Which Password manager
- Thread starter kulture
- Start date
I'm bonkers for lastpass, its a great app.
It's by far the market leader, so it's going to be the biggest target for scumbags, dont be sucked in by bad press.
I appreciate their honesty, I've read all the reports on the so called breaches, none of them are actual breaches of anything important, unless someone is an idiot not using it properly. There are a lot of configuration options for lastpass, it can be complex to set up and use correctly.
I do wonder how many other password managers, or any app really, would just keep quiet about problems.
As long as you're following best practice in your use of lastpass, you're fine.
It's by far the market leader, so it's going to be the biggest target for scumbags, dont be sucked in by bad press.
I appreciate their honesty, I've read all the reports on the so called breaches, none of them are actual breaches of anything important, unless someone is an idiot not using it properly. There are a lot of configuration options for lastpass, it can be complex to set up and use correctly.
I do wonder how many other password managers, or any app really, would just keep quiet about problems.
As long as you're following best practice in your use of lastpass, you're fine.
Upvote
0
- Original Poster
- #9
No, Lastpass itself was breached and all the customer data copied. Those who have been using Lastpass for a long time are said to be especially vulnerable. See https://www.intego.com/mac-security-blog/lastpass-password-manager-suffers-massive-data-breach/
Upvote
0
I've had a read, it's a worry innit!
So hard to get to the truth with this sorta stuff, how much of it is mud slinging from competitors, how much are lastpass not telling us.
If I go through the hassle of changing to another password manager, how long until something happens with them, I certainly don't trust a browser with my passwords.
Upvote
0
It doesn't really matter. Entrusting your password data to a third party is a nonstarter if you are serious about security.
For instance I have the root passwords of all my client's servers. Never in a million years would I let that data go outside my own direct control. I won't even say what I use, as to do so would also be a breach of security.
Upvote
0
It's all about a balance of risk and that balance depends on circumstances. What is a good solution for you would be problematic for many others I suspect. A good password manager with 2FA is likely a big step up in security for most as opposed to the widespread reuse or emails / usernames and passwords because no one can remember all the unique ones.
You can host your own Bitwarden server but they you have secure it and unless that's your business then you are probably better off using the third party and hope they do what they say they do.
Safes weren't truly secure in the past and neither are password managers but at least they make it harder if you use a strong password and have 2FA. All you want to be is not the easy target and hope they can't be bothered with you because there are easier targets out there.
Upvote
0
Security via obscurity is not a good idea. It has been debunked for years and years.
Your best option is to use a well-known open-source solution that multiple people understand and use and has been audited by external parties. Bitwarden is an excellent choice.
By relying on security via obscurity, you risk using an insecure option through ignorance.
Security through obscurity - Wikipedia
Upvote
0
Refusing to say what methods are used, e.g. refusing to say he uses Bitwarden, or whatever, is not security by obscurity.
I suggest you read that article which explains how security by obscurity is a valid piece of the jigsaw.Security through obscurity - Wikipedia
en.wikipedia.org
Upvote
0
Security via obscurity is not a good idea. It has been debunked for years and years.
Security through obscurity - Wikipedia
Thats not what the man said he was doing.
If your holding sensitive or important data, it would make sense not to give bad actors the first foothold, by telling them how you hold it.
Upvote
0
That's right, nor did he tell us he's not doing it. In fact, he didn't tell us anything about what he's doing, other than the data is under his direct control. with the implication he doesn't use a cloud service.
He didn't tell us anything about how he's holding it. He may well be running a locally hosted password manager (which has been recommended on UKBF).
Upvote
0
Just when some say a non-cloud hosted solution is safer, a self-hosted one Keepass has an issue
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
Upvote
0
Just when some say a non-cloud hosted solution is safer, a self-hosted one Keepass has an issue
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
Upvote
0
This should be terminal for LastPass but they are unfortuantely still a well-known password manager with lots of marketing. They hope they can sweep it under the rug.
Why oh why do they not adopt sensible access policies, such as only access to a corporate network from approved devices? This is basis security 101. And really employees at a password company should be adopting the most secure access protocols - such as hardware tokens (e.g. Yubikey), which would have stopped this attack as the hacker does not possess the device.
Why oh why do they not adopt sensible access policies, such as only access to a corporate network from approved devices? This is basis security 101. And really employees at a password company should be adopting the most secure access protocols - such as hardware tokens (e.g. Yubikey), which would have stopped this attack as the hacker does not possess the device.
Upvote
0
Upvote
0
I evangelise 1password whoever I go. I was a long time Lastpass user - but always found it clunky.
When I discovered and tried 1password, lastpass all of a sudden looked as if it was designed in Microsoft word!
If you’re a lover of aesthetic in any way, I think 1p will hands down be your favourite password manager of any you try.
When I discovered and tried 1password, lastpass all of a sudden looked as if it was designed in Microsoft word!
If you’re a lover of aesthetic in any way, I think 1p will hands down be your favourite password manager of any you try.
Upvote
0
I can see how you arrived at that conclusion but no. It’s a superior product that happens to also have an amazing UX.
With a background in IT Services and having worked alongside ex-GCHQ secops and specialists, I can assure that I am a function over form guy - but also happen to prefer apps that are nice to use - since security is as much about behavioural compliance (usage and adoption within workflows) as it is technicality, if not more. The best tool is the one that gets used! Hope that clarifies it but thanks for asking.
Upvote
0
Really, even after all of the horrific security practices and data breaches recently? Surely this would absolutely not inspire confidence for a company who supposedly keeps users data secure.
This was not your run of the mill data breach, they stole the encrypted vaults, which is just laughable how they allowed it to happen. The worry is even if you have a strong password, you will not get any notification your vault has been accessed and all of your passwords are now exposed. So you would need to change all your passwords as well as the master password.
Last edited:
Upvote
0
Latest Articles
-
What Carphone Warehouse, Microsoft and Uber Have in Common: They Started in a DownturnThere's a comforting myth that you need a booming economy to start...- Ozzy
- Updated:
-
What Makes a Small Business Actually Sellable?There's a question that a lot of small business owners never think to...
- Ozzy
- Updated:
-
Why Your Team Keeps Asking the Same Questions (And What to Actually Do About It)Every small business owner knows the moment. You're halfway through...
- Ozzy
- Updated:
-
At What Point Do Courier Losses Just Become a Cost of Doing Business?If you sell physical products online, you already know the feeling. You...
- Ozzy
- Updated:
-
What I Wish I'd Known Before Using AI in My BusinessSomewhere between the headlines promising AI will transform everything...
- Ozzy
- Updated:
