Lastpass is the password manager that I’ve been using for years, but the latest breach(es) have got me planning to move on. Any suggestions for a password manager and reasons why you’d choose that one over the other alternatives?
I’m sticking with Lastpass. While the breach is troubling, any third party cloud-based password manager is going to be attacked. Assuming they’re correct about not having anything useful about the password used to encrypt your passwords…I think the expected brute force hack time of my password is about 20 million years, and the only other place I’ve used that password is in the “in case of emergency” documentation I have in our safe.
If there is an roll-your-own solution out there that supports different browsers, different OSes (Windows, Mac, Android), and does cross-device synchronization, I’d be interested in hearing about it…but I suspect the cross-device synchronization constrains the options to services like Lastpass.
I use One Password.
It’s been great but it’s the only one I’ve used so I can’t really compare it to others. I guess if it gets hacked someday my view of it will change.
I use Bitwarden. I don’t like it as much as I liked LP, but I moved on from LP when they started charging me money for it. I like Bitwarden enough that the price tag makes it worth it for me…until I get burned by a breach because they don’t have enough money for up to date security measures because their customers are too cheap to pay for it.
I also switched to Bitwarden when LastPass started charging users. I like Bitwarden better than LP though. I think the auto-complete works better for me and I find the UI more intuitive. I chose BW because it was rated highly, worked for all my devices, didn’t require a lot of tech knowledge, and was free.
My understanding is that Bitwarden does work on Mac as well, but I only have experience with it Windows/Android, so I can’t comment on how well it works on a Mac.
I use keepassxc
Thanks, although it still suffers from the problem the LastPass breach highlighted – it’s a third-party cloud-based tool and therefore a target.
I’ll keep it in mind should anything happen to LastPass, or if LastPass should cease to be included with my antivirus subscription.
I changed the thread title to be a bit more generic as the topic is likely to be useful in general.
I’m not sure how many would know what “Lastpass” would necessarily be.
Feel free to tag this thread with the different password apps (I’ve started with the ones mentioned so far).
I believe there are significant differences in what each encrypts, and how well they do it, though.
A year or two ago I switched from LastPass to KeePassXC and I definitely like the change. I use KeePassXC where the database is kept on Google Drive/OneDrive/Dropbox for cross-device synchronization and encrypted with both a password and either a key file or a hardware key. It works great on Windows and Android (I haven’t looked into Apple, but I’d be surprised if it doesn’t work there too). I don’t directly integrate it with my browser because apparently that’s less secure (though it is an option), but the applications autotype username and password and work great.
For folks who are still on LastPass, a new security bulletin is out with recommended actions.
Beyond the usual “use a strong, unique password”, “enable 2FA”, “good password hygeine”, etc. recommendations, there’s one semi-obscure setting they suggest adjusting, and a monitor dark web feature they recommend using.
I haven’t left yet, but probably will. I’m still busy changing passwords. At the rate I’m doing them, I figure it will take about another month to get to whatever is still active. I was at least pleased that this time they popped up something saying there was an important security message. It was slightly annoying that it linked to a long explanation and history (that left out an embarrassing detail - how long it has been since the first breach), but one more link took you to the security bulletin.
I glanced through the bulletin and didn’t see what this refers to. Could you point me in the right direction?
I use BW these days but have family that still uses LP.