<div dir="ltr">Thanks.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2019 at 5:38 PM Tom Henderson <<a href="mailto:thenderson@extremelabs.com">thenderson@extremelabs.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>I've written on the subject of LastPass and other password
managers. It's easier to keep your own list and update it as a
text file with an innocuous name.</p>
<p>Why:</p>
<p>1. Every evil mofo on planet earth is hitting those sites to bust
them open. My honeypots get 30-40,000 hits each and every day at
every possible port #. One imagines that LastPass must be hit with
bazookas 20x <i>that</i> every day. <br>
</p>
<p>2. If you can't for whatever reason, get a circuit to 1Pass,
LastPass, etc., you are screwed as in totally.</p>
<p>3. You will be tempted to use their generated password, whereas
your own password that meets length and broadcharacter set use is
just fine, that is, if you don't use the same stupid password with
variations that are identifiable. There is a feeling that their
password generator isn't so random but it can't be
proven/disproven because there are insufficient samples to judge
this.<br>
</p>
<p>4. You can keyfob your passwords using encryption. Lots of GREAT
encryption software out there. Choose your own randomization seed
+ hashes. Easy to do. 3rd graders can do it.<br>
</p>
<p>5. You should be using easy MFA, like Fido2 and WebAuthN. It's a
simple but highly effective layer to add to your security.<br>
</p>
<p>6. You should also be using TOR, because your browser gets
typified for auth quickly. An IP + browser characteristics
identifies you very simply these days. This is bad.<br>
</p>
<p>7. You can also use SQLite, the database, and obfuscate its file
type and use in place of a text file; never believe that
zip/gzip/7zip's encryption is worth a damn, however, and so
zipping it isn't really useful. <br>
</p>
<p>8. LastPass is a Hungarian company subject to EU and Hungarian
law and liability. Enjoy.</p>
<p>Summary: LastPass and others of its ilk aren't worth it; do it
yourself and save and control your destiny.<br>
</p>
<p>Tom</p>
<p><br>
</p>
<div class="gmail-m_-5990443949161437576moz-cite-prefix">On 7/3/19 4:52 PM, Patrick Corrigan
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks, Mitch, and I might change next year, but it
is the same price as LastPass, which is my big compliant, since
they keep raising the price.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2019 at 1:41 PM
Mitch Wagner <<a href="mailto:mitch@mitchwagner.com" target="_blank">mitch@mitchwagner.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote">
<div dir="ltr">Don't know about easy transition but I've been
reasonably satisfied with 1Password for most of the past 12
years. <br>
<div>
<div dir="ltr" class="gmail-m_-5990443949161437576gmail-m_-8359551398474152451gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><br>
</p>
<p>-- </p>
<p><a href="http://mitchwagner.com/about/" target="_blank">Mitch
Wagner</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2019 at
11:43 AM Patrick Corrigan <<a href="mailto:phcorrigan@gmail.com" target="_blank">phcorrigan@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote">
<div dir="ltr">I just got the bill for my LastPass
renewal. It is now $36/yr. It started at $12/yr., then
went to $24, and now this.
<div><br>
</div>
<div>Does anyone know of an alternative that I could
easily transition to next year?</div>
<div><br>
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail-m_-5990443949161437576gmail-m_-8359551398474152451gmail-m_4960967235108334347gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><br>
Patrick Corrigan<br>
Email: <a href="mailto:phcorrigan@gmail.com" target="_blank">phcorrigan@gmail.com</a><br>
<div><span>LinkedIn: </span><a href="https://www.linkedin.com/in/patrick-h-corrigan-61669422" target="_blank">https://www.linkedin.com/in/patrick-h-corrigan-61669422</a></div>
<div><span>Member, Internet Press Guild
</span><a href="http://www.netpress.org" target="_blank">http://www.netpress.org</a><br>
</div>
<div><br>
</div>
<div>"For every difficult and complex
question there is an answer that is
simple, easily understood and wrong."<br>
H.L. Mencken<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
-- <br>
Ipg-smz mailing list<br>
<a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
<a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" rel="noreferrer" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</blockquote>
</div>
-- <br>
Ipg-smz mailing list<br>
<a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
<a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" rel="noreferrer" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</blockquote>
</div>
<br>
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail-m_-5990443949161437576gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><br>
Patrick Corrigan<br>
Email: <a href="mailto:phcorrigan@gmail.com" target="_blank">phcorrigan@gmail.com</a><br>
<div><span>LinkedIn: </span><a href="https://www.linkedin.com/in/patrick-h-corrigan-61669422" target="_blank">https://www.linkedin.com/in/patrick-h-corrigan-61669422</a></div>
<div><span>Member, Internet Press Guild </span><a href="http://www.netpress.org" target="_blank">http://www.netpress.org</a><br>
</div>
<div><br>
</div>
<div>"For every difficult and complex question there
is an answer that is simple, easily understood and
wrong."<br>
H.L. Mencken<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="gmail-m_-5990443949161437576mimeAttachmentHeader"></fieldset>
</blockquote>
<pre class="gmail-m_-5990443949161437576moz-signature" cols="72">--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc</pre>
</div>
-- <br>
Ipg-smz mailing list<br>
<a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
<a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" rel="noreferrer" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br>Patrick Corrigan<br>Email: <a href="mailto:phcorrigan@gmail.com" target="_blank">phcorrigan@gmail.com</a><br><div><span style="font-size:12.8px">LinkedIn: </span><a href="https://www.linkedin.com/in/patrick-h-corrigan-61669422" target="_blank">https://www.linkedin.com/in/patrick-h-corrigan-61669422</a></div><div><span style="font-size:12.8px">Member, Internet Press Guild </span><a href="http://www.netpress.org" style="font-size:12.8px" target="_blank">http://www.netpress.org</a><br></div><div><br></div><div>"For every difficult and complex question there is an answer that is simple, easily understood and wrong."<br> H.L. Mencken<br></div></div></div></div></div></div></div></div>