Bitcoin Forum
May 08, 2021, 04:52:50 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: {Warning}: Vulnerabilities found on password manager LassPass  (Read 329 times)
Baofeng
Legendary
*
Offline Offline

Activity: 1498
Merit: 1363


View Profile
September 18, 2019, 07:00:14 AM
 #1

Google's project Zero recently revealed that anyone using LassPass is prone to vulnerabilites.



https://twitter.com/taviso/status/1173401754257375232

Good thing though, the people behind LassPass fixed the bug as confirmed here:

https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Quote

Our team recently investigated and resolved a bug affecting certain LastPass extensions. Tavis Ormandy, a security researcher from Google’s Project Zero, responsibly disclosed the issue to us. His report revealed a limited set of circumstances on specific browser extensions that could potentially allow an attacker to create a clickjacking scenario.

We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.  

Additionally, while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, we’ve deployed the update to all browsers.


https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
1620449570
Hero Member
*
Offline Offline

Posts: 1620449570

View Profile Personal Message (Offline)

Ignore
1620449570
Reply with quote  #2

1620449570
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1620449570
Hero Member
*
Offline Offline

Posts: 1620449570

View Profile Personal Message (Offline)

Ignore
1620449570
Reply with quote  #2

1620449570
Report to moderator
1620449570
Hero Member
*
Offline Offline

Posts: 1620449570

View Profile Personal Message (Offline)

Ignore
1620449570
Reply with quote  #2

1620449570
Report to moderator
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 2380
Merit: 2632



View Profile
September 18, 2019, 07:06:31 AM
 #2

Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.

Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.

GreatArkansas
Legendary
*
Offline Offline

Activity: 1218
Merit: 1124


Telegram Bot - @BitcointalkProjectBot


View Profile WWW
September 18, 2019, 07:58:27 AM
 #3

Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.
And Password Safe also which open-sourced password manager same as KeePass.
I created a short tutorial/information before on KeePass password manager here and for Password Safe here.

If we really don't need a password manager or not really required then much better to avoid it, it is really risky especially when you are using those have subscription fees.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
gentlemand
Legendary
*
Offline Offline

Activity: 2576
Merit: 2963


Welt Am Draht


View Profile
September 18, 2019, 09:11:31 AM
 #4

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.
TryNinja
Legendary
*
Offline Offline

Activity: 1736
Merit: 3275


Merit & Notifications bot: @BTTSuperNotifier_bot


View Profile WWW
September 18, 2019, 09:48:14 AM
 #5

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.
So you just repeat your passwords in most websites? This doesn’t seem like the best solution.

Just don’t use any web cloud hosted password manager. Keepass - as suggested above - is pretty good (open source, offline, old enough, etc). If anything, memorize your handful of services and use the password manager for those you don’t care. You don’t care anyways, but at least maintain some security.

bitmover
Legendary
*
Offline Offline

Activity: 1204
Merit: 2438



View Profile WWW
September 18, 2019, 03:53:13 PM
 #6

Lastapss was hacked already at least twice. I don't know why they still have so much support from big companies and so many people still use it.
https://www.cnet.com/forums/discussions/last-pass-hacked-again/


It is even bad for password managers in general. The most used one is hacked all the time, so it is natural that users think"I will just use none password manager, at least I will not be hacked and lose all my passwords at once."

gentlemand
Legendary
*
Offline Offline

Activity: 2576
Merit: 2963


Welt Am Draht


View Profile
September 18, 2019, 03:56:03 PM
 #7

So you just repeat your passwords in most websites? This doesn’t seem like the best solution.

Just don’t use any web cloud hosted password manager. Keepass - as suggested above - is pretty good (open source, offline, old enough, etc). If anything, memorize your handful of services and use the password manager for those you don’t care. You don’t care anyways, but at least maintain some security.

Yup. There's no information of note on any of the said sites so I couldn't care less what happens to them.

One of the increasingly prevalent things that's pissing me off is the inability to access services from whatever machinery I'm using. I want to be able to log in from anywhere using anything, not have to download a program or receive a confirmation email to an address I can't get into without another confirmation email from elsewhere.

