Why is Lastpass the best password manager?

How difficult can memorizing multiple passphrases that are 15+ characters be?

>Lastpass
That's not how you spell KeePass.

I use pass, it follows the Unix philosophy nad runs wonderfully on everything I own, if the software fucks up (Lol tree and GPG fucking up) who cares, its all recoverable.

easy as shit to file sync too

"BUT MAI META DATA LEAKS"

If someone can read the login meta data through the folder you already fucked your security dipshit.

>jealous butthurt morons can't memorize their passwords
Also, I'm an intelligent beautiful woman.

I used to be pretty adamant about using these too, but having to memorise 10 different 'complex' passwords is annoying.

Now I just generate a random different 24 special character password for every site. It so much easier.

Plus the android app is great and can be unlocked with fingerprint, so there's that

Overall, no complaints so far

Why can't you just remember ?

>trusting software to keep all passwords safe

Actual pleb

i can remember 15 different passwords

It's not, keepassx is the best.

its keepass fagit
if you dont know how to sync between devices, it is not my problem

My brain's the best password manager you faggot

this

It also made me fall for the PGP meme.

I know my shitty little eight digit random string I use for everything by heart, but don't you have 12->100 digit strings for anything that matters? I don't know my email password, but have a link to that encrypted spreadsheet with Sk*l5}Y6~z^GS9NU."GC.b#N6}r>W^EzH4_X1HF#W265px!#'6 ready to go

Why would you use a proprietary password manager? And it's not like LastPass hasn't been hacked:
blog.lastpass.com/2011/05/lastpass-security-notification.html/

I will use a password manager when the interfaces aren't shit.

What i do is use a system similar to this

PhraseDigitLetterSymbolLetter

So my top level password (for my main Gmail) could be

AGGro3m+n

Then my next level for secondary gmails would be

ALPha3o+p

So the first phrase changes but the capitalization stays the same. The digit stays the same. The symbol stays the same but the two letters move down the alphabet.

Change them every 3 months

I dont trust password managers desu

Because it gives your passwords out to everybody who asks nicely for them

With that amount of redundancy, your passwords are sure to never get lost!

>15 different passwords
I see you only browse the mainstream websites

I have 100-200 passwords in my password manager, each one of them as secure as dh*}AICo+k}8fT)OQg_f

blog.lastpass.com/2015/06/lastpass-security-notice.html/

Just use the Keepass version of your choice and upload the file to some cloud service with two factor authentication.

Because hosting your own is in my opinion too goddamn annoying.

Or use pass if you aren't a filthy Sup Forums normie

Why is paper and pencil the best password manager?

/thread

Password managers are hacked more than the sites for which I use my most complex password.

P.S idiot-level cryptography is your friend.

Come up with a rare/personal phrase like Jimmy has an Oreo Cakester and create/write down 3 different alphabet conversions (weak, medium, strong), and use those. Anyone who finds the place you wrote it down wont know what to do with it, and all you have to do is remember a single phrase (type it enough and you'll naturally memorize the passwords).

I shouldn't even have to feed this to you babies, just put some effort into security.

notepad in't too bad if it is hidden somewhere that is not directly accessible to anyone else. If they manage to still get it they would have fucked you over anyway.

>Password managers are hacked more than the sites for which I use my most complex password.
Only if you use absolute garbage like LastPass or KeePass, but I honestly wouldn't even call them password managers.

>each one of them as secure as dh*}AICo+k}8fT)OQg_f

>using a natural language phrase as password
Oh wow, watch out, we have an expert in secure password design coming through

What do you recommend?

`pass`, the only truly based password manager based on well-established cryptography (instead of some homegrown armchair “crypto” bullshit)

because it just werks
freetards will never know this feel

That may be the case, but why would you choose a proprietary password manager over a open source one like KeePass?

Over an*

I really like enpass. Store passwords locally or on your personal server and the chances of your passwords getting broken into are really slim.

That doesn't matter in the end because you are planning on using a cloud host.
You aren't being purist enough.
Run your own web server, FOSS software, sync it on multiple servers, using FOSS software. Then you will be a master autist.
Sometime just werks is the way to go.

>Testing a closed source """random""" generator

>try LastPass
>need to buy a one year subscription to use it on a smartphone
>okay whatever.tiff
>try to create a second account on a well known website
>it overwrites my main account on there

biggest fucking meme, didn't they have a databreach aswell??

>Because hosting your own is in my opinion too goddamn annoying.
With `pass` you can just use any git repository to synchronize your passwords. As long as you have SSH access that means you can use any machine, even your desktop, for the job. (Or you could use something like github/gitlab/gitorious/whatever)

That must be a typo, you meant to write keepass2, right?

You aren't even in control of your own shit then. What's free about that? That's not free as in freedom.
May as well use lastpass then.
Yeah the breach was in 2011, and passwords are encrypted. If you propose KeePass as an answer to this, then consider the cloud service you host with can be breached as well.
I prefer FOSS, but with this shit I'd rather just have it work and use my autism elsewhere.

it's not.
keepass is better, more customisable, and open source.

>You aren't even in control of your own shit then. What's free about that? That's not free as in freedom.
lol

How is it not being in control if you can do literally whatever you want with git?

proprietary cuck logic

You can do whatever you want with lastpass as well in that case.
Unless you're hosting it on your own infrastructure, it isn't in your control.
Like I said I'm all for FOSS when it isn't an enormous pain in the ass. It's usually a slight pain i in the ass, which is acceptable.

I've always used keepass. Anything wrong with it?

>closed source
into the trash it goes

>You can do whatever you want with lastpass as well in that case.
So I can sync lastpass using github?

