LastPass Free limiting device types

[JoeWras]

keepassXC forked to support running on OS's different from Windows.
No longer any need to fake Windows to run KeePass if living on a different OS.
No longer a need to download an unauthorized build for a different OS.

I'll bet there is some OS out there that none run on.

The tech geek behind this is that XC runs C++, while plain KeePass runs on C#.

KeePass had a security audit a few years ago and did well. XC hasn't had an audit. Not sure if it matters. XC is a project on github which makes it really easy to browse the code and look at community comments. Plain KeePass is opensource, but you have to download it and expand it to see it. That just makes it a little less visible and is rather old school when it comes to open source.

 

[bltkmt]

I have used Premium for years, but DW uses Free. I will probably upgrade her as I don't get how to share an account.

 

[Trooper]

I have used Premium for years, but DW uses Free. I will probably upgrade her as I don't get how to share an account.

If you are both comfortable with the idea, DW could simply use your (Premium) ID and master password when logging in. Then all passwords to all of your websites would be visible to both of you.

You would have to convert DW's LastPass passwords to your account, using the import/export functions.

It all depends on how comfortable and thrifty you are. If the extra $36/year doesn't matter, than have her upgrade.

 

[triangle]

keepassXC forked to support running on OS's different from Windows.
No longer any need to fake Windows to run KeePass if living on a different OS.
No longer a need to download an unauthorized build for a different OS.

I'll bet there is some OS out there that none run on.

What is meant by fake Windows? If that was meant as way to describe the mono software libraries, I don't have much comment other than to note all applications use libraries of one kind or another. keepassXC is more of an unauthorized build by that definition.

I just hope the core password encryption functionality is not negatively impacted by splitting the project, as at some point some key functionality may not get back ported and it will diminish the standing of both applications. I do not remember the primary motivation for why KeePass2.x was written in C#, I think it might have been to speed some feature delivery across different platforms and keep the core app more uniform. But unofficially it was probably just the developer(s) personal wishes. If I were a developer I would not be thrilled that KeePass was written in C#, so maybe the new fork and C++ rewrite will supersede the original.

 

[triangle]

Recent article pointing out potential concern with trackers in LastPass:

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

 

[Katsmeow]

I tried the red (above) and it seemed fine. Used the Export/Import method to put all DW's stuff in a new folder. Since I have Excel I could edit the csv file which Lastpass exports.

On the iPhone it seems you cannot see the folder's organization but you can on the PC.

DH isn't currently using Last Pass. He keeps his passwords in a spreadsheet. I don't like him doing it and when I give him a password for something I tell him he can't put it in the spreadsheet (and he doesn't). Most of what he has in the spreadsheet is not really critical stuff. That is, he doesn't have our investment passwords.

I’ve never had an issue. I’m usually logged on on my desktop and then use my touch-Id to access on my phone. DH rarely uses it.

Isn’t multi-device support what they are asking us to pay for? It had better work.

I'm sure it will work on multiple devices. The question is whether it is OK to have multiple places using Last Pass at the same time (we would both be using it in browser extensions) and perhaps simultaneously.

 

[misanman]

...potential concern with trackers in LastPass

I read the article and so went into my LastPass Android settings to check on tracking and it is disabled. I can't remember if this was a configuration choice at install or not. If not, then maybe it is disabled by default. Anyone who is concerned about this should probably visit their settings.

 

[Sunset]

DH isn't currently using Last Pass. He keeps his passwords in a spreadsheet. I don't like him doing it and when I give him a password for something I tell him he can't put it in the spreadsheet (and he doesn't). Most of what he has in the spreadsheet is not really critical stuff. That is, he doesn't have our investment passwords.

....

I know your issue, DW is like that.. I'm working on getting her to use KeepassXC

You could have him create an encrypted file (think container) with VeraCrypt and he could put his spreadsheet inside it, along with any other secret stuff. Then its quite secure when his machine is off, or the encrypted file is not mounted.

 

[tulak]

Recent article pointing out potential concern with trackers in LastPass:

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

Well, this isn’t great. I’m not surprised and expected something like this to happen after they were bought by private equity firms. I guess I can be happy it took this long?

Regardless of what they do with this data, the fact that they are willing to install trackers tells me how they want to run their company. I’ve enjoyed their product and switching is going to be a pain, but I’m going to signup for 1password and see how well they work.

 

[Katsmeow]

I know your issue, DW is like that.. I'm working on getting her to use KeepassXC

You could have him create an encrypted file (think container) with VeraCrypt and he could put his spreadsheet inside it, along with any other secret stuff. Then its quite secure when his machine is off, or the encrypted file is not mounted.

Well he is actually willing to use LastPass. In fact he has said that he will if I set it up so we can use it. I just never got around to it.

 

[zinger1457]

I’ve enjoyed their product and switching is going to be a pain, but I’m going to signup for 1password and see how well they work.

Switching may not be as bad as you would think, I'm testing out Bitwarden and the switch was very simple, export LastPass file and import file into Bitwarden. So far it seems to be working fine but have only tested it on my laptop. I did spend about 30 mins going through the data I imported from LastPass deleting all of the old unused sites, should have done that a long time ago.

