[SOLVED] Keepass versus Lastpass

fettouhi · 2013-04-28 08:37:58

I was wondering what people here use to store their passwords. I've been looking into Keepass and Lastpass for a while. I like that keepass is open source even though the linux version is running on mono but lastpass on the other hand this very nice central storage of the database on their servers though. So I would like to hear some feedback from people...

Many thanks

EDIT: I went with Lastpass in the end . Many thanks for all the suggestions from everybody!

Last edited by fettouhi (2013-12-08 14:39:25)

jasonwryan · 2013-04-28 09:45:08

Keepass without mono: https://bbs.archlinux.org/viewtopic.php?pid=1155007

# edit: are you sure about the mono dependency?

fettouhi · 2013-04-28 10:05:57

jasonwryan wrote:

Keepass without mono: https://bbs.archlinux.org/viewtopic.php?pid=1155007

# edit: are you sure about the mono dependency?

Yep, just look under dependencies

https://aur.archlinux.org/packages/keepass/

unless you are referring to keepassx?

ninian · 2013-04-28 12:54:13

Have tried quite a few over the years on Linux and Windows, but did not wish to have the overheads of Mono and .NET. Cross-platform and portability (like running from a USB flash drive) were much more important to me.
Both KeepassX and Password Safe are pretty good and cross-platform, but LastPass is hard to beat for sheer convenience and utility everywhere. But of course you have to trust the LastPass people and their security model ...

thisoldman · 2013-04-28 13:34:05

Keepassx is workable using a service like Dropbox or keeping a database copy on a USB flash drive. It's only a minor annoyance for me to keep the flash drive database in sync with my master copy.

Keepassx only has a few listed dependencies in Arch: libxtst, qt4, and shared-mime-info.

jasonwryan · 2013-04-28 17:58:05

fettouhi wrote:

jasonwryan wrote:
Keepass without mono: https://bbs.archlinux.org/viewtopic.php?pid=1155007

# edit: are you sure about the mono dependency?
Yep, just look under dependencies
https://aur.archlinux.org/packages/keepass/
unless you are referring to keepassx?

Yes, I was.

AndrzejL · 2013-04-28 18:17:12

fettouhi wrote:

I was wondering what people here use to store their passwords.

LastPass (as in Firefox addon) user for I think two years now. I am very happy with it.

Regards.

Andrzej

Last edited by AndrzejL (2013-04-28 18:18:36)

twelveeighty · 2013-04-28 18:58:44

Yeah - LastPass all the way for me too. I run it also on all my mobile devices too; worth the couple of bucks they charge you for it. Can't beat it...

Just be sure to have a super complicated pass *phrase* as your LastPass vault password.

frudox · 2013-04-28 19:13:38

I tried KeePassX. The password generator is handy.

But I ultimately went with the OpenSSL vim plugin, using AES. The thing I like about it is it's very simple to use. It's just an encrypted text file, with exactly one feature: folding on ==Header==. You press spacebar, the header unfolds, you type in whatever you want to store with the account name. Because it's just text, it's entirely flexible. You can store email addresses, reminder questions, usernames, and anything else you need. Backing it up is as simple as copying a single file wherever you need it.

Gumper · 2013-04-29 01:46:44

I switched over from Keepassx to Lastpass several months back and it works really well for me. It's so much more convenient that Keepassx.

Once Lastpass is configured for the sites that you visit, it really simplifies logging into these sites. After entering your master password, logging into the sites is petty much seamless.

I'm using a Yubikey as well for multifactor authentication.

murffatksig · 2013-04-29 01:53:20

Been using lastpass for a few years on all my devices (linux, mac, win). Works well.

dodo3773 · 2013-04-29 03:03:00

Been a happy keepassx user for a while. I think the reason I initially chose it over lastpass was because lastpass (I think) stored passwords in the cloud while keepassx kept them in an encrypted database on my hard drive. That was the determining factor for me. Plus it does autofill with a hotkey, can customize to include the <space> key before logging in (the little remember me checkbox (some sights need this so they don't automatically log you off after a period of time / leaving the page etc..)).

illusionist · 2013-04-29 03:14:47

I use keepassx both on linux and windows. Call me paranoid but for some obvious reasons I don't trust lastpass. I can't sleep well with the thought of having my username and password stored on a server at unknown location. No matter what "passphrase" or some fancy security protocol they follow, it is not hard for an attacker to retrieve the information. This may sound like a rant but seriously I don't want to start any sort of flame war or something. I just dropped my 2 cents.

dodo3773 · 2013-04-29 03:22:48

illusionist wrote:

I use keepassx both on linux and windows. Call me paranoid but for some obvious reasons I don't trust lastpass. I can't sleep well with the thought of having my username and password stored on a server at unknown location. No matter what "passphrase" or some fancy security protocol they follow, it is not hard for an attacker to retrieve the information. This may sound like a rant but seriously I don't want to start any sort of flame war or something. I just dropped my 2 cents.