I think you're ignoring the real issue, which is that FOSS vs Proprietary is not about convenience or ease of use

It's about privacy. LastPass is *known* to leak your passwords to arbitrary websites, and it also leaks metdata to the lastpass developers. It's a gigantic piece of shit botnet, and I wouldn't trust the crypto one bit either.

Might as well just use a text file on dropbox if you're using lastpass

I mean I'm all for distrusting names, but failures of LP would be publicized.
I know FOSS isn't about ease of use that's why I said it was a pain in the ass but still feels better to have a FOSS setup.
Also what do you base the comment on their crypto on? Is it because you don't like their practices, since they are operating to make money and all?

Can you really trust any of these services?

>I mean I'm all for distrusting names, but failures of LP would be publicized.
they are. please don't use your ignorance as an argument

news.ycombinator.com/item?id=12171547
thehackernews.com/2016/07/lastpass-password-manager.html
labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

>I know FOSS isn't about ease of use that's why I said it was a pain in the ass but still feels better to have a FOSS setup.
Suppose you want to use your own server for synchronizing passwords.

What's easier, setting up some weird custom sync server (if lastpass even supports them) using obscure instructions written by a pajeet for 50 rubles an hour and having to fix 5 bugs and write your own unit file in the process

-or-

Simply having SSH access (which you already have), 0 configuration required except `git remote add servername.example.org`?

>Also what do you base the comment on their crypto on?
The baseline assumption that 99.9% of people implementing crypto are doing it wrong. Do they have world-renowned expert cryptographers working on their implementation? Do they receive multiple security audits by independent researchers? Is their software claimed by edward snowden to be NSA-proof and used by whistelblowers and journalists worldwide?

If the answer is no, then I'll stick to `pass`, thanks.

Also, unless their crypto code is open source, I have zero reason to trust it and the default assumption is that they have embedded backdoors.

Sadly in 2016, there's no other assumption you can make. The NSA aggressively coerces developers of proprietary software to embed backdoors into their programs and silence them under gag orders.

If it's closed source, it has backdoors. Also, if it's closed source, it means they have something to hide - and that thing they're hiding is usually (in 90% of “freeware”) simply bad code.

tl;dr there's no justification whatsoever to trust LastPass' crypto. So what do you want to use, something used and recommended by crypto experts worldwide or some shitty app firm's homegrown garbage?

Alright, I've got enough servers to pull it off.
I'll give your shit another try, I don't have anything else to do today.
Why use git though? I fucking despise that shit.

I just put my passwords in an encrypted ods file that I keep on Dropbox. Of course its password is strong and has never existed outside of my brain.

Though I don't use Internet stuff on my phone. Dunno if you can open an encrypted ods from mobile.

>Why use git though? I fucking despise that shit.
Pajeet who doesn't understand git and always has to go on stackexchange to figure out how to make a commit detected

I don't program, why not rsync though?

>I don't program
oh, no wonder you hate git

>why not rsync though?
rsync isn't version control software

I mean why use something meant for software developers if you are not one?

Well, that's simply how free software works.

It's written by developers for themselves - so they'll use the best tool for the job (git). If users find that difficult or confusing, it's their problem.

That aside, git has many benefits for this use case

- revision / change tracking
- completely decentralized design (no central server required at all)
- can resolve merge conflicts (e.g. say you have diverging password databases, you can just trivially merge them together again)
- flexible transport layer (ssh, https, local dirs, etc.) meaning it can be used in almost any situation
- extremely high performance, well-tested, used daily by millions of developers
- very low setup overhead even for advanced use cases / complex requirements

Say what you want, but git is the king of what it's doing: Tracking and synchronizing changes to a repository of files.

Yeah but I just want to keep a database of passwords synced.

So use git?

>password manager
God damn you literally can't remember the six different passwords you actually have? I swear this board has actual medical autism

Are there any good cross platform password managers? Ideally it should be open-source and offline. Right now I'm using keepass but it's annoying having to run it through mono on linux.

B-but I have 72 passwords saved in keepass

Not memorizing a simple function that generates a complex password, rather then trying to remember the whole thing.

Not hard coding biometric data as secondary lock

Not having secret program that blocks typical valid entries unless sequence and pattern are within tolerance, as additional lock (how fast people type their password is another thing that can be used to spot a intruder.)

Not installing addition hardware to narrow entry conditions. (like only unlock if entered correctly when the plants align)

Not using deceptive entry hard points (keypad is really fingerprint scanner)

Not limiting the number of tries

That just the basics. Seriously I could make a setup that is very easy to open, but mind numbingly complex for anyone else to even try. I got other tricks I will never share, well maybe if it gets me a job with the CIA or something given I could use the work.

>six
here's your (You)

now go back to facebook/reddit/whatever other mainstream websites you never leave

>2016
>using "cloud" password manager
>using hard "l33t" password
>not using 2fa

simple passwords plus 2fa on all your accounts is enough

keepass2 + extensions

Who /many variations of 1 password/ here?

proprietary software should be illegal.

KILL THE PROPRIETARY SOFTWARE SUPPORTERS!!!

>2fa
Hi company this is really me can you please send a copy of my sim immedietly to this unknown household thanks

Good luck succeeding on that Tyrone

Really I think this is already pretty fucking bold, but.

THIS IS A PROPRIETARY PASSWORD SAFE

PROPRIETARY
PASSWORD
SAFE

YOUR PASSWORDS INSIDE, FUCKING INSIDE!!! OF A PROPRIETARY PASSWORD SAFE.

Owned by someone else.

Managed by someone else.

YOUR SHIT
SOMEONE ELSE'S SHIT

Know anybody that you would give your passwords to? Didn't fucking think so. Don't use proprietary password managers.

and the post of reason appears

about time I was getting worried all intelligence had left this board