 

[Lsbcal]

Recent article pointing out potential concern with trackers in LastPass:

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

Could you provide the link?

Apparently not on iPhone.

 

[The Rodent]

I don’t see the need for a family plan for DH and myself. For those websites where we each have our respective logins (Amazon, VG, Southwest, etc) LastPass handles multiples just fine. When I go to login to VG, for example, the LastPass icon shows in the username field with a 2 next to it to indicate that I have two passwords for this site. Hover over the icon, both usernames are displayed, pick the one you want to use. Easy.

I agree with your comment that you don't benefit from a family plan if you have your individual logins. However we benefit from sharing logins for all our paperless billing sites (utilities, credit cards, etc). If one of us is unable to handle financial matters due to illness or something else, the other person has access to logins.

 

[ocean view]

I agree with your comment that you don't benefit from a family plan if you have your individual logins. However we benefit from sharing logins for all our paperless billing sites (utilities, credit cards, etc). If one of us is unable to handle financial matters due to illness or something else, the other person has access to logins.

But can’t you just share the master password from one individual account with your spouse?

 

[kevink]

For those (like us) who are exclusively in the Apple (IOS/OSS) world why not just use Keychain and skip LastPass, etc. entirely? Not as full-featured perhaps but have been using both for years and don't see much difference.

Agree that LastPass support when paying for premium (which I did for years but dropped) was always underwhelming.

 

[Sunset]

But can’t you just share the master password from one individual account with your spouse?

I was thinking the same thing.

For accounts where both have an acccount, just name them differently (assuming lastPass has some sort of title for each entry).

Toms checking account
Toms saving account
Betty checking account
Betty saving account.

 

[tulak]

Could you provide the link?

Apparently not on iPhone.

An article I read yesterday stated that the iOS app wasn't tested. I can't find that article, but from another article:

While no trackers have been confirmed to exist in the iOS or macOS versions of LastPass, a quick glance at the iOS beta's "nutrition label" hints that it's not out of the realm of possibility, either.

https://appleinsider.com/articles/2...stions-about-trackers-in-lastpass-android-app

My take is that this is a choice made by the company. Even if they don't currently have iOS trackers, they're not against trackers and will add them if they think it benefits them. And then I ask myself, why am I paying to use an app with trackers?

I'm willing to pay for the opposite: improved security. It's one of the reasons I have an iOS device instead of Android. And why I don't mind paying for a password manager.

Regarding trackers in other password managers:

The Register points out that LastPass isn't the only password manager that has trackers, either. Bitwarden and Dashlane both contain trackers, two and four, respectively. However, LastPass rival 1Password and open-source KeePass do not feature trackers at all.

Even though I read Bitwarden/Dashlane's trackers are for analytics and the data isn't sent to a 3rd party, unlike a couple of the Lastpass trackers.

For those (like us) who are exclusively in the Apple (IOS/OSS) world why not just use Keychain and skip LastPass, etc. entirely? Not as full-featured perhaps but have been using both for years and don't see much difference.

I have thought about using iCloud Keychain. I started using Lastpass before Keychain was available and I didn't have a reason to switch. My biggest hesitation at this point is lack of support outside of the Apple's ecosystem, even though it looks like Apple is trying to support other platforms/apps. Thanks for bringing this up. I'll take another look at this option to see if it would work.

 

[Lsbcal]

Even though I have Lastpass I use Keypass as well since it seems to do a good job, maybe better then Lastpass on the iPhone. But I use only Lastpass for financial sites and for my PC and because you can keep secure notes and even notes on a particular password (like security question answers). If I used a Mac then I might then dump Lastpass.

Those notes are particularly good when traveling. I can printout information, take a picture of it and store it on Lastpass. Good for passport backups, bank info, etc.

 

[tulak]

I have thought about using iCloud Keychain. I started using Lastpass before Keychain was available and I didn't have a reason to switch. My biggest hesitation at this point is lack of support outside of the Apple's ecosystem, even though it looks like Apple is trying to support other platforms/apps. Thanks for bringing this up. I'll take another look at this option to see if it would work.

A bit of playing around with this...and it almost works. On the Mac, Apple provides the Keychain Access app. This allows you to view all of your iCloud Keychain entries. You can view individual entries, add site specific information to the entry (such as security question answers). There's a place for secure notes. The problem is that there's no way to view this data on iOS. This might not be a dealbreaker, but it is frustrating that Apple can't provide full access to your iCloud Keychain data on iOS.

It'd also be nice to have a generate password app. I use this occasionally, but maybe only in cases where Lastpass isn't working well with a website. It might not be an issue.

Even though I have Lastpass I use Keypass as well since it seems to do a good job, maybe better then Lastpass on the iPhone. But I use only Lastpass for financial sites and for my PC and because you can keep secure notes and even notes on a particular password (like security question answers). If I used a Mac then I might then dump Lastpass.

Those notes are particularly good when traveling. I can printout information, take a picture of it and store it on Lastpass. Good for passport backups, bank info, etc.

I guess I'm lucky I use a Mac.

I've convinced myself to ditch Lastpass. The tracker issue is a dealbreaker for me.

