You are viewing a single comment's thread from:

RE: Do YOU have 2FA enabled? Do you use a password manager? The convenience of cutting these corners is NOT worth the risk!

in #cryptocurrency7 years ago

I'm going to go ahead and urge everyone not to use LastPass. They have been compromised in the past. With KeePass (even if you're using DropBox to sync multiple devices) the amount of surface area you leave exposed to possible attacks is way lower than with a service like LastPass - which is known to be a central location for login credentials of countless users.

I don't deny that LastPass has certain features with are a convenient, such as sharing login details for a specific account with other LastPass users, but you're trading convenience for security, which in the big picture has far too much in common with trading liberty for security: those who do it deserve neither, and will probably lose both.

If you have a Yubikey/Nitrokey or similar, it is possible to use it for 2FA in KeePass.

Sort:  

Only security questions where leaked. Im not concerned about that. My questions are worthless for attacker.

Of I lose some security for ease of use, but still....I think lastpass with 2FA brings me 99.99% of security I can get. Just having different uncrackable pass on each site improves my sec drasticaly.

I feel really secure against automated hacks (my email was compromised 2 times) and against targeted attack (jsut me) im hopeless anyways.

Given that a KeePass database can be safely stored in DropBox/GDrive (as long as it has a strong passphrase protecting it), the same level of convenience that is provided by LastPass can easily be achieved with a much smaller exploitable surface area.

Does it autofill logins? Generate random passwords for me? Does it store memos?

It has an autotype feature. It generates passwords according to user-defined specs. There are plugins to enable autofill in browsers (this feature is a plugin because of the security implications of granting the browser access to the password database).It automatically wipes the clipboard 15 seconds after you copy a password. It does store memos, and additionally has user defined data storage fields.

I used LastPass before I switched to KeePass. KeePass is feature complete, although it's not quite as a polished as LastPass (which shouldn't come as a surprise, since LastPass is a commercial product). Unlike LastPass, KeePass is open source, so its security can be audited by anyone. The only feature I'm aware of that LastPass has (or had when I used it) which is unavailable in KeePass (and made possible by the centralized nature of LastPass), is the ability to share login credentials to a specific site with other LastPass users.

Ok, thank you man. I will try to look into it closely and give it a try :)