Comments on: Password Manager Shootout – eWallet vs. KeePass vs. LastPass

By: Still Hopeful

Still Hopeful — Thu, 11 Feb 2010 20:10:47 +0000

After reading some timely postings on the LastPass discussion forum and doing some further reading, it turns out that all of the popular and easy attempts at browser security are in vain. Passwords don’t help, secure or otherwise, and two-factor authentication is not effective. However, I am Still Hopeful, as during my searching I found a possible alternative. I have collected some notes on all this here: http://ccobb.net/blahblahblog/?p=658

By: Evan Kline

Evan Kline — Thu, 28 Jan 2010 21:50:42 +0000

Great to know, Nick. Thanks for the info!

By: Nick

Nick — Thu, 28 Jan 2010 21:44:46 +0000

Been using Lastpass for ages now, like most started off with 1password on mac and roboform on pc.

Just to add to the information about using sesame for extra authentication, you can have “trusted computers”, that don’t require your sesame key just your master password.

saves the hassle of digging out a usb stick with sesame for your own personal computer.

Nick

By: Patrik

Patrik — Wed, 06 Jan 2010 12:55:01 +0000

No, it is not cross-platform, but when I have tested Lastpass, it wasn’t working for me Lot of accounts were not filled etc.

By: Still Hopeful

Still Hopeful — Wed, 06 Jan 2010 03:34:01 +0000

Completely agree, and that’s why I stuck with PasswordSafe for so long. There is a LastPass “Pocket” version that installs on your hard disk or on a USB drive. Using this briefly tonight, it looks like it has all the stuff I’m used to with PSafe which, IIRC, is quite similar to Keepass. With the Pocket app, as with the LastPass Sesame app, both the Mac and PC versions run from the same USB drive.

The LastPass Pocket version can load entries from either the LastPass website or from a locally saved encrypted data file. Since I have LastPass configured to require the Sesame app, the Pocket version requires both my master password and a Sesame one-time password to access the entries, both local and remote. Looks like this is maybe the best of both worlds. Finally, yay.

By: Troy

Troy — Tue, 05 Jan 2010 23:25:03 +0000

The reason I stick with Keepass is it’s ability to use it OUTSIDE of the browser. You can use it for your Truecrypt containers, MS Money, Outlook, etc. It’s NOT tied to the browser like Lastpass. That is what is winning me over.

By: Still Hopeful

Still Hopeful — Tue, 05 Jan 2010 17:04:01 +0000

After using LastPass for a while, this morning I signed up for the premium service. I am now using their Sesame portable app on a USB drive as the authentication device. And, as I have both a Mac and a PC, I put both the Mac and the PC version of Sesame on the same device. Works great. First time in many years that I start to feel like this might be an adequate solution.

Of course there’s a downside to using authentication devices. My bank now requires another device, and another bank I use will soon require yet one more device. By then I will need to get an iPhone to avoid having to carry around 3 dongles.

By: Evan Kline

Evan Kline — Tue, 05 Jan 2010 15:58:11 +0000

Good to know. Thanks for the quick reply!

By: Dukeswharf

Dukeswharf — Tue, 05 Jan 2010 14:56:06 +0000

If you have forgotten/lost your Yubikey, an unassociate Yubikey link is available (refering to Lastpass here), which will send ‘how to unassociate’ instructions to your registered email account.

Of course should you not wish to unassociate your key, you will not be able to gain entry to your account.

By: Evan Kline

Evan Kline — Tue, 05 Jan 2010 14:38:15 +0000

A Yubikey is something I’ve been thinking about adding to my arsenal for a while. What happens if, for example, you go to work and leave your key at home? Does that mean you can’t access any of your accounts if you don’t remember the passwords?