[Ipg-smz] Alternatives to LastPass
Tom Henderson
thenderson at extremelabs.com
Thu Jul 4 00:37:59 UTC 2019
I've written on the subject of LastPass and other password managers.
It's easier to keep your own list and update it as a text file with an
innocuous name.
Why:
1. Every evil mofo on planet earth is hitting those sites to bust them
open. My honeypots get 30-40,000 hits each and every day at every
possible port #. One imagines that LastPass must be hit with bazookas
20x /that/ every day.
2. If you can't for whatever reason, get a circuit to 1Pass, LastPass,
etc., you are screwed as in totally.
3. You will be tempted to use their generated password, whereas your own
password that meets length and broadcharacter set use is just fine, that
is, if you don't use the same stupid password with variations that are
identifiable. There is a feeling that their password generator isn't so
random but it can't be proven/disproven because there are insufficient
samples to judge this.
4. You can keyfob your passwords using encryption. Lots of GREAT
encryption software out there. Choose your own randomization seed +
hashes. Easy to do. 3rd graders can do it.
5. You should be using easy MFA, like Fido2 and WebAuthN. It's a simple
but highly effective layer to add to your security.
6. You should also be using TOR, because your browser gets typified for
auth quickly. An IP + browser characteristics identifies you very simply
these days. This is bad.
7. You can also use SQLite, the database, and obfuscate its file type
and use in place of a text file; never believe that zip/gzip/7zip's
encryption is worth a damn, however, and so zipping it isn't really useful.
8. LastPass is a Hungarian company subject to EU and Hungarian law and
liability. Enjoy.
Summary: LastPass and others of its ilk aren't worth it; do it yourself
and save and control your destiny.
Tom
On 7/3/19 4:52 PM, Patrick Corrigan wrote:
> Thanks, Mitch, and I might change next year, but it is the same price
> as LastPass, which is my big compliant, since they keep raising the price.
>
> On Wed, Jul 3, 2019 at 1:41 PM Mitch Wagner <mitch at mitchwagner.com
> <mailto:mitch at mitchwagner.com>> wrote:
>
> Don't know about easy transition but I've been reasonably
> satisfied with 1Password for most of the past 12 years.
>
>
> --
>
> Mitch Wagner <http://mitchwagner.com/about/>
>
>
>
> On Wed, Jul 3, 2019 at 11:43 AM Patrick Corrigan
> <phcorrigan at gmail.com <mailto:phcorrigan at gmail.com>> wrote:
>
> I just got the bill for my LastPass renewal. It is now $36/yr.
> It started at $12/yr., then went to $24, and now this.
>
> Does anyone know of an alternative that I could easily
> transition to next year?
>
>
> --
>
> Patrick Corrigan
> Email: phcorrigan at gmail.com <mailto:phcorrigan at gmail.com>
> LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
> Member, Internet Press Guild http://www.netpress.org
>
> "For every difficult and complex question there is an answer
> that is simple, easily understood and wrong."
> H.L. Mencken
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org>
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org>
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
>
>
> --
>
> Patrick Corrigan
> Email: phcorrigan at gmail.com <mailto:phcorrigan at gmail.com>
> LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
> Member, Internet Press Guild http://www.netpress.org
>
> "For every difficult and complex question there is an answer that is
> simple, easily understood and wrong."
> H.L. Mencken
>
--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190703/5883d08c/attachment-0001.html>
More information about the Ipg-smz
mailing list