well, you're unlikely to forget the master password I grant you.....
LogMeIn's purchase of LastPass password manager service was not well received by LastPass users. In fact that outrage was sufficient that LastPass quickly shut down comments on its blog. Why the outrage and who is LogMeIn? LogMeIn may be best known as the company that shut down its free remote desktop sharing service with a …
Thursday 3rd December 2015 10:28 GMT OpinionatedPerson
Thursday 3rd December 2015 10:32 GMT PassiveSmoking
Thursday 3rd December 2015 10:33 GMT Foghorn_Leghorn
Thursday 3rd December 2015 12:22 GMT Ken 16
AD Sync and Browser Integration
I'm currently looking for a solution to simulate single sign on to a remotely hosted web application which has it's own internal user management and doesn't take any of the usual (SAML/JWT) tokens.
LastPass was on the cards but I'm happy to hear alternatives. Who's used something that validates users with an in-house AD before releasing credentials to the browser?
Thursday 3rd December 2015 13:04 GMT Xamol
Why cloud based?
I've tried Keepass, 1Password and some others in the past but settled on LastPass because of the convenience and peace of mind from the zero knowledge setup. In my case, the clincher is that the corporate security policies where I work block access to personal cloud storage providers so using something like Dropbox for sync isn't an option.
I'm a premium subscriber to LastPass so I'll be looking at Dashlane again...
Thursday 3rd December 2015 13:23 GMT Anonymous Coward
Thursday 3rd December 2015 15:39 GMT Dick Head
Thursday 3rd December 2015 17:08 GMT grandours
Requirements for a true LastPass replacement
In no particular order:
1) Ease of use.
2) 2FA including Google Authenticator for smartphone use and Yubikey for desktops/laptops/tablets that have a USB port.
3) Cross-platform (Win, Android, iOS, OS X, Linux)
4) Ability to install Chrome extension without administrator privileges on office workstation (Windows environment).
5) At least as secure as LastPass (obviously).
Thursday 3rd December 2015 19:05 GMT Fred Flintstone
You missed SecureSafe
SecureSafe comes in an app and a web form, and if you stay away from the document features it's basically free.
What puts it above others is IMHO its data inheritance approach: you can set a long password that can be used to access the passwords you store, but only after a waiting period. If you set it, for instance, to a week, you will get a week long messages that someone has activated the inheritance facility, so you can cut off any abuse by simply setting a new password.
It's a brilliant piece of work. Shame they added some upgrade begging to the free app now, but it's IMHO one of the best out there and it has seen some serious auditing.
Thursday 3rd December 2015 19:11 GMT Anonymous Coward
What about Blur?
Anyone have experience using Blur? I signed up for a lifetime account recently and have been running ti in parallel with LastPass with the eventual thought of migrating. I still primarily use LastPass (for the moment) but Blur seems to be a pretty close compare. https://dnt.abine.com/#dashboard
Thursday 3rd December 2015 20:50 GMT inept_lurker
Friday 4th December 2015 16:57 GMT Unubtanium
Re: No love for F-Secure KEY?
I was wondering when someone should mention F-Secure key.
I have been using it for ages and i just love it.
IT is nice and simple and if you pay a bit you get sync too on multiply platforms.
Also i LOVE that they encrypt each entry with a DIFFERENT key, so if you break ONE key you do NOT have ALL the keys. :D
Sunday 6th December 2015 12:48 GMT Anonymous Coward
Hardware based password vault (MOOLTIPASS)
Hardware based USB connected password vault with browser plugin and copy paste works as a HID keyboard so no drivers needed and can manually read details if cant connect to the device.
only thing i dont like is the lack of a keyboard and battery so I am also looking at putting lollipop on an xperia mini pro (https://legacyxperia.github.io/) and keypass or other manager that i can get it to type directly in to field using a USB or Bluetooth connection as the android version can act as a HID device. to reduce attack surface I will remove all other parts of the OS that involve not needed functions and apps except what is required for keypass and USB / Bluetooth connectivity.)
For more security on sites that require it I would like to combine this with a 2fa key that is operated with biometrics rather than just a press button so either iris or fingerprint.
Tuesday 5th January 2016 11:44 GMT rndSheeple
online, local encryption, open source, you can keep offline completely working copies, works with various browsers on various platforms. Mobile version, import/export, one-time passwords for logging in from insecure devices
Sure https is not totally secure, but hey, it's open source so roll your own or use locally only on a mobile device for that purpose only, what ever floats your boat.
Also the open source bit is particularly nice. In security related software.
Tuesday 5th January 2016 11:44 GMT rndSheeple
clipperz, open source with local store, online, mobile versions etc
Time well wasted to read through the features. Been using since testversions personally.
Some might like 1time passwords for logging in from insecure devices, allows for file and other essential data storage on the cards. (I store encryption keys / authentication keys, screenshots for restoring various services if I ever fuck up the password or need to lock down a compromised account)
Also has things like password gen with options, autolock, copy/paste pw without showing them, 1-key lockdown of account, loads more.
Wednesday 6th January 2016 23:09 GMT psychonaut
log me in can fuck off for ever
anything that company does, i will not go any where near or recommend.
they are a cast iron bunch of cunts who should be shot in the face at close range.
the whole lmi free debacle, and the whole lmi paid for debacle following shorty after (my subscription was to go up by 500%, some people were worse off than me), they didnt tell you, removed the "upcoming renewal fee" amount from your account dash board so you couldnt know what they were going to charge you, and then auto charged people. on the forum i was on some people were reporting that they had been auto charged 10's of thousands of dollars, and LMI refused to give it back or cancel the contract even though it was way in excess of what they had paid previously. there was no warning. there was a great thread on lmi's forum about how shit they were being to people, but they have now removed it.
stay clear of this most dastardly of incorporations and anything they do.
bastards. still makes me mad now. (can you tell???!)