undefined | Better HN

0 pointscrdoconnor9y ago0 comments

Exactly this. I'm abandoning them now.

0 comments

I want an alternative, got a good one?

If you're using a *nix system: https://www.passwordstore.org/ I switched over from LastPass a few months ago. It uses gpg for encryption and supports git for password syncing between systems. Pretty simple to set up and use. There are quite a few third party apps for it already (both desktop and mobile)

veeti9y ago

Does this still have the problem of leaking metadata (site names, etc.) in plain text? I don't want to manually obfuscate them.

1 more reply

oslavonik9y ago

I've been amazed by Pass, but couldn't find a thorough review between Pass and KeePass(x). Is one safer than the other?

3 more replies

grewil29y ago

I tried LastPass, but didn't trust them, so I found https://www.passwordstore.org/ some year ago. I can't emphasize enough how good it is, mainly because it is so dead simple and transparent in how it works, and also because it has great bash integration, and uses git which makes it easy to sync between your machines. There is also a firefox plugin that integrates with it, but I don't really see that you need it: it is so easy to use at a prompt.

daddykotex9y ago

I use password store to, and it works really well. I'm on MacOS but having it to work under Android and Windows was a breeze.

etatoby9y ago

That's brilliant, thanks a lot!

I never trusted "cloud" (read: not yours) password stores. I have been using KeePass and manual syncing, but I had my doubts about it too.

This looks perfect and simple!

imglorp9y ago

Don't use anything that runs in the DMZ (browser), if you care about your secrets.

I use keepassx, which requires manual search, copy, paste but it can store its vault on a cloud drive, mobile etc. and can have a key file or password.

cowkingdeluxe9y ago

Worth mentioning that one of the major benefits of Keepass is that it is open source. Many of the other providers mentioned here are not.

chrisper9y ago

What do you mean? Autotype is available in KeepassX.

1 more reply

mabcat9y ago

I switched to 1Password after Lastpass got acquired. I obviously have no special knowledge how secure it is but it's serving me well. OSX browser integration excellent, iOS integration mediocre.

jxpx7779y ago

Disclosure: I work for AgileBits, makers of 1Password.

If you're interested, all our data formats are well documented for review: https://blog.agilebits.com/2013/03/06/you-have-secrets-we-do... You might also be interested in the security white paper for our hosted 1Password service: https://1password.com/security/ (White paper is linked at the bottom of the page.)

3 more replies

pwenzel9y ago

I have been using 1Password since version 3 and highly recommend it. I personally am quite happy with the iOS support, synchronization, and mobile Safari extension.

julsimon9y ago

Dashlane is really good. Running 100% in AWS and leveraging a lot of their security features.

Here is their security white paper : https://www.dashlane.com/download/Dashlane-Security-Whitepap...

jontas9y ago

I just read the whitepaper (I am a long time Dashlane user) and they have a section on security of their javascript/browser extensions. They say that their extensions all use c++ so execute entirely outside of the javascript context. This would not have prevented the Lastpass exploit since all that was required as a malformed URL, but it is nice to see that Dashlane is thinking about this stuff. Also, had Lastpass not used js this exploit would've been harder to find (though not impossible).

dashlanesupport9y ago

Hello Julsimon, this is Simon from Dashlane's Support team. Thank you for your feedback. We have indeed ran multiple checks on our end and can confirm that we are not vulnerable to this type of issue. The code used for our auto-fill functions is shared on all our platforms and has been audited multiple times.

scandox9y ago

I've been using Pass for several months and I love it. https://www.passwordstore.org/

pwenzel9y ago

Within Pass is there a best practice for sharing passwords with another person or team?

1 more reply

chyle9y ago

Check out Enpass password manager. https://www.enpass.io/

I found this alternative when LastPass was acquired by log me once. I was not happy with this. This app doesn't have hacking or vulnerability history like LastPass.

They also have a dedicated import for LastPass. https://www.enpass.io/docs/desktop-mac/import_lastpass.html

tedmiston9y ago

1Password is very nicely integrated if you're on a Mac and/or iOS. It's not free like LastPass, but I consider it a reasonable one-time* purchase.

*every few major releases

crdoconnorOP9y ago

KeePass, but I'm not 100% on that one either.

toxican9y ago

Why not? I've been using it for about a year now (switched from LastPass) and haven't had any issues. Kind of miss the in-browser features of LastPass, but seeing as how those are what's being exploited, maybe not so much!

1 more reply

_ea1k9y ago

I use KeePass as well, but I have never tried it with a browser extension. That seems a little dangerous to me.

ajdlinux9y ago

Any good alternatives for LastPass Enterprise-style multi-user sharing?

