Why are you still using Lastpass?

This
>Remembering passwords is unsafe user just use a password manager
>this way we know your passwords but you don't
>Oops looks like it was "accidentally" backdoored

Free software != secure

Can I use it to shitpost on Sup Forums?

i suppose so, it'd be more secure to never sign up for anything needing a password, but that's not gonna work for most.

>not writing your pass on a sticky note.

>Windows
Found your problem

quality post, user

>storing your passwords on other people's computers

Reminder that they still haven't fixed the previous exploit, announced over a week ago

Also Tavis Ormandy is the chief vulnerability researcher at Google so he knows his stuff. He recommends KeePass. Open source is best source

>google

botnet alert!!!444!

drop keepAss, use lastpass asap

>Google shill shills keepass in three tweets
>Doesn't even say is secure, just "seems like a reasonable design"

Thanks for this info, will remember to never use keepass. Actually I'll never be stupid enough to save my passwords on another computer

keepass doesn't store your passwords in "the cloud", it's all local

Of course it is

> Store passwords in text file
> Encrypt with GPG

There is literally no flaw with this system.

...except for the fact that you shouldn't store all your passwords behind one master password, you retards.

At least having a unique master password would take a little more effort to get through than just physically stealing a password notebook.

Speaking of password managers, is there a Firefox plug-in for keepassx?

People who use LastPass don't only do so for security reasons, but also for the hassle-free ease of use of a system that allows you to have long randomly-generated passwords wherever you are, without worrying about textfiles, databases, notepads, etc.

Also the fact that I only need to log in at the start of a session to be able to log into everything in a couple of clicks is pretty nice.

For example, I often find myself fapping to some video I like enough to want to download it, but to get the best quality I have to log in, so I just do so in a couple of clicks and I can easily download it without interrupting my fap.

For people who use it, simply typing/writing them down isn't a comparable alternative.

I've been using it for at least 5 years and It's very hard to switch to other systems, but I'm honestly starting to look for alternatives, because I'm getting paranoid about their ability to patch holes in time and to not decide one day to start stealing passwords.
In the meantime I'm just not using it for important things like banking (and related emails) and such, and only use it for normal websites where an intruder can't really do much damage (especially since there's 2FA on the most important ones).

I think what you should really be concerned about is the fact that LastPass is a proprietary password manager.

you can check the source and compile it yourself. you can also just monitor the application (does it make any internet connections? what file does it read/write?)

Has there ever been a serious audit on it?
Because the fact that it's open source alone doesn't necessarily mean that people actually went to seriously make sure it doesn't do anything sketchy.

You could have just typed that into Google.

ghacks.net/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found/

Some of them actually work. Keepass is actually really good. It stores all of the passwords in a database file that you can put wherever you want. The database file cannot be opened without the master password.

twitter.com/LastPass/status/844176201392504834

>LastPassVerified account @LastPass 2 hours ago

>The issue reported by Tavis Ormandy has been resolved. We will provide additional details on our blog soon.

Meanwhile freetards are still stuck with bugs from 15 years ago.

Because I will die, and I want my family to have easy access to certain accounts.

Can keepass fill in my passord and user accounts?

If I have to copy+paste manually then I can't be assed to use keepass.

This.

Lastpass gives people money for finding exploits unlike other password managers so I bet lastpass is way more secure than other managers.

So does Microsoft. And Oracle.

Does that mean Windows is secure? Not really. Same goes for VirtualBox.

It means they are more likely to find exploits and patch them unlike software like keepass which has no incentive for people to look into them other than "just for fun".

Yeah, just ctrl+v in the keepassx window while the right input fields are active in the browser. There are probably browser addons to improve this functionality, but I haven't investigated that.

Uhh, except that security audits are done by just about any serious security project and Keepass had one?

See But hey, I guess OpenSSL is also insecure because there's "no incentive".

Keepass has integrated features to ease copying your login details, but they're fairly limited. However, there are browser extensions that act as a bridge between your browser and keepass.
If you're using Firefox, Keefox allows you to fill in your passwords easily. Chrome has ChromeIPass, but it's definitely lacking in comparison to Keefox. Both use different but secure channels to enter your login data.

There are also tools out there to export the passwords saved on your browser to a keepass database, which makes moving to keepass a lot easier.

I ditched them as soon as they sold the company.

I store my keepass database in the cloud (drive) though :^)

Stays synced on my phone and computers

>Giving a pajeet-made extension for an extremely vulnerable browser access to a database with every password you control, defeating the purpose of using keepass, a local password manager, in the first place
Whew

>There are also tools out there to export the passwords saved on your browser to a keepass database, which makes moving to keepass a lot easier.
Wish I knew this... At least I ended up changing all my passwords during the transition anyway.

>using a password manager
The NSA has you right in their trap

Works on any OS dumbass.

They wouldn't need it

Actually they did fix the previous vuln. If you had the entire tweet and proceeding comments, you'd see that only the Firefox stable branch still isn't fixed because Mozilla hand checks the updates and the Firefox extension is months behind the other browsers because of it.

Unless you opt into installing it directly from Lastpass' website, the Firefox default version hosted on AMO is out of date. It was fixed in all other versions on all other browsers.

It's actually really dumb, I can't use it on public pcs or my phone

>public pcs
seems like a smart idea

>or my phone
why?

>I can't use it on...my phone
how shit is your phone

There is one flaw: you're reinventing the wheel.
sudo apt install pass

LOL USING SINGLE PASSWORD TO PROTECT YOUR ALL PASSWORDS

Problem?

READ MY SENTENCE AGAIN AUTISMO

kek'd

Yes, problem?

YOU ARE AUTISTIC IF YOU USE PASSWORD MANAGER

Problem?

Considering there are multiple mobile apps for it, you are the really dumb one.

YOU SHOULD GO TO MENTAL HOSPITAL IF YOU USE PASSWORD MANAGER

my password manager uses gpg. has gpg been hacked?

Still not seeing the problem.

BROKEN MENTAL HEALTH IS THE PROBLEM M8

i dont know why anyone would use a pasword manager that uploads your passwords to someone elses server. i use keepassx and keep the database away from internet

how shit is keepass to not have some sort of app

>why?
because i have to log in to shit on my phone too but thanks for informing me that this is just a meme

there are multiple apps for android, dunno about ios since i'm not an ifag

Then write it down and leave it in a secure place. You act like that's flawless justification, it's stupid.

the alternative for normies would be using same password on all sites and many still do it

I personally use KeePass2Android

i would never install a browser extension for this. there will always be some way to exploit them because the browser wasnt designed to be used this way.

Both regular KeePass and KeePassXC have a built-in autotype feature that can autofill fields in any window without additional extensions being installed. The one disadvantage with KeePassXC is that it can only do it based on window titles, and not URLs.

What do you guys think about this:
masterpasswordapp.com/

What's better? KeePass or KeePassXC?

>The one disadvantage with KeePassXC is that it can only do it based on window titles, and not URLs.
There are extensions for both Firefox and Chrome to add the URL to the window title, which should help with your particular issue.

If you're on Windows I'd go with KeePass, it may be a bit more proprietary but it has more features as a consequence of that.

That's good to know, thank you. I hadn't even considered that.

There is no 2FA for KeePass? Wtf?

Plugins?

keepass.info/plugins.html#keeotp

Does it also work with the mobile version?

But there is dude.

Keyfile and password.

Also SID if you're on NT

I notice KP2A has some OTP/Challenge options for unlocking.
Haven't used them though, let alone cross-platform.

Also to the best of my knowledge all mobile versions are unofficial?
So even then compatibility might be limited (barring obvious 2FA/challenge specifications).

That means Mobile versions of KeePass are even less trustworthy than LastPass?

That's a leap in logic. Safer to say while they may hold themselves to the same standard as official, nobody else is.

anything cloud based is inherently insecure.

KeePass is the only good option. Lots of extentions and support.

>Meanwhile freetards are still stuck with bugs from 15 years ago.
You're using a proprietary password manager. How gullible can you possibly be? Sure, exploits may be fixed, but don't you see the problem? You're handing your passwords to a program.

>KeePass
Just tried it. It's fucking cancerous compared to LastPass. LastPass is 10x more comfy to use. Auto Type is a joke that doesn't always work and if I install KeeFox I can just as well install LastPass because they both suffer from the same weak points. Actually KeeFoxx is even more insecure.

Damn, what an argument.

>...except for the fact that you shouldn't store all your passwords behind one master password, you retards.

Isn't that what you are doing when you memorize them. If someone hacked your master password (your brain), they'd have plaintext access to them.

>Open source is best source
I agree but the more concerning part is that local password managers are infinitely better than shitty phone-home cloud browser plugins.

An unencrypted text file on a safe computer probably offers more security than fucking Lastpass

I've used keepass like since 2008 or something. Not a single problem, ever. I see no reasons to change from keepass to anything. Works on all my devices (linux, windows laptops+desktops, android tablets, android phones).

>KeePass so good they make a sequel
Is LastPass even trying?

>tfw it pastes your info to the wrong window

>binary component
It's fucking nothing.

Go back ti trashing AVs, Tavis.

You can use other RPCs to force-enable the binary component

Plus Tavis sent them a proof of concept showing his exploit causing execution of calc.exe and Lastpass said they couldn't replicate it. They didn't realise it wasn't working because they were all using Macs. Fucking iFags, how could you ever trust these morons

>disable autotype
>remove submit from its default template
>don't be retarded
there's a few solutions