Lastpass or Keepass (or something else?)


  • Discourse touched me in a no-no place

    The idiots running our time entry website[1] have mandated "secure" passwords that they claim will have to be changed every 90 days, and fuck that. I just locked myself out of the site, so I guess this is the thing that pushes me over the edge to get a password manager. Which should I use? I am aggressively interested in the cloud having my password, but it would be useful if I had a keyring I could carry around on a flash drive. At this point, I only care about stuff that works on Windows, and it needs to work both in Chrome, and in IE/Edge.

    The sooner you people give me good advice the sooner I can install it, log in, reset my password, and enter my time for this week.

    Also, I'd make a poll here but I've ignored how the new plugin works.

    Let's see if I can do this:

    [poll name=the_real_deal_]

    • lastpass
    • keepass
      [/poll]

    No FILE_NOT_FOUND/"I'll troll in the comments"/etc because I'd actually like a usable answer.

    Ah, what the heck, have at it here:
    [poll name=for_all_your_trolling_needs]

    • FILE_NOT_FOUND
    • Brillant!
    • I am actually going to mention a viable option in the comments
      [/poll]

    [1] it's a third-party thing, not something we wrote.



  • Vote for KeePass here, although I've never used Lastpass. Used PasswordSafe before KeePass.





  • @WernerCD said:

    KeePass + Dropbox user here. All day, every day. I know ~4 of my passwords.

    Windows - http://ninite.com/keepassAndroid - https://play.google.com/store/apps/details?id=com.android.keepass&hl=eniPhone - https://itunes.apple.com/us/app/minikeepass-secure-password/id451661808?mt=8

    That. Except I'm still using the old KeePassX on windows.



  • I use KeePass on Windows, and KeePassX on OSX.


  • Winner of the 2016 Presidential Election

    I use LastPass on Windows, Windows tablet and Android. Works like a charm.



  • I voted for KeePass, but it's the only one I've ever used, so I don't really have a basis for comparison. Works fine from a USB stick.


  • Discourse touched me in a no-no place

    Ok. Going with Keepass then. I used @WernerCD's ninite link so I hope you didn't give me a virus.


  • mod

    @WernerCD said:

    KeePass + Dropbox user here. All day, every day. I know ~4 of my passwords.

    Seconded. If you are an Android user, KeePassDroid (linked by @WernerCD) works beautifully.



  • @FrostCat said:

    90 days

    Lucky bastard, our domain passwords have 30 day expiration date. And I don't think you can even use KeePass for that...

    I should start using the thing, but I dunno. I'm not too comfortable with locking myself out of my accounts on any device where I can't use it for some reason.


  • Discourse touched me in a no-no place

    You can do a Copy on any given password and then paste it into Notepad, if you know ahead of time.


  • mod

    @abarker said:

    KeePassDroid

    I had problems with KeePassDroid not wanting to use Google Docs as a sync location and freaking out and saying the file was always locked. It's what convinced me to switch to LastPass. And LastPass has an android app now that works just as nicely, but without needing a third party cloud storage location to sync with.


  • :belt_onion:

    @loopback0 said:

    PasswordSafe

    I'm still using PasswordSafe after having seen Keepass. Basically their format has been stable for a while whereas Keepass comes in two major versions...



  • @JBert said:

    Keepass comes in two major versions...

    Yeah but every client I have supports the newer version.

    To be fair, the switch was because work swapped from PasswordSafe to KeePass.


  • Winner of the 2016 Presidential Election

    @Yamikuronue said:

    And LastPass has an android app now that works just as nicely

    +1

    The LastPass android app is very nice indeed...


  • mod

    @Yamikuronue said:

    I had problems with KeePassDroid not wanting to use Google Docs as a sync location and freaking out and saying the file was always locked.

    Never tried it with Google Docs. But it works fine with DropBox, and I've seen good reports regarding OneDrive, too.



  • Keepass.

    Not ready to trust someone else to keep my passwords in their file. Aside from the fact that I have nothing but their assurance the passwords are actually encrypted, what happens if they fold? Maybe I just don't know all the details, but when I was looking at their FAQ's, that was my #1 question.

    OTOH, if I were a cynic, I'd worry that even if they encrypt my passwords, they can decrypt them at broad government hint. But it really doesn't matter since I am well beyond cynic and therefore am sure the government key logs me anyway.



  • Tell me how well it works when you need to type a password into your Xbox or Roku.


  • Winner of the 2016 Presidential Election

    It works great! I just need to press up up left left left left a down right right right right a up left a down left left........

    Yeah that's a painful UX no matter what your password is. At least unless it's "hunter2"



  • Happy KeePass, KeePassX and Dropbox user here. I use KeePass 1.x on Windows because I don't need any of the extra features that the 2.x database format allows for, because 1.x is a small native code application that starts much faster than the .Net based 2.x, and because KeePassX still doesn't support the 2.x database format (both 1.x and 2.x are under active development and 2.x does not supersede 1.x).

    In theory, KeePass 2.x works on Mono. In my experience all that means is that you can have something on Linux that starts up every bit as slowly as it does on Windows and has a shitty file picker.

    I use MiniKeePass on iOS and KeePassDroid on Android. Both work well. MiniKeePass makes use of iOS's multiple clipboards: tap a Keepass db entry and you get a pasteable username and a pasteable password. Tapping a db entry on KeePassDroid creates two Android notifications: touching one copies the username and touching the other copies the password.

    On the desktop I use the following workflow: double-click the URL item in a KeePass db entry, wait for the browser to open that URL, do any extra clickery that the page need in order to get the insertion point positioned in the username box, bring KeePass to front again, press Ctrl-V to autotype the currently selected entry. This works smoothly enough that I don't feel any need for browser integration via extensions, which is good because I do a lot of work on browsers that aren't mine.

