[Ipg-smz] Alternatives to LastPass

Tue Jul 16 19:42:17 UTC 2019

Thanks.

On Wed, Jul 3, 2019 at 5:38 PM Tom Henderson <thenderson at extremelabs.com>
wrote:

> I've written on the subject of LastPass and other password managers. It's
> easier to keep your own list and update it as a text file with an innocuous
> name.
>
> Why:
>
> 1. Every evil mofo on planet earth is hitting those sites to bust them
> open. My honeypots get 30-40,000 hits each and every day at every possible
> port #. One imagines that LastPass must be hit with bazookas 20x *that*
> every day.
>
> 2. If you can't for whatever reason, get a circuit to 1Pass, LastPass,
> etc., you are screwed as in totally.
>
> 3. You will be tempted to use their generated password, whereas your own
> password that meets length and broadcharacter set use is just fine, that
> is, if you don't use the same stupid password with variations that are
> identifiable. There is a feeling that their password generator isn't so
> random but it can't be proven/disproven because there are insufficient
> samples to judge this.
>
> 4. You can keyfob your passwords using encryption. Lots of GREAT
> encryption software out there. Choose your own randomization seed + hashes.
> Easy to do. 3rd graders can do it.
>
> 5. You should be using easy MFA, like Fido2 and WebAuthN. It's a simple
> but highly effective layer to add to your security.
>
> 6. You should also be using TOR, because your browser gets typified for
> auth quickly. An IP + browser characteristics identifies you very simply
> these days. This is bad.
>
> 7. You can also use SQLite, the database, and obfuscate its file type and
> use in place of a text file; never believe that zip/gzip/7zip's encryption
> is worth a damn, however, and so zipping it isn't really useful.
>
> 8. LastPass is a Hungarian company subject to EU and Hungarian law and
> liability. Enjoy.
>
> Summary: LastPass and others of its ilk aren't worth it; do it yourself
> and save and control your destiny.
>
> Tom
>
>
> On 7/3/19 4:52 PM, Patrick Corrigan wrote:
>
> Thanks, Mitch, and I might change next year, but it is the same price as
> LastPass, which is my big compliant, since they keep raising the price.
>
> On Wed, Jul 3, 2019 at 1:41 PM Mitch Wagner <mitch at mitchwagner.com> wrote:
>
>> Don't know about easy transition but I've been reasonably satisfied with
>> 1Password for most of the past 12 years.
>>
>>
>> --
>>
>> Mitch Wagner <http://mitchwagner.com/about/>
>>
>>
>> On Wed, Jul 3, 2019 at 11:43 AM Patrick Corrigan <phcorrigan at gmail.com>
>> wrote:
>>
>>> I just got the bill for my LastPass renewal. It is now $36/yr. It
>>> started at $12/yr., then went to $24, and now this.
>>>
>>> Does anyone know of an alternative that I could easily transition to
>>> next year?
>>>
>>>
>>> --
>>>
>>> Patrick Corrigan
>>> Email: phcorrigan at gmail.com
>>> LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
>>> Member, Internet Press Guild http://www.netpress.org
>>>
>>> "For every difficult and complex question there is an answer that is
>>> simple, easily understood and wrong."
>>>       H.L. Mencken
>>> --
>>> Ipg-smz mailing list
>>> Ipg-smz at netpress.org
>>> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>>>
>> --
>> Ipg-smz mailing list
>> Ipg-smz at netpress.org
>> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>>
>
>
> --
>
> Patrick Corrigan
> Email: phcorrigan at gmail.com
> LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
> Member, Internet Press Guild http://www.netpress.org
>
> "For every difficult and complex question there is an answer that is
> simple, easily understood and wrong."
>       H.L. Mencken
>
> --
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646
> Twitter: @extremelabs
> Skype: extremelabsinc
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>

-- 

Patrick Corrigan
Email: phcorrigan at gmail.com
LinkedIn: https://www.linkedin.com/in/patrick-h-corrigan-61669422
Member, Internet Press Guild http://www.netpress.org

"For every difficult and complex question there is an answer that is
simple, easily understood and wrong."
      H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190716/e294a9f4/attachment.html>