- , still gona stay with offline password databases instead thou, like keepass ,i dont trust companys with my passwords simple as that , encrypted or not , doesnt give me a good feeling, even when its "uncrackable" , wich you dont know , lastpass isnt opensource thus cant be reviewed, and have you checked if theres any backdoors lately , im certain you havent