Hacker News new | past | comments | ask | show | jobs | submit login

KeePassX is still vulnerable to a keylogger on your local machine.

LastPass with 2-factor auth should be more secure than KeePassX, however, your point about it being proprietary is well taken.

I also think LastPass has a very good reputation for full disclosure - when the salted hashes of master passwords were compromised in 2010 it was very refreshing to see the CEO come forward and give immediate full disclosure to the public about the implications, and why you should change your master password.

I also find it refreshing that if you have a strong master password, even someone compromising their entire database should not give you reason to worry - it would be similar to someone getting a copy of your KeePassX database - it's still encrypted with high-grade encryption.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact