Password Manager Discussion.

Yes, but last year another serious problem was fixed in the LastPass Chrome extension. It's just too risky for my taste. And I also wonder how secure browsers own password managers are.

 

More white/black hat hackers targeting lastpass better it will get for the end users. From this point of view LastPass is one of the most targeted.

 

Yes, it's like the Google hacking competitions; get the best people to try and break the software, then fix it if they do

 

Tavis Ormandy ‏@taviso 20m20 minutes ago

Tavis Ormandy ‏@taviso 22m22 minutes ago

 

... and 1password? He made an announcement to impress and then silence

 

Tweet him to remind him about that. I've asked him to check Enpass and Enpass tweeted him that they also wanted that.

 

I was going to... but I see many did the same and the answer was:

 

Hey there. I haven't kept up with password managers hardly at all lately. Been using Keepass, but it's gotten to the point where I have to include something else. What's the general consensus on the top tier password managers with cloud capability? Or at least your personal opinion of the top tier. I've used LastPass in the past before the ownership changed hands, but I get the impression from skimming that they're still the top dog, or close to it. The question is for everyone else here too. I'm not looking to start an argument, just looking for objectivity, and forgive me for not reading through the whole thread.

 

Norton Identity Safe works for IE and Chrome, FF and Edge soon. However it is limited to those browsers only.

 

With cloud capability still lastpass is one of the solid choices possible. But with such generic question you may get the usual long list of suggested alternatives to lastpass

 

I started with LastPass Premium long ago and have yet to see anything better. It's cloud based so passwords sync across devices, supports all of the top tier browsers, fully supports two factor authentication (TFA) and costs only $12/year for a subscription. The free version also supports TFA. The only other product I've heard of that is a serious competitor is DashLane. I haven't tried it though because they want $39/year for a sub.

 

Thanks for the feedback.

 

You should look at Enpass. It'll sync with the cloud of your choice or as I've done sync with a folder on your desktop - I have the encrypted file on a thumbdrive so I can take it with me if need be.

It fills in some sites I had issues with using LastPass but it won't fill in 'remember me'. Free for the desktop and there is a paid version for mobile I believe. I have completely moved away from LastPass. I used both for a couple of months to make sure I had all the right passwords from import and to make sure it was worth switching.

 

Interesting! Could you explain why you consider Enpass superior over Lastpass?

EDIT: As a Linux user I hesitate to download a binary which is not open source. So there should be clear advantages compared to Lastpass.

 

I never said it was superior to LastPass did I? Just personal preference to keep my passwords stored & encrypted on my box as opposed to the cloud. Enpass is, imo, a lot more polished than Keepass which I've tried before.

 

Sorry, my fault! That was my interpretation as you said that you "completely moved away from LastPass" and that you made "sure that it was worth switching". But I still don't understand why if Enpass is not superior?

 

Your interpretation was wrong. I'll repeat that I wanted to have something on my box and that I could take with me. I would never have been on LastPass in the 1st place if Keepass wasn't so clunky (that's my take on Keepass not a dig at it).

 

Okay, I give up - I just quoted you literally. I still think that if you chose Enpass for this "something" on your box it must have had some advantages compared to Lastpass in your view. But if you don't want to answer this question, it's okay for me.

 

If you need to have offline access and local database you could simply use lastpass portable or lastpass pocket. https://lastpass.com/misc_download2.php

 

I don't want anything to do with Logmein. I don't trust Logmein. The 4.0 interface sucks. Those are my opinions as opposed to factual based so I'm not interested in debating them.

 

It's still Logmein.

 

So the issue is not portability but open source. Of course lastpass is not open source, never been. Are you able to audit the enpass code and compile it? If yes than I follow you! Otherwise there is no way for you to check that there is nothing wrong unless trusting third party auditing..

P.S. If you are in coding... then you can get open source lastpass here:
https://github.com/LastPass/lastpass-cli

 

If I use LP portable or LP pocket where does the data come from when I fill in using the extension? Enpass does not use the cloud at all, unless you want it to, just what is local .

That 'is it open source' was sarcasm (which I removed) because it was used as a reason not to use Enpass by Summerheat which you apparently didn't feel a need to respond to.

 

https://helpdesk.lastpass.com/lastpass-on-the-go-2/

 

It still syncs to the Logmein cloud.