• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Password managers: Anything better than LastPass?

tx2005

tx2005

Banned
Oct 25, 2017
269
So I've been using LastPass for a while now as my password manager, and I haven't personally had any issues. With that said, I keep reading concerning posts and comments online about LastPass and concerns people have with security.

With that said, I'm wondering if there are better and more secure options. I know 1Password and Dashlane are competitors, but I'm not sure if they are any more secure.

I do use LastPass with iOS, MacOS and Windows 10, so hopefully any other option will work there as well.

Thanks for any suggestions.
 
OP
OP
tx2005

tx2005

Banned
Oct 25, 2017
269
fleeting said:
What are the security concerns regarding LastPass?
Click to expand...
Click to shrink...

They had a hack a few years ago I believe, but it does sound like they were very up front and proactive in adjusting for it. That of course has always been in the back of my mind.

Otherwise, the concerns I've seen are regarding a lack of trust in the company, based on a buyout by LogMeIn and other internal changes like executives leaving. It sounds like some people don't trust LastPass to keep our data safe and secure long term.
 
TwiztidElf

TwiztidElf

Member
Oct 28, 2017
141
Your brain?
Have a set of rules for password creation that only you know.
Built into this set of rules, layer the level of password complexity with how serious you care about the security of the site (eg: Bank account - Highest).
 
tokkun

tokkun

Member
Oct 27, 2017
5,408
Unless you are worried about becoming the target of a state-sponsored hacking attempt, I think the security is good enough.

You need to strike the balance between security and usability that makes sense for you. Something like KeePass may be marginally more secure, but it is also less convenient.
 
gaogaogao

gaogaogao

Banned
Oct 25, 2017
1,679
Dashlane is supposed to be a strong competitor, but it costs money (for more than 1 device)
they have a button you can push and it will automatically go to a site and change your password for you.
 
Last edited:
Rodney McKay

Rodney McKay

Member
Oct 26, 2017
12,205
Not free, but I prefer 1password.

Syncs my passwords through Dropbox so I don't need yet another account service.
I also liked its app interface better than Lastpass the last time I used it (might have improved by now, but I'm not sure).
 

RedValkyrie

Self-Requested Ban
Banned
Oct 27, 2017
1,327
IMO, 1Password is the most secure because it's WiFi Sync feature allows your passwords to never touch another server (besides your ISP).

Cybersecurity experts feel free to correct me.

EDIT: Actually it does it locally which is even better.
 
Last edited:
Jag

Jag

Member
Oct 26, 2017
11,673
I'm sticking with LastPass. I think they are as good as any other.
 

Fafalada

Member
Oct 27, 2017
3,066
TwiztidElf said:
Your brain?
Have a set of rules for password creation that only you know.
Built into this set of rules, layer the level of password complexity with how serious you care about the security of the site (eg: Bank account - Highest).
Click to expand...
Click to shrink...
With the amount of websites/services requiring logins nowadays that's not sustainable(leading to repetition which is a nightmare when a breach occurs). Not to mention if you leave in a crazy place, eg. a bank in this country requires me to keep 8+ passwords/keywords alone.
 
Chasex

Chasex

Member
Oct 29, 2017
1,696
RedValkyrie said:
IMO, 1Password is the most secure because it's WiFi Sync feature allows your passwords to never touch another server (besides your ISP).

Cybersecurity experts feel free to correct me.
Click to expand...
Click to shrink...

Not sure specifically what the wifi sync is, but Lastpass salts and hashes the password several times over before it gets sent anywhere, so even if it's intercepted in motion, there's basically no way someone is getting your actual password. Let's say someone does intercept your password representation (which already takes some serious shenanigans due to SSL encrypting your internet traffic), at best they are getting your password vault (this is what's stored on Lastpass servers). This vault is AES-256 encrypted so it's not getting broken by brute force. Your computer can decrypt the vault because it alone has the decryption keys.

So they'd need to steal the decryption key from your local PC's, use SSL session hijacking to intercept your password representation in motion, submit that to Lastpass to get your vault, and then finally get your passwords. Hmm yeah I can think of a few ways to make this all happen, but as you can imagine it would be impractical as hell at scale and not worth the effort. You'd have to be a seriously important person, and the attacker be seriously skilled and motivated.

Some parts of this may not be 100% accurate, and I may be missing a layer of tech someplace in here. I literally spent 5 minutes reading an article and a few minutes considering it while writing this on the fly so take it with a grain of salt. The point remains though, it's secure enough for an average user.
 