That'll do for the important stuff, not the junk.
Harlot
Hero Member
*****
Offline Offline

Activity: 1778
Merit: 666


View Profile
September 18, 2019, 04:35:43 PM
 #8

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.

To be honest you really don't need to store all your passwords in a software. I would understand it if you have a spare offline desktop/laptop where you can store an offline password manager but keeping an online one especially those browser extension password managers is like keeping a list of your accounts in Google Keeps, its really not that safe. I would rather write my passwords in a notebook and hide it somewhere good like in our mini library where I store my past highschool and college notes.
Stedsm
Legendary
*
Offline Offline

Activity: 2394
Merit: 1235



View Profile
September 18, 2019, 05:20:38 PM
 #9

Why not simply use the in-built password manager in any browser like Chrome or Firefox? Do we really need a password managing software here? I save all my passwords generally in Chrome's password manager not just to save my time like gentlemand but most of my saved passwords are from websites where 2fa is required and I don't need the hassle of remembering the password every single time I login there.

My strongest advice here to newbies:
You should never, hear me with fully open ears, never ever go for passwords provided by these password managers because there you are prone to losing almost everything as if they know what you have used (if they don't keep them saved as encrypted with themselves, they can easily know that). I would never prefer any such services where such suggestions are given, but would rather stick to my old techniques.

███████████████████████████
███████████████████████████
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█████████
████████████▀▀       ▀▀████
█████▀▀▀▀▀▀             ███
██████████    ▄█████▄    ██
██████████    ███████    ██
██████████    ▀█████▀    ██
█████▄▄▄▄▄▄             ███
████████████▄▄       ▄▄████
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████████
███████████████████████████
███████████████████████████
.
.ROLLBIT..
THE SOCIAL & PROVABLY FAIR
CRYPTO CASINO

                TWITTER     |     DISCORD               
●  Instant Deposits & Withdrawals
●  Rakeback & Level Up Bonuses
●  Live Customer Support
..PLAY NOW..
Kyraishi
Hero Member
*****
Offline Offline

Activity: 770
Merit: 510



View Profile
September 19, 2019, 12:08:59 AM
Merited by magneto (2)
 #10

Don't use online password generators/holders, it's like the same argument of centralization vs decentralization again, where Lastpass is an application that has all of your information, and could randomly go bust one day and start hacking into their customer's accounts (because we all know they can do that). Using another system that is offline, or even going super old school and generating your old password and writing it down on a piece of paper gives you control over everything and is the safest, and is the bet I'd recommend most people to go with.

To be honest, just make your own passwords by mashing the keyboard (eg 087asf*)&G), and then write it down a piece of paper, that's 100 percent the safer bet.

Lastapss was hacked already at least twice. I don't know why they still have so much support from big companies and so many people still use it.
https://www.cnet.com/forums/discussions/last-pass-hacked-again/


It is even bad for password managers in general. The most used one is hacked all the time, so it is natural that users think"I will just use none password manager, at least I will not be hacked and lose all my passwords at once."
Because people don't like change and are sometimes oblivious to the news, I doubt that over half of the people that use lastpass knew that they got hacked, and the people that did know, probably couldn't bother moving all their passwords.

Why not simply use the in-built password manager in any browser like Chrome or Firefox? Do we really need a password managing software here? I save all my passwords generally in Chrome's password manager not just to save my time like gentlemand but most of my saved passwords are from websites where 2fa is required and I don't need the hassle of remembering the password every single time I login there.
Because Chrome and Firefox password savers are the same as giving out your information to LastPass, they still have access to your information, and lastpass works better then chrome, and has a lot more features then them.

