Password Manager Discussion.

Hmm, and if Taviso starts research of Keepass vulnerabilities?

 

Noooo, then its a major disaster

 

Since he's already looked at KeePass I guess the major disaster stays with LastPass for now.

 

Yep, let's all dump LastPass because they are working hard to improve it and replace it with something that has unknown issues that aren't getting fixed.

 

lol

 

Sarcasm duly noted I look at it as similar to Google's browser hacking competition; makes for a better product.

 

Thanks, I didn't know that KeePass was checked.

Yeah, true. Nothing is fully certain in our time.

 

Exactly. As we have seen in the news recently there are a lot of exploits out there that some folks have been sitting on for a long time. Exposing them gets them fixed.

 

An update has been released.

https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/
"Please ensure you are running the latest version (4.1.44 or higher)"

 

Might be just me, but it was a bit unclear. I think you will still need to use the keyboard, then you might as well just copy and paste.

I'm thinking about using the browser's password manager, but I'm afraid this is even more insecure.

 

If you want to have your username+password automatically filled in, you'll need a plugin for Keepass.
Without a plugin you'll have to select the entry in Keepass and use Ctrl+V to paste it.
Or do a simple copy and paste...
Edit: Or use a global hotkey.

 

~ try running KeePass as designed (no browser integration) with Auto-Type (TCATO). https://www.wilderssecurity.com/threads/keepass-a-further-leap-ahead.329627/ KeePass Help https://sourceforge.net/p/keepass/discussion/
FWIW ~ Try default global hot key Ctrl+Alt+A or right click entry Perform Auto-Type. Once I appreciated matching is based on Target window, not URL. KeePass without browser integration was intuitive for me.
Or, browser integration http://keepass.info/plugins.html

 

I used Keepass with browser integration in Chrome. It was pretty convenient. The database was synced via Dropbox. Sometimes I lost changed or new passwords because I forgot to close and reopen (or sync) Keepass db on other PCs. It would be wise to adjust automatic log off, but I was too lazy to log on every time and I changed passwords rarely.

 

Yes, that's what I'm using. A plugin is not needed. Details here, for Linux here.

 

+1 KeePass Auto-Type (Ctrl+Alt+A) has always been sufficient and convenient for my use. I've never quite seen the need for anything further such as browser integration.

 

The global hotkey nearly worked all the time, except on a few webpages. After modification of some entries (adding custom keystroke sequences, Target Windows, etc. - which is well explained on the website) the Auto-Type feature is now working for all entries.

 

been using LastPass free in the past 4 or 5 years: never had any problems with this service. Last year i upgraded to LastPass Premium.
I'm also frequently exporting all passwords to a local file on a separate USB disk.

 

LastPass add-on for Firefox updated to 4.1.45a

 

This is perfect to my needs to.

I used LastPass for a few years, but KeePass is more simple and secure, IMO.

 

I have been using both Lastpass and Keepass for a long while now. I store non-sensitive accounts "forums ect" in Lastpass for convenience, and my sensitive accounts in a portable version of Keepass stored on my main system and a back-up copy on a flash drive. I have found this method minimizes much risk.

 

OK I see, so I need a plugin, what is the name of this?

 

http://keepass.info/plugins.html

 

I only had to do some modifications of some Keepass-entries, but except some changes the global hotkey is already working very good
But as you want it automatically filled in "without using the keyboard", look at the plugin-collection in the link mentioned above #372
Plugin-Category: "Integration & Transfer"

 

If one doesn't remember their passwords do any of these auto pull them from the browser? All I have is a bunch of post it notes with username and password.
Have not used Lastpass in years.
And is this thread about a plugin, the full program or both?

 

Another security flaw was fixed in LastPass:

http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/
https://blog.lastpass.com/2017/04/lastpass-2fa-bug-reported-resolved.html/