Walter White Walker

Walter White Walker

Banned
Oct 27, 2017
21,545
I'm not tech savvy enough to understand how these password manager sites work but I trust my own method better which involves pen and paper.
 

RedValkyrie

Self-Requested Ban
Banned
Oct 27, 2017
1,327
Chasex said:
Not sure specifically what the wifi sync is, but Lastpass salts and hashes the password several times over before it gets sent anywhere, so even if it's intercepted in motion, there's basically no way someone is getting your actual password. Let's say someone does intercept your password representation (which already takes some serious shenanigans due to SSL encrypting your internet traffic), at best they are getting your password vault (this is what's stored on Lastpass servers). This vault is AES-256 encrypted so it's not getting broken by brute force. Your computer can decrypt the vault because it alone has the decryption keys.

So they'd need to steal the decryption key from your local PC's, use SSL session hijacking to intercept your password representation in motion, submit that to Lastpass to get your vault, and then finally get your passwords. Hmm yeah I can think of a few ways to make this all happen, but as you can imagine it would be impractical as hell at scale and not worth the effort. You'd have to be a seriously important person, and the attacker be seriously skilled and motivated.

Some parts of this may not be 100% accurate, and I may be missing a layer of tech someplace in here. I literally spent 5 minutes reading an article and a few minutes considering it while writing this on the fly so take it with a grain of salt. The point remains though, it's secure enough for an average user.
Click to expand...
Click to shrink...
WiFi Sync allows you to sync the passwords created in the application over WLAN (locally) to all of your devices (with 1Password installed).

Lastpass has encryption but it still allows your passwords to be stored on Dropbox servers (1Password has this feature as well). That's the part I don't feel comfortable with...even with the way it does encryption.

You can avoid that with 1Password's WiFi Sync b/c it never touches another server.
 
Last edited:
Kayant

Kayant

The Fallen
Oct 25, 2017
759
1+ for Bitwarden
There is also Enpass if you want something that is more like Keepass but with more streamlined syncing if you chose to sync your data between devices. You can choose from a range of cloud providers including Google Drive,OneDrive,Dropbox.

I too have some trust issues with Lastpass(Because of the type of vulnerables found) but as others have said even with the hack there has been no known comprise of data so in reality you should be fairly safe if migration is an issue.

If you still want something free that also as syncing free for all devices go with bitwarden.
Others options mentioned here are not too different in features and how your data is secured(Someone correct me if am wrong).
 
Jeremiah

Jeremiah

Member
Oct 25, 2017
774
I use 1password across all my apple devices and its really awesome -- you can even use fingerprint or face scanner to unlock the app.
 
Unknownlight

Unknownlight

One Winged Slayer
Member
Nov 2, 2017
10,572
No, LastPass is fine. There are plenty of password managers comparable to LastPass, and there are some that are more secure in exchange for being less convenient, but for any normal person LastPass is plenty secure. I wouldn't worry about it.
 
Edward

Edward

â–˛ Legend â–˛
Avenger
Oct 30, 2017
5,114
Jag said:
I'm sticking with LastPass. I think they are as good as any other.
Click to expand...
Click to shrink...
Been using it for years with absolutely 0 problems.
TwiztidElf said:
Your brain?
Have a set of rules for password creation that only you know.
Built into this set of rules, layer the level of password complexity with how serious you care about the security of the site (eg: Bank account - Highest).
Click to expand...
Click to shrink...
I can't remember different passwords for like 40 accounts. If you can good for you.

As for paper i don't want to bring a notepad when i am out. Lastpass works on my computers, tablets and phones. There's no reason not to use password savers at this point unless you use the same password for everything.
 
CreepingFear

CreepingFear

Banned
Oct 27, 2017
16,766
tx2005 said:
They had a hack a few years ago I believe, but it does sound like they were very up front and proactive in adjusting for it. That of course has always been in the back of my mind.

Otherwise, the concerns I've seen are regarding a lack of trust in the company, based on a buyout by LogMeIn and other internal changes like executives leaving. It sounds like some people don't trust LastPass to keep our data safe and secure long term.
Click to expand...
Click to shrink...
Anyone can have a hack, it's how you deal with it. There hack apparently wasn't that serious. Private encryption keys weren't exposed. They were public about it and fixed it fairly quickly. I listen to a podcast called Security Now. Steve Gibson was impressed with how they handled the situation. Log Me In hasn't changed the company, yet. The founder of Last Pass is still there. If he leaves, then you might start to worry or look for replacement.
 
tokkun

tokkun

Member
Oct 27, 2017
5,408
Chasex said:
Not sure specifically what the wifi sync is, but Lastpass salts and hashes the password several times over before it gets sent anywhere, so even if it's intercepted in motion, there's basically no way someone is getting your actual password. Let's say someone does intercept your password representation (which already takes some serious shenanigans due to SSL encrypting your internet traffic), at best they are getting your password vault (this is what's stored on Lastpass servers). This vault is AES-256 encrypted so it's not getting broken by brute force. Your computer can decrypt the vault because it alone has the decryption keys.