For iCloud Keychain, I don't necessarily like that my passwords are available after I login. Having a separate login to a password manager is nice, since it adds an extra layer of security. What happens if my device is taken when entering a country?

I like the 1Password idea of a travel mode. Do any 1Password users here use that feature? Is it worth it?

For passport backups, I have a weakly protected Google Drive account that I'm more than happy to login from anywhere. My thinking is that if I'm in a foreign country and lose all of my devices/documentation, I want to the ability to login from any unsecured computer and get a copy of my passport.

 

[Lsbcal]

...

For iCloud Keychain, I don't necessarily like that my passwords are available after I login. Having a separate login to a password manager is nice, since it adds an extra layer of security. What happens if my device is taken when entering a country?

I like the 1Password idea of a travel mode. Do any 1Password users here use that feature? Is it worth it?

For passport backups, I have a weakly protected Google Drive account that I'm more than happy to login from anywhere. My thinking is that if I'm in a foreign country and lose all of my devices/documentation, I want to the ability to login from any unsecured computer and get a copy of my passport.

I think the chance of all our devices (2 iPhones and 2 iPads) being taken in a foreign country is remote. They are all securely locked up. And we have only traveled to developed countries in Europe. Besides with Covid who knows when we'll travel to Europe.

 

[tulak]

I agree, the chance of losing all devices is slim. I came up with the Google Drive solution a long time ago because I was tired of carrying photocopies of our passports. Now I only need to think about it when I get a new passport.

 

[Katsmeow]

Initially I was going to just sign up for Families at Last Pass. I've been using the free version but DH was interested in using it and I was OK with the cost of Families. But, I went and did research on the current state of the password manager market. I also read the LastPass subreddit. Anyway, DH and I have decided to trial 1Password. Its family version is $12 more a year than LastPass but I liked a number of things I read about it. And, I am not enchanted with LastPass. If I don't like it, then I will probably go back to LastPass.

 

[triangle]

I like the 1Password idea of a travel mode. Do any 1Password users here use that feature? Is it worth it?

For passport backups, I have a weakly protected Google Drive account that I'm more than happy to login from anywhere. My thinking is that if I'm in a foreign country and lose all of my devices/documentation, I want to the ability to login from any unsecured computer and get a copy of my passport.

I like this travel mode concept. I have often thought of breaking my keepass kdbx file into two parts. A core keep-everywhere.kdbx for inclusion on mobile devices and an everything-else.kdbx for accounts only accessed while home. I was coming at this more from a financial security angle rather than a personal liberty point of view. For example to insure access to checking account and credit card everywhere but not things like my retirement account. I never did that because it was hard to make keepass work that way and the category of each account is not so binary.

I reluctantly put some key things onto cloud, especially after having a phone die midway through international travels. One realizes how dependent they are on internet access when going without it for days, with no way to communicate or book a rideshare.

I think the chance of all our devices (2 iPhones and 2 iPads) being taken in a foreign country is remote. They are all securely locked up. And we have only traveled to developed countries in Europe. Besides with Covid who knows when we'll travel to Europe.

I may misunderstand your comment, whether you are talking about border crossing only or not. IMO the more likely scenario is theft. For example getting held at knifepoint for your wallet and electronic devices.

 

[Sunset]

I like this travel mode concept. I have often thought of breaking my keepass kdbx file into two parts. A core keep-everywhere.kdbx for inclusion on mobile devices and an everything-else.kdbx for accounts only accessed while home. .....

You could easily do this, by duplicating the database file.
Name it travel.kdbx.
Open keePass and close the database normally used, then open the travel one. Delete what you don't want, and save it.

A big issue will be syncing the databases.

Myself, I make a copy of my database, and put it into a veracrypt container on a tiny thumb drive.
So the encrypted database is inside an encrypted file container, even if I lose the thumbdrive it's going to be pretty safe.
I have veracrypt on the computer, and when I need to see the passwords, I plug in the thumbdrive, open the veracrpyt container, then use keePass pointing to the now displayed database.

Everytime we travel, I just put a fresh copy into the thumbdrive, so don't really need to sync.

 

[Lsbcal]

...

I may misunderstand your comment, whether you are talking about border crossing only or not. IMO the more likely scenario is theft. For example getting held at knifepoint for your wallet and electronic devices.

You don't have to be traveling in say, Italy or France, to be worried about being held at knifepoint for your valuables. You could have that happen right in your home. So security only goes so far.

Our devices are basically uncrackable by criminal types. But yes, someone could threaten bodily harm and even require I give them a password while they hold my iPhone. Then if they are really going to pull off stuff they'd kill me and empty my accounts over time or wait until I help them do so. So that's why I keep our doors locked and deploy normal security measures.

Getting back to just travel, Europeans move about all the time with electronic devices in their pockets. There are many tourists that are somewhat careless with their pocket items like wallets and phones. Many I am sure are less secure then ones we deploy. We take better measures then most to protect devices so I think criminals will go after the low hanging fruit.

And I don't mean to be pooh-poohing these concerns. I've considered the worst especially when I am tired at nights and worried about everything.