Password Manager Discussion.

Discussion in 'other software & services' started by Mayahana, Jan 28, 2015.

  1. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,163
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,840
    Location:
    Cape Town, South Africa
  3. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,162
    The KeeFox add-on is only available for KeePass 2.x (KeePass Plugins)
     
  4. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,278
    http://keepass.info/compare.html

    I really don't see the point of using the Classic edition.

    Remeber to use Keepass 2 with Secure Desktop for Master password and Auto-type obfuscation.
     
  5. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    70
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,695
    Location:
    Slovakia
    I guess, they keep it alive, because it does not require NET Framework, which is being used by malware just like powershell. Whenever it is worthy is up to the user.

    Because it might prevent the stupid malware from getting your real password. AVs have problem detecting zero day malware, but this method gives at least some protection against them.
     
  7. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,278
    http://keepass.info/help/kb/sec_desk.html

    AND:

    http://keepass.info/help/v2/autotype_obfuscation.html

    This is perfect? No. But does it bring me any disadvantages to use? Neither.

    As I don't have any incompatibility issues using this options, I don't see why I wouldn't use it.
     
  8. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    902
    Is there any reason why one should use that add-on at all considering that auto-type works very well? I for my part don't miss it.
     
  9. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,162
    I don't use the plugin too.
    Using a plugin can be "more convenient" for some people (automatic login,etc.), but using Auto-type ("Perform Auto-Type - Ctrl+V") is sufficient and works well.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,133
    Location:
    The Netherlands
    Yes of course, but I personally use only one PC, and never log in to important sites on other PC's. But we all know that browsers aren't really that safe for storing passwords, malware can easily steal and decrypt passwords. A simple password manager like RoboForm should have been implemented by browser makers long ago.
     
  11. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    663
    Location:
    United States
    A couple of new LastPass exploits one that works only in FF and another for any browser/platform. You have to go back a few days to see the 1st exploit.

    https://twitter.com/taviso/with_replies
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,077
    Location:
    Among the gum trees
    Twitter?! I don't think so! I don't do social media. :eek:
     
  13. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,162
    Remote Code Execution is possible if the Binary Component of Lastpass is installed, otherwise it can steal passwords.
    The previous exploit (March 16) is affecting the lastpass-addon for firefox (v3.3.2)

    LastPass answered (or: "twittered" :ninja:), and they are working on a fix.
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,413
    Location:
    USA
    Current LastPass add-on for Firefox is v4.1.35a so I wonder why v3.3.2 is being offered in Mozilla's add-on library?
     
  15. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    663
    Location:
    United States
    That's how Tavis Ormandy from Google reports vulnerabilities. Your loss I guess.
     
  16. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    663
    Location:
    United States
    LastPass will fix these quickly. They run a pretty secure ship.

    Ormandy provides a great service to various software companies, through Google free of charge.
     
  17. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,319
    Another LastPass security bug huh? Not sure if I want to stay with these guys.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,840
    Location:
    Cape Town, South Africa
    +1. And 3.3.2 is not multiprocess compatible according to Add-On Comaptibility Reporter add-on.
     
  19. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    663
    Location:
    United States
    They have already fixed the issue. If you follow Ormandy on twitter you can see he finds exploit in a lot of software. LastPass fixes these really quick. Some companies like Commodo just ignore the exploits.
     
  20. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,319
    Has anyone ever tried Enpass?
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,319
    Good to know. Do I need to update the browser extensions or was it a back end fix?
     
  22. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,230
    Location:
    USA
    All software has bugs. LastPass is very good about fixing them. I would not dump them based on anything I have seen here.
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,768
    Location:
    localhost
    More attention lastpass gets better it is for us and thankfully Travis really loves lastpass ;)
     
  24. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,319
    Oh I know. It's just not the first time I've heard about issues with them. If it's been patched, I will hang tight for now.
     
  25. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,319
    Thanks I am following him now. Cheers!
     
Loading...