Yeah I agree with this. Part of what I was getting at in my post as well.

firecat53 · 2013-04-29 03:37:58

Likewise here....I prefer having at least _some_ control of my passwords! Keepass{x,c} work great with Dropbox and across all our linux, windows and android devices. Keepassc is a nice command line version of keepassx if you're in to that sort of thing :-;

Scott

Mr.Elendig · 2013-04-29 11:20:59

Personally I don't like the idea of storing my passwords on a cloud, also the db that keepass(x|-cli) uses is portable and understood by several other tools, which can be a big advantage.

fettouhi · 2013-04-29 21:10:02

Does keepassc support autofilling username and passwords in webpages or is that only keepassx/keepass? How stable is keepassx2?

firecat53 · 2013-04-29 22:03:50

fettouhi wrote:

Does keepassc support autofilling username and passwords in webpages or is that only keepassx/keepass?

You can copy username and password to the clipboard for pasting, but only one at a time. It does not have the 'autofill' feature of keepassx.

Scott

cfr · 2013-04-29 23:54:13

Is there a reason not to use e.g. Firefox's built in password management? (Though I admit I miss OS X's keychain application for everything else.) With e.g. the secure login extension and a master password?

ewaller · 2013-04-30 01:07:11

Lastpass for many things online. Something else for things more critical to me. Nothing but 'wetware' for things for which I could be prosecuted should they be compromised (and no, don't ask, nothing illegal)

spsf64 · 2013-04-30 04:06:11

Lastpass for everything except online banking, for these, I just trust my brain!

ninian · 2013-04-30 07:56:55

illusionist wrote:

Call me paranoid but for some obvious reasons I don't trust lastpass. I can't sleep well with the thought of having my username and password stored on a server at unknown location. No matter what "passphrase" or some fancy security protocol they follow, it is not hard for an attacker to retrieve the information.

Having a look here may help to answer of some of queries doubters have about LastPass. For example:

All encryption/decryption occurs on your computer, not on our servers.
This means that your sensitive data does not travel over the Internet and it
never touches our servers, only the encrypted data does ...
Your encryption key is created from your email address and Master Password.
Your Master Password is never sent to LastPass, only a one-way hash of your
password when authenticating, which means that the components that make up
your key remain local.

AndrzejL · 2013-04-30 08:35:16

I would recommend listening to Security Now episode 256 - it's the episode where Steve Gibson explains the crypto behind LastPass.

http://www.youtube.com/watch?v=r9Q_anb7pwg

Sounds good enough for me to be honest.

Regards.

Andrzej

ninian · 2013-04-30 09:18:43

AndrzejL wrote:

I would recommend listening to Security Now episode 256 - it's the episode where Steve Gibson explains the crypto behind LastPass.
http://www.youtube.com/watch?v=r9Q_anb7pwg

I had forgotten about that - it is indeed very helpful.

Mr.Elendig · 2013-04-30 09:45:02

cfr wrote:

Is there a reason not to use e.g. Firefox's built in password management? (Though I admit I miss OS X's keychain application for everything else.) With e.g. the secure login extension and a master password?

gnome-keyring/libsecret can be compared to the osX keychain. Lots of apps supports it.

Edit:

My dislike for lastpass is just as much that you need a working connection to use it, (unless you also keep a local copy of the wallet, in which case you can just as well just use keepassx or similar)

Last edited by Mr.Elendig (2013-04-30 09:46:41)

Arch Linux

#1 2013-04-28 08:37:58

[SOLVED] Keepass versus Lastpass

#2 2013-04-28 09:45:08

Re: [SOLVED] Keepass versus Lastpass

#3 2013-04-28 10:05:57

Re: [SOLVED] Keepass versus Lastpass

#4 2013-04-28 12:54:13

Re: [SOLVED] Keepass versus Lastpass

#5 2013-04-28 13:34:05

Re: [SOLVED] Keepass versus Lastpass

#6 2013-04-28 17:58:05

Re: [SOLVED] Keepass versus Lastpass

#7 2013-04-28 18:17:12

Re: [SOLVED] Keepass versus Lastpass

#8 2013-04-28 18:58:44

Re: [SOLVED] Keepass versus Lastpass

#9 2013-04-28 19:13:38

Re: [SOLVED] Keepass versus Lastpass

#10 2013-04-29 01:46:44

Re: [SOLVED] Keepass versus Lastpass

#11 2013-04-29 01:53:20

Re: [SOLVED] Keepass versus Lastpass

#12 2013-04-29 03:03:00

Re: [SOLVED] Keepass versus Lastpass

#13 2013-04-29 03:14:47

Re: [SOLVED] Keepass versus Lastpass

#14 2013-04-29 03:22:48

Re: [SOLVED] Keepass versus Lastpass

#15 2013-04-29 03:37:58

Re: [SOLVED] Keepass versus Lastpass

#16 2013-04-29 11:20:59

Re: [SOLVED] Keepass versus Lastpass

#17 2013-04-29 21:10:02

Re: [SOLVED] Keepass versus Lastpass

#18 2013-04-29 22:03:50

Re: [SOLVED] Keepass versus Lastpass

#19 2013-04-29 23:54:13

Re: [SOLVED] Keepass versus Lastpass

#20 2013-04-30 01:07:11

Re: [SOLVED] Keepass versus Lastpass

#21 2013-04-30 04:06:11

Re: [SOLVED] Keepass versus Lastpass

#22 2013-04-30 07:56:55

Re: [SOLVED] Keepass versus Lastpass

#23 2013-04-30 08:35:16

Re: [SOLVED] Keepass versus Lastpass

#24 2013-04-30 09:18:43

Re: [SOLVED] Keepass versus Lastpass

#25 2013-04-30 09:45:02

Re: [SOLVED] Keepass versus Lastpass

Board footer