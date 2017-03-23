Hacker News new | comments | show | ask | jobs | submit login
LastPass: Security done wrong (palant.de)
63 points by wallunit 53 minutes ago | hide | past | web | 27 comments | favorite





I wonder if 1Password is equally susceptible or less so, due to the way that the extension works. Because 1Password has a native application, I believe the browser extensions merely communicate with the native application to retrieve passwords to fill when needed, instead of handling your whole decrypted vault.

reply


What to use instead that doesn't fall into the same situation and offers decent mobile/browser support?

reply


I signed my family up for 1Password a month ago and love it so far.

Here's the 1Password Security Design Whitepaper: https://1password.com/files/1Password%20for%20Teams%20White%...

reply


1Password has no Linux support so it's not really a drop in replacement. Android autofill functionality is also significantly worse.

reply


I would say Keepass 2 and Keepass2Android.

reply


https://enpass.io

reply


I used it (1P) and it was super, but mac only - no Linux client. Just switched over to Enpass, and its very like 1Password, only they do provide a linux client. So far its great, very happy with it. * reply to comment above re 1Password

reply


1Password is different from LastPass; the article is about the latter.

reply


Yip, misreplyed to a comment asking about 1Password

reply


This is about Lastpass, not 1Password.

reply


Commentary / Opinions on how this compares to a KeePass+DropBox solution would be quite interesting to me.

It seems password managers please some of the people some of the time, and unnerve many of the people all of the time.

reply


I use KeePass+SFTP personally. Something like a password manager I won't trust to a cloud service.

reply


Interested to hear what the HN community thinks about 1Password

reply


I used 1Password for quite a long time but have since switched to LastPass mostly due to Linux compatibility and u2f integration

reply


1password's Windows version does run under Wine, including the browser extension. It's been a while since I did it, but I think there was some sort of browser extension validation feature that had to be disabled. Not 100% up to the security standards of their other platforms, but it's functional.

reply


LastPass currently does not support U2F officially [0]. How are you using U2F with LastPass?

[0] https://lastpass.com/support.php?cmd=showfaq&id=8126

reply


LastPass does not have u2f yet, do you mean 2Fa? They have Yubi Cloud, but not u2f.

reply


My mistake, yes, 2fa

reply


I've taken it as a sign that 1Password must be a fairly good choice as I very, very rarely see it pop up on here.

reply


That could also indicate fewer people use it?

reply


I like it. I'd give them a 10/10 if they'd offer a Linux client, too. An official API would be nice as well.

reply


I really like it. Much nicer to use than Lastpass in my opinion.

reply


How about Enpass?

reply


Uses SQL Cipher, which uses "Algorithms provided by the peer reviewed OpenSSL crypto library".

Given all the problems with OpenSSL, I really wished they used something like BoringSSL.

reply


http://keepass.info/ is awesome.

Put your keyfile on Dropbox/OneDrive/whatever so it syncs to all your computers.

Keepass2Android works great and can read from most cloud storage solutions.

Don't know about iPhone.

reply


I'm interested to hear what the HN community thinks about keeping passwords in iCloud-based Keychain (Safari) or whatever Google's alternative is called.

I don't care about portability. Why would I want e.g. 1Password instead of simply using Apple Keychain.

Thanks!

reply


I never liked it, but I won't pretend it's because I'm some security genius. Just found it very unpleasant to use

reply




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: