KeePass or LasPass?

LastPass is outstanding. With the amount of passwords I have to remember it does a great job. I really think it's one of the best security extensions you can get. I used to feel nervous about using it when I first heard of it, I didn't really see the point but it's only from using it you can appreciate how good it is.

 

Use KeepassX

It's cross platform, and free.

http://www.keepassx.org/

 

Could not the same be said about the giant Microsoft?
Spending their time keeping your info safe, and with much greater resources than you?
Think how often their code is exploited.

 

Your post doesn't make sense for me.

 

Lastpass with Google Authenticator ftw. Didn't bother paying for it on mobile, just use bookmarklets.

 

Even if the IT staff at lastpass were awful it wouldn't matter. Encryption happens locally - they can lose the database and it won't change that no one's getting the info inside it.

I too use Google Authenticator. I feel very secure with it, especially since I can increase the PBKDF2 rounds substantially, well past 70,000.

 

This is the smart way to do it. Don't trust cloud based password systems, they are an accident waiting to happen. I use a similar system as you.

Also, you could use Cloudfogger and not worry about the database, because it would automatically encrypt everything on any cloud storage you used, from any machine.

http://www.cloudfogger.com/en/home/screenshots.aspx

 

Hello Wild Hunter,
xxJackxx said, "I'm sure the IT staff at LastPass spends 100% of their time keeping my info safe. Even though they are a huge target they have much greater resources than I do.
My comment is that the same could be said for MS, x10 or x100.
MS spends their time keeping info safe, and they have far greater resources than individuals, no?
If this is xxJackxx's basis for aligning with LastPass, I wish to remind him how often all these MS employees working to keep our info safe, and who have practically unlimited resources, release exploitable code.
I don't believe his stated basis for relying on LastPass is all that valid.

 

I absolutely love LastPass.

 

xxJackxx didn't make the comparison with Microsoft, "Page42" did. Regardless of whether or not you feel the staff at LastPass are keeping data safe that data is encrypted locally - on the user's computer - beforehand. AFAICT cracking 256bit AES is not trivial. Two factor authentication, such as Google Authenticator, raises the security level even more. When assessing security you have to take into account the burden you place on yourself and the likelihood of making mistakes. How much "attack surface" does your own process have? Statistically is it more likely that your computer will be stolen than data from the LastPass servers will stolen? I'm inclined to believe the answer is "yes", but I get that security in part is subjective. You have to believe that what you're doing is good enough and if LastPass doesn't make you feel safe then it's not the solution for you.

 

Same here.

 

Right you are, "Victek123".
As stated here...

and here...

Evidently the comparison was not a good one, as I appear to be the only one who "gets it". Consider it withdrawn.

 

Actually I did get it and generally I agree Believing that Microsoft, or any other company, will never make a mistake with data is magical thinking. If it were not for local encryption I would not trust the LastPass cloud model with my passwords. But because there is encryption and because over all I feel LastPass offers more security and convenience than I can create for myself - in particular synchronization across devices - I use it.

 

I use both.

 

The irony, you trust something like CloudFogger, but not LastPass.

 

I don't trust anything in the cloud. In fact, I don't trust anything. So I use redundant methodologies. So Cloudfogger encrypts the database, sends it out. Then you still retain the passkey and keyfiles, or you can encrypt the keyfile itself and send it out on different channels, while still retaining the passphrase to access either/or.. There are ways to do this that are very fast and simple, yet highly secure.

 

I have used Lastpass for a couple of years, but since a few months I switched to Keepass.
The driver was to have an open source software.
My personal view is:

Lastpass is superior because of backing up your stuff more easily and also it's better to use on other PC's, since you can log-in and retreive your stuff.
However it's a bit annoying in some function like Autofill or when it tries to put some passwords in the wrong field or at wrong time (for example when changing passwords).
Keepass is more customizable, very easy/comfy to use with FF and Chrome, less with Opera and IE.

Overall, I stick with Keepass.

 

This has nothing to do with Microsoft. LastPass specializes in password management. It is all that they do. I expect they are pretty good at it.

 

How would you go about this in practice? For example, suppose I have the following items with weak passwords: MS docx file, rar file, gmail account, and truecrypt container. What program would I use to crack them, and how, especially with the rainbow tables? I don't want to use this maliciously, but I want to crack some passwords myself (my own passwords) to get an idea of how easy or difficult it would be to crack something in practice so I can better understand the security risks for myself. (Also, I'd like to know the procedure for the occasional password recovery - for example, a former boss of mine once forgot his password and asked if it would be possible to crack the file open, and the same happened with my father).

fwiw, my NVIDIA card supports CUDA and can therefore be used with programs like GPU Bruteforcer and I have 16 GB of ram (to use with rainbow or other tables).

 

And were I you, I'd expect that too.

 

Google is your best friend.