So they'd need to steal the decryption key from your local PC's, use SSL session hijacking to intercept your password representation in motion, submit that to Lastpass to get your vault, and then finally get your passwords. Hmm yeah I can think of a few ways to make this all happen, but as you can imagine it would be impractical as hell at scale and not worth the effort. You'd have to be a seriously important person, and the attacker be seriously skilled and motivated.

Some parts of this may not be 100% accurate, and I may be missing a layer of tech someplace in here. I literally spent 5 minutes reading an article and a few minutes considering it while writing this on the fly so take it with a grain of salt. The point remains though, it's secure enough for an average user.
Click to expand...
Click to shrink...

I think the biggest risk from the password service model is that you have to trust the client software. Particularly when we are talking about browser plugin-based clients that may be automatically updated. Push a compromised client to the user, and all the security goes out the window.
 
Kayant

Kayant

The Fallen
Oct 25, 2017
759
tx2005 said:
What makes Bitwarden a good choice? Also is there a way to sync between devices and load passwords in my browser?
Click to expand...
Click to shrink...
If you're looking for a direct replacement to Lastpass and are looking for something free and want syncing across all your devices for free then it's the only other one that offers that if am not wrong.
Yes it has extensions for pretty much all major browsers as well as native apps for the big three OS's Linux/Windows/OSX. Your data is synced between these automatically when you log in or manually via the sync button.
Milchmann said:
Has Bitwarden had an audit yet?
Click to expand...
Click to shrink...
Not yet that am aware of but they have a bounty program on Hackerone.
 
dallow_bg

dallow_bg

Member
Oct 28, 2017
10,629
texas
RedValkyrie said:
WiFi Sync allows you to sync the passwords created in the application over WLAN (locally) to all of your devices (with 1Password installed).

Lastpass has encryption but it still allows your passwords to be stored on Dropbox servers (1Password has this feature as well). That's the part I don't feel comfortable with...even with the way it does encryption.

You can avoid that with 1Password's WiFi Sync b/c it never touches another server.
Click to expand...
Click to shrink...
I don't think LastPass uses Dropbox like that, just 1Password.
 
signal

signal

Member
Oct 28, 2017
40,199
bigbump but decided to try out 1password's free trial and not sure if I want to switch from lastpass. They're pretty similar overall but lastpass seems to be smarter at filling in browser fields. At the very least I'm not sure if 1pass is providing anything worth paying for compared to what you get with lastpass for free 🤔
 
Katori

Katori

Member
Oct 30, 2017
309
Really have no issues with 1Password. I felt a little bad that they gimped the paid version I had until I had to buy the subscription, but it's not too much and I use it probably every other hour with all the PC work I do. Well worth $35/yr, works on everything, your data is safe in their cloud or yours.
 
RoadDogg

RoadDogg

Member
Oct 27, 2017
3,062
I was using LastPass for awhile but just switched to bitwarden last week to try something else. They seem to work the same but I like the idea of it being open source
 
Charcoal

Charcoal

Member
Nov 2, 2017
7,520
Hi all, sorry bumping an old thread but it was the most relevant I could find.

It's 2021 now. Is Bitwarden still the hotness, or should I look into something else?
 
ApatheticDolphin

ApatheticDolphin

Member
Oct 25, 2017
1,105
NYC
Do you care about your info being stored in the cloud, or do you want local only?

If so, Bitwarden is still good. If not, 1Password.
 

Deleted member 39374

Banned
Feb 1, 2018
5,083
Been using 1password for years, aside from their scumbag switcheroo to a subscription it's been a great app that integrates tightly into my all apple ecocystem
 
JLP101

JLP101

Member
Oct 25, 2017
2,745
Been using bitwarden for over a year now and have not had any problems. Never used any other password manager so I can't really compare.
 
badboy78660

badboy78660

Member
Oct 27, 2017
2,737
I've been using the standalone license for 1Password for many years, and I think it's great. All my passwords sync to my Dropbox.
 

Deleted member 8901

Account closed at user request
Banned
Oct 26, 2017
2,522
I liked 1Password when it was a buy-once model but I don't think the subscription is worth it. I use Bitwarden now.
 
You must log in or register to reply here.