.
.
        ▄▄▄▄▄▄▄
       ████████     ▄█▄▄
       ▀█▀▀▀▀▀▀█▀   ▄██████
         ▀▀▀▀▀▀    ███████▀
 ▄▄███▄▄          ███████▀
█████████▄        █████▀
███████████▄       ▀▀▀▀
▀████████████▄
 ▀████████████▄
  ▀████████████▄
    ▀███████████
      ▀████████▀
        ▀▀████▀
        ▄▄▄▄▄▄▄
       ████████     ▄█▄▄
       ▀█▀▀▀▀▀▀█▀   ▄██████
         ▀▀▀▀▀▀    ███████▀
 ▄▄███▄▄          ███████▀
█████████▄        █████▀
███████████▄       ▀▀▀▀
▀████████████▄
 ▀████████████▄
  ▀████████████▄
    ▀███████████
      ▀████████▀
        ▀▀████▀
.
..Learn More..
TwitchySeal
Legendary
*
Offline Offline

Activity: 1470
Merit: 1455


Join the world-leading crypto sportsbook NOW!


View Profile
September 19, 2019, 03:14:49 AM
Last edit: September 19, 2019, 03:46:43 AM by TwitchySeal
 #11

Lastapss was hacked already at least twice. I don't know why they still have so much support from big companies and so many people still use it.
https://www.cnet.com/forums/discussions/last-pass-hacked-again/


It is even bad for password managers in general. The most used one is hacked all the time, so it is natural that users think"I will just use none password manager, at least I will not be hacked and lose all my passwords at once."

It's a pretty good product for non-technical people that don't need to worry about protecting private keys but want to have strong unique passwords for each site, across multiple devices, without much hassle.


And they really don't get hacked all the time.  They have a decent bug bounty program and report whenever a vulnerability is brought to their attention (after it's patched).  To my knowledge, none of the vulnerabilities have ever been exploited. (edit: I guess someone got hold of a bunch of salted hashes back in 2015, so that's a hack)

Quote
To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times. This exploit may result in the last site credentials filled by LastPass to be exposed.

Of course, if you're using a device to move more than a little bit of any cryptocurrency it would be silly to trust a web based password manager.

  ▄▄█████▄▄███████▄▄
 ███████████
     ▀▀███▄
█████████████        ▀██▄
█████████████          ██▄
███████████            ██▄
██▀▀█████▀▀              ██
██                       ██
██                       ██
▀██                     ██▀
 ▀██                   ██▀
  ▀██▄               ▄██▀
    ▀███▄▄       ▄▄███▀
       ▀▀█████████▀▀
███████████    LEADING CRYPTO SPORTSBOOK & CASINO    ███████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
..PLAY NOW!..
Stedsm
Legendary
*
Offline Offline

Activity: 2394
Merit: 1235



View Profile
September 19, 2019, 03:21:18 AM
 #12

Why not simply use the in-built password manager in any browser like Chrome or Firefox? Do we really need a password managing software here? I save all my passwords generally in Chrome's password manager not just to save my time like gentlemand but most of my saved passwords are from websites where 2fa is required and I don't need the hassle of remembering the password every single time I login there.
Because Chrome and Firefox password savers are the same as giving out your information to LastPass, they still have access to your information, and lastpass works better then chrome, and has a lot more features then them.

Well then, that remains the case with all types of password managers even if they provide better features because if they don't know your password, how will they engage with the website and pass your password ahead from their database.

http://techgenix.com/are-password-managers-security/

An article I read, said that in 2018, two of the most popular password managers OneLogin and LastPass (which OP alerted about) were hacked and sensitive data of customers got leaked due to the same. I know that browsers are more vulnerable to attacks in comparison to these managers, but now I'd rather choose to save my username and passwords in either Notepad or create a table/sheet in Microsoft Word/Excel and save it there and keep the document saved in a USB rather than keeping in a PC which remains connected to internet.

███████████████████████████
███████████████████████████
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█████████
████████████▀▀       ▀▀████
█████▀▀▀▀▀▀             ███
██████████    ▄█████▄    ██
██████████    ███████    ██
██████████    ▀█████▀    ██
█████▄▄▄▄▄▄             ███
████████████▄▄       ▄▄████
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████████
███████████████████████████
███████████████████████████
.
.ROLLBIT..
THE SOCIAL & PROVABLY FAIR
CRYPTO CASINO

                TWITTER     |     DISCORD               
●  Instant Deposits & Withdrawals
●  Rakeback & Level Up Bonuses
●  Live Customer Support
..PLAY NOW..
DarkStar_
Legendary
*
Offline Offline

Activity: 2058
Merit: 2600


Join the world-leading crypto sportsbook NOW!


View Profile WWW
September 19, 2019, 04:47:47 AM
 #13

I'd rather choose to save my username and passwords in either Notepad or create a table/sheet in Microsoft Word/Excel and save it there and keep the document saved in a USB rather than keeping in a PC which remains connected to internet.

That's even worse as there's no encryption. If someone finds your USB, say goodbye to all of your logins. You're also plugging the USB into a internet connected computer most likely when you need to login. The LastPass vulnerability was most likely never used until it was patched and it still required a very specific situation.

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.

Even one which is Free and Open Source?

Keepass is a good one that was already mentioned. I personally use Bitwarden, and I haven't had any complaints there.

Stedsm
Legendary
*
Offline Offline

Activity: 2394
Merit: 1235



View Profile
September 19, 2019, 05:02:13 AM
 #14

I'd rather choose to save my username and passwords in either Notepad or create a table/sheet in Microsoft Word/Excel and save it there and keep the document saved in a USB rather than keeping in a PC which remains connected to internet.

That's even worse as there's no encryption. If someone finds your USB, say goodbye to all of your logins. You're also plugging the USB into a internet connected computer most likely when you need to login. The LastPass vulnerability was most likely never used until it was patched and it still required a very specific situation.

If it is of a specific brand that enables encryption of data by allowing us to put up a password before any of the data of that USB be used, and the password is an extremely complex one, will it still be possible for someone getting my USB to crack that password and/or encryption and take away all the data in that USB?

███████████████████████████
███████████████████████████
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█████████
████████████▀▀       ▀▀████
█████▀▀▀▀▀▀             ███
██████████    ▄█████▄    ██
██████████    ███████    ██
██████████    ▀█████▀    ██
█████▄▄▄▄▄▄             ███
████████████▄▄       ▄▄████
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████████
███████████████████████████
███████████████████████████
.
.ROLLBIT..
THE SOCIAL & PROVABLY FAIR
CRYPTO CASINO

                TWITTER     |     DISCORD               
●  Instant Deposits & Withdrawals
●  Rakeback & Level Up Bonuses
●  Live Customer Support
..PLAY NOW..
DarkStar_
Legendary
*
Offline Offline

Activity: 2058
Merit: 2600


Join the world-leading crypto sportsbook NOW!


View Profile WWW
September 19, 2019, 05:12:31 AM
 #15

I'd rather choose to save my username and passwords in either Notepad or create a table/sheet in Microsoft Word/Excel and save it there and keep the document saved in a USB rather than keeping in a PC which remains connected to internet.

That's even worse as there's no encryption. If someone finds your USB, say goodbye to all of your logins. You're also plugging the USB into a internet connected computer most likely when you need to login. The LastPass vulnerability was most likely never used until it was patched and it still required a very specific situation.

If it is of a specific brand that enables encryption of data by allowing us to put up a password before any of the data of that USB be used, and the password is an extremely complex one, will it still be possible for someone getting my USB to crack that password and/or encryption and take away all the data in that USB?

It depends. Is it open source software that uses a tried and true method of encryption, or does it use a proprietary algorithm?

Keep in mind that a USB is also inconvenient. If you're using a non personal computer and needed to access your accounts, you likely wouldn't be able to connect the USB to your phone to find your passwords. Most password managers have apps that you can use.

slaman29
Sr. Member
****
Offline Offline

Activity: 1554
Merit: 408


★Bitvest.io★ Play Plinko or Invest!


View Profile
September 19, 2019, 05:16:36 AM
 #16

Well, I personally think most open source projects are fine to use. People find bugs and vulnerabilities in coding all the time. That's good. And when they're open source they get fixed very quickly and that's also good.

I do worry when things like these happen though and someone manages to get my data in the few hours the vulnerabilities aren't fixed.



BIG WINNER!
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
LuckyBtc
Legendary
*
Offline Offline

Activity: 1288
Merit: 1011


View Profile
September 19, 2019, 07:16:17 AM
 #17

How about using Trezor's password manager? Is it any good? Anyone using it here? I'm thinking of buying another device to use it as password manager as well keep small amount of Bitcoin for spending.
gentlemand
Legendary
*
Offline Offline

Activity: 2576
Merit: 2963


Welt Am Draht


View Profile
September 19, 2019, 09:19:29 AM
 #18

How about using Trezor's password manager? Is it any good? Anyone using it here? I'm thinking of buying another device to use it as password manager as well keep small amount of Bitcoin for spending.

Weird how rarely it's mentioned.

In some ways it would be more convenient, others less. I don't fancy having to haul it around every time I wanted to access something but at least it would be more secure than downloading some program to every computer I wanted to access sites through.
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 2380
Merit: 2632



View Profile
September 19, 2019, 09:52:37 AM
 #19

How about using Trezor's password manager? Is it any good? Anyone using it here? I'm thinking of buying another device to use it as password manager as well keep small amount of Bitcoin for spending.

In terms of security, Trezor might be better than KeePass but I find TPM to be inconvenient because:

1. The software is only available for Chrome/chromium-based browsers.
2. You can't use it offline, and you need a Google Drive/Dropbox account.

It should be possible to create your offline password manager (to communicate with your Trezor) though, as the format for password storage is available, but that's clearly not something the average user would be able to do.

Kyraishi
Hero Member
*****
Offline Offline

Activity: 770
Merit: 510



View Profile
September 19, 2019, 10:07:36 AM
 #20

Why not simply use the in-built password manager in any browser like Chrome or Firefox? Do we really need a password managing software here? I save all my passwords generally in Chrome's password manager not just to save my time like gentlemand but most of my saved passwords are from websites where 2fa is required and I don't need the hassle of remembering the password every single time I login there.
Because Chrome and Firefox password savers are the same as giving out your information to LastPass, they still have access to your information, and lastpass works better then chrome, and has a lot more features then them.

Well then, that remains the case with all types of password managers even if they provide better features because if they don't know your password, how will they engage with the website and pass your password ahead from their database.

http://techgenix.com/are-password-managers-security/

An article I read, said that in 2018, two of the most popular password managers OneLogin and LastPass (which OP alerted about) were hacked and sensitive data of customers got leaked due to the same. I know that browsers are more vulnerable to attacks in comparison to these managers, but now I'd rather choose to save my username and passwords in either Notepad or create a table/sheet in Microsoft Word/Excel and save it there and keep the document saved in a USB rather than keeping in a PC which remains connected to internet.
Yep. My point exactly. Most password managers I know like Onelogin, Lastpass, Google password manager, Firefox password manager are all ticking time bombs and for each of these services the company behind it has full access to your passwords, what sites you want to use the passwords on, and could probably also bypass 2-fa (Lastpass has a 2-fa generator, but I'm assuming it goes through their services and they could avoid that if they wanted to as well).

Saving your passwords in a digital form is probably worse than using any of those password managers. The chance of your PC getting hacked via a RAT or something is way higher then a million-dollar company getting hacked and it's a ticking time bomb, and a roadmap to your identify if your PC ever get hacked.

Use an offline password manager, or write down your passwords on a piece of paper and stick it behind your desk, out of sight. Keeping things offline is way better than using notepad or a password manager.

.
.
        ▄▄▄▄▄▄▄
       ████████     ▄█▄▄
       ▀█▀▀▀▀▀▀█▀   ▄██████
         ▀▀▀▀▀▀    ███████▀
 ▄▄███▄▄          ███████▀
█████████▄        █████▀
███████████▄       ▀▀▀▀
▀████████████▄
 ▀████████████▄
  ▀████████████▄
    ▀███████████
      ▀████████▀
        ▀▀████▀
        ▄▄▄▄▄▄▄
       ████████     ▄█▄▄
       ▀█▀▀▀▀▀▀█▀   ▄██████
         ▀▀▀▀▀▀    ███████▀
 ▄▄███▄▄          ███████▀
█████████▄        █████▀
███████████▄       ▀▀▀▀
▀████████████▄
 ▀████████████▄
  ▀████████████▄
    ▀███████████
      ▀████████▀
        ▀▀████▀
.
..Learn More..
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!