I downloaded LastPass via SnapFiles and it only seems to install browser extensions. The LastPass pocket app seems to be for desktops, but it's quite bare bones. I assumed that all big name password managers offered a desktop app, weird. I would like to keep a copy of my passwords offline.
I use two password managers now. Keepass2 is my master place to store. And then I use Bitwarden on a separate browser, in this case I chose Vivaldi which works great with it, and I use it for all of my forum logins and some emails. But I don't go all over the net browsing with this browser. Bitwarden is also locked down with a Yubikey. I tell you Bitwarden is super smooth and I find myself reaching for it more than I do Keepass. While I do keep most of my banking on Keepass2 I have moved one of my banks to Bitwarden. I feel like I am taking steps in trust to using it. But in the end I will probably always keep Keepass2 for my main money accounts and leave them there only. But all my emails and forum stuff and minor banking will go to Bitwarden. I believe it is a very solid application. And with Keepass2 you can always count on that to keep things close to your chest for that intimate feeling.
Download links for LastPass for application can be found here: https://support.logmeininc.com/lastpass/help/use-lastpass-for-applications-lp010059 This is the closer to a desktop application you can get from LastPass.
Thanks, I didn't know this LastPass standalone app existed Any thoughts about why the app would be useful Vs the LastPass browser extensions or logging into the account at LastPass.com?
The main purpose of LastPass for Applications is to allow you to login into programs on your computer that require a username and password, such as Skype. (https://lastpass.com/support.php?cmd=showfaq&id=2365)
Correct, but you can use it also for the rest of the logins. Of course, you can't autologin on websites with this. I personally use it to access files attached to login entries which from time to time fail to open via the browser.
Keeping passwords in your head or on paper for you to think as you type won't work since they can read your mind as you type with the upcoming 5g possibly. But lets face it: If the government wants your passwords they can get them several ways. But they really don't want them per say. They want to know about all of your life and those websites that you share all of your life they already tapped backdoors around your passes. Password managers just need to be hack safe for the kiddies or seasoned hackers from stealing them. And they work at that for the time being.
No pwdmgr is perfectly secure and we've seen many vulns found in major pwdmgrs, some of which could lead to complete compromise. It's true if he was blackhat, there should have been real damages and we have to say it was lucky that they were whitehat. But it's still MUCH securer than most people's pwd practice. But for those who know well about pwd security, pwdmgr is not security tool but it's utility tool which enhances not security but productivity and convenience. I use KeePass (local only & store only partial pwds) tho actually I don't NEED it, 'cause autotyping to any apps or sites is convenient and it also make accounts management easy. Often seen argument that nobody can remember... is somewhat exaggerated. No, you don't need to be savant. There're some ways you can store dozens of pwds more safely w/out pwdmgr. One example is combining passwordcard or diceware with a note in one of dozens of notebooks (only you know where it is written). Even if someone find the note, he'll only find meaningless numbers (you can camouflage even better with some tricks if you want) Then some ppl say you can't as you want to login to accounts everywhere. I don't and think having too many accoounts itself can be potential risk. But maybe having the note in wallet may solve this (backup copy should still be in you notebooks). Another is well-known core pwd method but not with prefix nor suffix, rather you should transform core pwd entirely using site-specific words (or better, associated image only you know) so that core pwd itself vary on every sites. Everyone can remember at least a dozen or so 100+ bits entropy pwd (actually I do even w/out above method) if they practice repeatedly, but most ppl don't want to. Some pwdmgr also checks against haveibeenpwned, it can be another merit.
OK so you can manage all of the web-passwords with this app, that is what I'm looking for, thanks. I'm planning to install LastPass for other people who need easy access to certain websites. A tool like KeePass is too complicated for them.
1Password now works with Password Autofill on iOS 12 https://9to5mac.com/2018/09/17/1password-password-autofill-ios-12/
KeePass is surely not for those who want install-n-forget solution, but this complexity is at the same time its advantage as it allows you to autotype in virtually everything. Not only local apps, but you can e.g. automate ticking/unticking "sign in anonymously" or "keep logged in" type of checkbox, and even pull down. Some online bank have quite complex forms and I don't know if major pwdmgr support every single online banks around the world. KeePass can fill it w/out problem except for 2FA code - I don't store 2FA code in pwdmgr anyway (and actually don't use online bank). In my case, I only store part of username and part of pwd in it, so I want my cursor returns to username box after autotype so that I can continue to type rest of username, then rest of pwd. Then, Code: {UserName}{TAB}{Password}+{TAB}{RIGHT} is enough. But it's true even after you have learned how to use it it requires some chores. You have to register windows to KeePass entries and sometimes make custom autotype. So I understand even geeks do not always like KeePass.
I found a great tool for those who're not very comfortable to totally rely on pwdmgr. OffTheGrid How to This was already posted, but OP used it to encrypt message. But OTG can be used paper-based pwdmgr as Aaron in above link suggests and its advantage over PasswordCard is memorability. You don't need to remember raw and symbols, instead just remember starting raw, the number of characters of the domain you want to use, and a ratio to each char (& optionally additional rules if you wanna customize). Other than that, it's similar to PwC, make backup copy in safe and carry it in your wallet. Even if it's stolen, it's non-trivial to guess your pwd especially if you customized. It may look complicated at 1st glance, but actually not. As to consecutive numbers Aaron questioned, actually there're many ways to handle it, e.g. just skip to the next letter, change numbers into alphabets, etc. It all depends on your idea. Tho other Aaron's criticism are mostly valid for average Joe, but those who wanna go with manual way knowing all pwd cracking techniques and pros & cons of pwdmgr won't care, and I think he missed that remembering some rules is much easier than dozens of combination of raw & symbols.
Another topic: this may be more interesting for most ppl. Aaron has audited & ranked many pwd generator and published the results. Some major players are included. I think his scoring is understandable and reasonable. TBH pwggens which don't use unbiased CRNG are ********. It must be amateur's work who don't know crypto. If you use one of such, stop it and move to better one.
I tried this program and had to load my back up OS over top of my hard drive because this thing would not remove no matter what I did. It leached onto my Windows 10 so hard I had to get rid of the whole thing. Never again.
It's been years, but I also could never trust Roboform's developers because of the way they reneged on their "lifetime" licenses.
Here is an old thread on the way Siber Systems (Roboform) handled it: https://www.wilderssecurity.com/threads/ai-roboform-7-1-0-final.288309/ And an article form Softpedia on "How Not to Change a Licensing Model: https://news.softpedia.com/news/How-Not-To-Change-A-Licensing-Model-171188.shtml Given all the other options, I wouldn't trust my passwords, or money, with them.
Thanks for the references on this one. It's always been worth any extra time weighing pros vs cons and especially on programs that can be considered sensitive to users/customers in any form.
One thing to keep in mind about browser add ons like Bitwarden is if you use a VPN it probably blows your cover if you was looking for that. Keepass2 you are safe in that respect.