nick.knack91011
Disciple
another vote for bitwarden , completely open source , well audited and secure
Is LastPass safe?
- Thread starter sauravghosh
- Start date
sauravghosh
Adept
Tell me something, maybe I am stupid. This open source thingy, how is this better in terms of security? I mean if the source codes- or whatever the more appropriate term is- available for everyone's view, doesn't that also include the scammers/ fraudsters? I had this question in mind for long time.
Less chances of there being a backdoor or bugs in the source code, if more people are reviewing it. Also see https://en.wikipedia.org/wiki/Kerckhoffs's_principle
nick.knack91011
Disciple
Other than what @vishalrao already said , in very basic language there are two ways yous password can be stolen either through some backdoor , holes in code , bug or some kind of way the app maker is storing or or stealing it which can be basically seen if its open source or directly from where its stored ( either your local drive or cloud ). Open source fixes the first part !
For the second part, Regarding passwords they are encrypted using various keys of which you and only you have knowledge of for example a combination of your device id , a bitwarden password you set and only you know , and other specifics . So even if someone does get hand of a password it would be encrypted and cannot be decrypted without knowing the keys . So if its open source and audited it can also be checked that those keys are never stored etc and how secure the code is regarding that also.
So basic example would be lets say your password is saurav and your key is 1 and way of encryption is adding ascii value ( super basic ) so you password becomes incrementing every letter of your password by 1 so saurav is stored as tbvsbw. For someone else to crack it he needs to both know your password and the key and encryption method. With open source we can make sure every key and encyrption method is unique also and never leaves device itself , so even if someone gets to know password in your case tbvsbw he can never know real password. ( This is really basic example in reality encryption is super complicated using various algorithms and uses combination of multiple keys and tons of other factors are involved I am sure etc, maybe someone more knowledgeable can chime in).
Having said all that now recently I have started memorising all my passwords I think its great practice and worse case you can always reset them !
blackscorpio
Disciple
Dashlane, been using it for couple of years now.
sauravghosh
Adept
Thanks for this excellent explanation, really helped amateurs like me. I used to remember my passwords as well but now I'm always stressed and full of anxiety so it's not possible to memorise. I guess I'll just switch to bitwarden from LP.
PS: Btw, Google password manager thingy keeps notifying me that i have many compromised passwords, should I change these? There's a lot of them. This notification came around a month or so back. Has anyone else here received such notification from Google?
raksrules
Elite
Ok so made the move to Bitwarden. It is almost similar to Lastpass and all stuff works like it was working on lastpass on my iPhone. On desktop, one thing I am missing is on the id password field for a website, usually in lastpass, 3 dots icon would come but nothing like that comes with Bitwarden. I have to always go to top right of browser (chrome) and then click the item. Any workaround?
Export from Lastpass and import into Bitwarden was seamless.
Export from Lastpass and import into Bitwarden was seamless.
Press Ctrl + Shift + L it should automatically fill in the login form.
I have been using KeePass across all platforms for several years now by storing the file on Dropbox and now on OneDrive. Not as seamless as having credentials stored on a server but it is the next best thing if you want to control all aspects of password management. But I guess I should finally give Bitwarden a go for convenience purposes.
superczar
Skilled
i probably fall a bit on the paranoid side, especially regarding my financial passwords.
i use icloud and google (with 2FA enabled) for passwords.
between the two, 100% of my needs get covered.
one minor inconvenience is that post a password change, i do need to take a quick glance at the saved passwords on an icloud device for a manual punch and sync.
But it’s not as convenient (or frequent ) as it sounds - and I don’t have to worry about third party leaks.
And while it is possible that iCloud/ Google can also suffer a data leak - but the probability of that occurence is low enough for me to not worry about it.
i use icloud and google (with 2FA enabled) for passwords.
between the two, 100% of my needs get covered.
one minor inconvenience is that post a password change, i do need to take a quick glance at the saved passwords on an icloud device for a manual punch and sync.
But it’s not as convenient (or frequent ) as it sounds - and I don’t have to worry about third party leaks.
And while it is possible that iCloud/ Google can also suffer a data leak - but the probability of that occurence is low enough for me to not worry about it.
nRiTeCh
Skilled
This is pure crap!
Changes to LastPass Free - The LastPass Blog
<i>Update as of May 20, 2021: Free users will continue to receive support for technical issues until August 23, 2021 to assist through the transition of selecting an active device type. After this dat[..]blog.lastpass.com
Guys need suggestions for preferably free or one time payment alternatives or cheap subscription ones. Lastpass is changing its T&C for free accounts to only allow single device type per free account. This won't work if you use lastpass on mobile devices and also laptops and such.
Was using it since a decade+but if this kicks in need to export all the data and import to something worthy but free!
But sadly no pw manager offers what lastpass offers hence their frown crap..
I shifted to bitwarden offers most of the same functionality as lastpass. I would suggest eveyone to do the same. It's secure and easy to use and a much better option than icloud keychain, google passwords and lastpass. Has a great free tier to boot.
nRiTeCh
Skilled
Can we import all lastpass stuff in it without any compromise??
raksrules
Elite
Yes you can. Csv extract from last pass and then import into Bitwarden.
How to migrate from LastPass to Bitwarden Password Manager - gHacks Tech News
Find out how to import your passwords from the LastPass password manager to the Bitwarden password manager.
www.ghacks.net
Security through obscurity never works, and is actively discouraged in all software development. The security of any software should not rely on the code for that software being unknown.
Plus, OS helps with transparency and trust, in that people are able to audit the code and see if it's doing what it says it's doing (there are limits and caveats to this).
Peer review and public audit can also help find bugs or security weaknesses before they're exploited by bad actors.
sauravghosh
Adept
I switched just now. Works just like LP, on PC. Never used anything on mobile. But one thing, for a new login (which is not stored in database) it doesn't pop up asking me whether I want to save that user and pass like LP.
Switched just now to bitwarden, smooth process. Deleted lastpass account
Did you enable the autofill, drawover and other options in the settings on the app?
kewl
Disciple
What if we choose laptop as device type and also use it on mobile browser (may need to change the user agent to desktop)?Changes to LastPass Free - The LastPass Blog
<i>Update as of May 20, 2021: Free users will continue to receive support for technical issues until August 23, 2021 to assist through the transition of selecting an active device type. After this dat[..]
Guys need suggestions for preferably free or one time payment alternatives or cheap subscription ones. Lastpass is changing its T&C for free accounts to only allow single device type per free account. This won't work if you use lastpass on mobile devices and also laptops and such.