(Apart from "don't use services that require you to share passwords for a single account". Alas.)

winsome9y ago

My team and I have been using 1Password Teams (https://1password.com/teams/) for this. They also have a Families service if for some reason you want to do the same thing with family and friends.

greenshackle9y ago

Does it need to have Windows client? I'm guessing yes. If not there is [SFLVault](http://sflvault.org/)

ClayM9y ago

I switched myself and my family to use 1Password Family. Been very happy with it. Syncs across all user and devices (except IE lol)

riquito9y ago

enpass.io, it supports pretty much every platform

gourou9y ago

Work on your memory, it's very hard to hack.

Xylakant9y ago

That's a very bad recommendation. Very few people are capable of remembering unique 10-character passwords for each site. I have like 100 passwords and accounts for various systems and I'm certainly not able to remember each of them. So either I start reusing passwords or I use a password manager.

2 more replies

retox9y ago

No one is under any obligation to provide bug bounties.

icebraining9y ago

And no one is obligated not to take that into consideration when deciding whether to use the product.

jug9y ago

No, exactly -- at their peril.

j / k navigate · click thread line to collapse

0 comments

SaturateDK9y ago

I want an alternative, got a good one?

Alpacalex9y ago

veeti9y ago

Does this still have the problem of leaking metadata (site names, etc.) in plain text? I don't want to manually obfuscate them.

1 more reply

oslavonik9y ago

I've been amazed by Pass, but couldn't find a thorough review between Pass and KeePass(x). Is one safer than the other?

3 more replies

grewil29y ago

daddykotex9y ago

I use password store to, and it works really well. I'm on MacOS but having it to work under Android and Windows was a breeze.

etatoby9y ago

That's brilliant, thanks a lot!

I never trusted "cloud" (read: not yours) password stores. I have been using KeePass and manual syncing, but I had my doubts about it too.

This looks perfect and simple!

imglorp9y ago

Don't use anything that runs in the DMZ (browser), if you care about your secrets.

I use keepassx, which requires manual search, copy, paste but it can store its vault on a cloud drive, mobile etc. and can have a key file or password.

cowkingdeluxe9y ago

Worth mentioning that one of the major benefits of Keepass is that it is open source. Many of the other providers mentioned here are not.

chrisper9y ago

What do you mean? Autotype is available in KeepassX.

1 more reply

mabcat9y ago

I switched to 1Password after Lastpass got acquired. I obviously have no special knowledge how secure it is but it's serving me well. OSX browser integration excellent, iOS integration mediocre.

jxpx7779y ago

Disclosure: I work for AgileBits, makers of 1Password.

3 more replies

pwenzel9y ago

I have been using 1Password since version 3 and highly recommend it. I personally am quite happy with the iOS support, synchronization, and mobile Safari extension.

julsimon9y ago

Dashlane is really good. Running 100% in AWS and leveraging a lot of their security features.

Here is their security white paper : https://www.dashlane.com/download/Dashlane-Security-Whitepap...

jontas9y ago

dashlanesupport9y ago

scandox9y ago

I've been using Pass for several months and I love it. https://www.passwordstore.org/

pwenzel9y ago

Within Pass is there a best practice for sharing passwords with another person or team?

1 more reply

chyle9y ago

Check out Enpass password manager. https://www.enpass.io/

I found this alternative when LastPass was acquired by log me once. I was not happy with this. This app doesn't have hacking or vulnerability history like LastPass.

They also have a dedicated import for LastPass. https://www.enpass.io/docs/desktop-mac/import_lastpass.html

tedmiston9y ago

1Password is very nicely integrated if you're on a Mac and/or iOS. It's not free like LastPass, but I consider it a reasonable one-time* purchase.

*every few major releases

crdoconnorOP9y ago

KeePass, but I'm not 100% on that one either.

toxican9y ago

1 more reply

_ea1k9y ago

I use KeePass as well, but I have never tried it with a browser extension. That seems a little dangerous to me.

ajdlinux9y ago

Any good alternatives for LastPass Enterprise-style multi-user sharing?

(Apart from "don't use services that require you to share passwords for a single account". Alas.)

winsome9y ago

My team and I have been using 1Password Teams (https://1password.com/teams/) for this. They also have a Families service if for some reason you want to do the same thing with family and friends.

greenshackle9y ago

Does it need to have Windows client? I'm guessing yes. If not there is [SFLVault](http://sflvault.org/)

ClayM9y ago

I switched myself and my family to use 1Password Family. Been very happy with it. Syncs across all user and devices (except IE lol)

riquito9y ago

enpass.io, it supports pretty much every platform

gourou9y ago

Work on your memory, it's very hard to hack.

Xylakant9y ago

2 more replies

retox9y ago

No one is under any obligation to provide bug bounties.

icebraining9y ago

And no one is obligated not to take that into consideration when deciding whether to use the product.

jug9y ago

No, exactly -- at their peril.

j / k navigate · click thread line to collapse