    I keep my passwords database, along with the portable Windows executable for KeePass 1.x, in a USB μSD reader attached to my car keys. Every now and then I'll update that from the authoritative Dropbox copy. As long as the car keys db always has my current Dropbox password, I'm good. Having the μSD available makes installation of the setup on a new phone fairly painless.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    Tell me how well it works when you need to type a password into your Xbox or Roku.

    I don't have either one of those.


  • Discourse touched me in a no-no place

    @flabdablet said:

    In theory, KeePass 2.x works on Mono. In my experience all that means is that you can have something on Linux that starts up every bit as slowly as it does on Windows and has a shitty file picker.

    If a .Net application starts up slow more than once, you've probably got something wrong with your computer.



  • KeePass is quite often the first thing I start up on Windows, and on Linux it's the only Mono thing I'd regularly use. I gave 2.x an honest trial for a couple of weeks. Didn't like it. Felt way, way too slow compared both 1.x and KeePassX.

    FWIW I have the same objection to Java. Both runtimes are just ridiculously heavyweight.



  • @FrostCat said:

    If a .Net application starts up slow more than once, you've probably got something wrong with your computer.

    <obMicrosoftBashing>
    Yes, it's called, ".Net".
    </obMicrosoftBashing>

    INB4: No I don't actually think that. Not specifically about .Net, anyway. It is going to be at least a century from now before anything anyone does on a computer is not Doing It Wrong™ The RWTF is that we need software now, and don't know how to Do It Right.



  • Me too, but KeePass on Linux is ugly as shit that's why I'm moving to LastPass when I have some time



  • @Eldelshell said:

    KeePass on Linux is ugly as shit

    That's why I use KeePassX on Linux (apart from it being in the Debian repo, so installation is a no brainer) and stick with KeePass 1.x on Windows for interoperability.



  • Keepass 2 is the corporate tool of choice for Windows, so I use KeePassX 2 alpha on my OSX work laptop as it opens the kdbx files from my Windows desktop.



  • How stable is it?

    Thanks for alerting me to the existence of KeePassX 2.0 - looks like there's a beta release available now. I'll try that out.



  • @flabdablet said:

    How stable is it?

    Hasn't crashed once in the 3ish months I've been using it, and I've not come across any other issues with it yet.


  • mod

    @blakeyrat said:

    Tell me how well it works when you need to type a password into your Xbox

    Combined with SmartGlass, very well. Pretty sure I've mentioned that before.

    Edit: Yep.

    @blakeyrat said:

    or Roku.

    Not a clue.



  • @abarker said:

    Combined with SmartGlass, very well.

    I still don't really get that. Does it run natively on Windows Phone? Like... how does that work exactly?

    @abarker said:

    Not a clue.

    Right, see, this is my exact problem. The goal here is to have an app make super-complicated passwords that no human could possibly guess or remember right? Well, great.

    But now when I want to put Amazon Prime on my Roku, I can't type the damned thing in because it's super-complicated.


  • mod

    @blakeyrat said:

    I still don't really get that. Does it run natively on Windows Phone? Like... how does that work exactly?

    It's an app for Android and WinPhone (maybe iOS as well) that essentially turns your phone into a controller for your XBox. Separate versions of the app are used for 360 and One. Your phone and your XBox must be connected to the same network.



  • @blakeyrat said:

    I can't type the damned thing in because it's super-complicated

    I generally adopt passwords like mzhbs.qvgmk.bceep.rvmcn for services I need to use on devices that can't use some KeePass variant directly. Lowercase letters and dots are as close to painless as soft keyboards get, the grouping makes transcription reliable, and there are over 90 bits of randomness even if you know the format beforehand.

    KeePass's inbuilt password generator can be told to use that format in one step. KeePassX doesn't do quite so well, but can still easily generate a 20-letter password I can insert dots in by hand.

    Apple's password strength estimators rate these as less secure than Apple123 but all the Apple devices I use can run MiniKeePass so that doesn't matter.



  • @blakeyrat said:

    Tell me how well it works when you need to type a password into your Xbox or Roku.

    I have nothing like either one of those, but I have stuff like a customer owned laptop where I can't make it autotype. I bring up KeePass on my main machine and type it in from that. It's not great, but still better than doing the same thing with it written in a notebook.

    I do a similar thing with RDP sessions on that machine, except KeePass is then running right there. RDP just doesn't let me copy the password or anything.


  • Discourse touched me in a no-no place

    @flabdablet said:

    Apple's password strength estimators rate these as less secure than Apple123

    That tells you plenty about Apple's password strength estimators, particularly what they about entropy. [spoiler]Bupkis.[/spoiler]


  • sockdevs

    @dkf said:

    particularly what they about entropy.

    did you @accalia a word there?



  • @boomzilla said:

    customer owned laptop where I can't make it autotype

    Portable KeePass on my keyring USB deals with that case for me. Drag and drop the password database onto the executable to work around Windows's random drive letter assignment.



  • I can run KeePass. It just won't allow me to paste or do autotyping over the RDP connection to log into that connection. Which isn't a problem any more because they've gone to smartcard authentication for pretty much everything.


  • Discourse touched me in a no-no place

    Nah, I forgot to sanity-check before posting as dinner was delivered. :smiley: :yum:

    And I think that particular problem is a britney, not an @accalia.


  • Winner of the 2016 Presidential Election

    Well I think you're just


  • Winner of the 2016 Presidential Election

    @dkf said:

    And I think that particular problem is a britney

    Leave Britney alone!


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.