1. Duplicate accounts are absolutely forbidden on our forum! - One person, one account. We have an automated detection system in place, you will be automatically banned or restricted with all Likes removed - no second chances!

Do you think the password keeping service like LastPass, 1Password etc. safe?

Discussion in 'General Chat' started by ogrishman, Dec 27, 2018.

?

Do you use these password keeping service like 1password, lastpass, keepass etc.?

  1. I'm a longtime user.

    28.6%
  2. I never use. They are not safe.

    42.9%
  3. I only store unimportant password and information in them.

    14.3%
  4. I only use local password manager like keepass. I don't store password online.

    14.3%
Multiple votes are allowed.
  1. ogrishman

    ogrishman Registered User

    Joined:
    Sep 25, 2018
    Messages:
    166
    Likes Received:
    1,303
    I'm a longtime LastPass user. Right now almost all my passwords are stored in it. Do you think it's a good idea to use this kind of service? Is it really safe to use them?
     
  2. Qr

    QreOS Registered User

    Joined:
    Jul 12, 2018
    Messages:
    39
    Likes Received:
    243
    Personally, there is not enough benefit to offset the loss of control.
    I would rather use keepassxc with a db synced to my devices, or one of the self hosted server type alternatives (e.g. pleasant) if shared access is mandatory.

    There are numerous opsec issues with stored passwords local or otherwise, which can create more risk than this choice by itself.
    With any question like this, we need to first define the wider security profile required, else you will just get a list of preferred vendors in response.

    With self hosted solutions, you can cheaply combine usb/fob keyfiles/2fa/biometrics with a duress password that wipes all your encrypted drive/partition headers.

    Every person's definition of paranoia is as unique as their fingerprint.
     
  3. Warax

    Warax Honorary Member Honorary Member V.I.P DEV Guild

    Joined:
    Jan 16, 2011
    Messages:
    4,415
    Likes Received:
    3,805
    anything stored online can be hacked so I prefer to use browser built in features (store locally and encrypted) with security software of course
     
  4. Stingered

    Stingered Registered User Reverser

    Joined:
    Mar 16, 2017
    Messages:
    170
    Likes Received:
    1,224
    100% agree. However, I use "local" encryption to keep my passwords "as safe as I can". It's software, so it's not still somewhat vulnerable (no, it's no Bitlocker), but this old brain just can't keep track of 100+ passwords any longer. Best option I found it to create an encrypted file and then store my passwords in that file. The encrypted file name should be something generic (in a generic location) and only loaded when you need to lookup the PW you need. Just my $0.02
     
  5. Warax

    Warax Honorary Member Honorary Member V.I.P DEV Guild

    Joined:
    Jan 16, 2011
    Messages:
    4,415
    Likes Received:
    3,805
    And you can use SSD hardware encryption too although even this bypassed by some naughty university colleagues but still currently best option.
     
  6. invarbrass

    invarbrass is a Verified Warez Posterinvarbrass DEV Guild Member DEV Guild Reverser Board4all Friend

    Joined:
    Dec 24, 2008
    Messages:
    1,235
    Likes Received:
    25,360
    I'm a user of lastpass, recently started using 1password (unfortunately, it doesn't support centbrowser so I'm forced to keep using LP).
    Lastpass had had quite a few security issues in the past, so nothing is secure
     
  7. Rajvir

    Rajvir Registered User

    Joined:
    Jan 3, 2019
    Messages:
    9
    Likes Received:
    1
    I personally started using lastpass a year or so ago and for the most part it's probably made me a lot more secure.

    As before this all I did was use the same three passwords and usernames.

    I had the secure one which I made quite long and complicated that I used only on a handful of important sites, and I had my common one where I didn't care if I got hacked and used it everywhere else.

    At least with Lastpass there is a divorcing of different accounts now.

    I should consider swapping it for a local one though that I can backup with an external storage device as anything Online can be potentially hacked.