Advice Request LastPass alternative?

[shmu26]

I am looking for a good, free alternative to LastPass, one that will sync across various PCs, like LastPass free version does.

I recently discovered, by the process of elimination, that the LastPass chrome extension is conflicting with GoogleDocs and other Google services, on my x64 windows 10 machine. I tried removing my security software, and it still conflicted.
Interestingly, it does not seem to conflict on my x86 win10 virtual machine.

A workaround is to run 2 chrome identities at the same time. One for GoogleDocs, and the other for everything else. But I am getting tired of the complications and the mini-avatars on the taskbar icons.

Any ideas?

Some say to use KeePass and sync the password data base over Dropbox, but that doesn't sound so secure to me. The KeePass data base is unencrypted, I would assume?

EDIT: I see that the data base is indeed encrypted. I guess it has to be, or else it is just too easy to steal. Is the encryption sufficient, or is it unsafe to sync it over Dropbox?

 

[Ink]

I found this interesting post on LastPass site, it might actually solve some issues with google products:

A better solution is to use Identities.

"An Identity helps you organize your vault into convenient 'subvaults'. Group your Sites, Secure Notes, and Form Fills based on what you need in specific situations, such as 'Home' and 'Work'. When you switch Identities, you'll only see and fill the items you added to your current identity."​

To switch between your "sub-vault" Identities > Left-click on LP extension > More Options > Identities (...).

 

[Batzzz]

Personally i use google chrome auto-storage, its not very encrypted but works.

 

[Solarlynx]

Personally i use google chrome auto-storage, its not very encrypted but works.

If you mean Google Chrome option to store password then take into account that log-in and password data isn't encrypted at all. They are stored in Chrome in plain text. It's very insecure. AFAIK Mozilla gives this option with possibility to encrypt your sensitive data.

 

[Solarlynx]

Where as putting your data on dropbox is also still an increased risk, what if your dropbox gets hacked? Etc

If we take Keepass+Dropbox combo as an example then we must consider the following:
1. Dropbox is a way less attractive target then say LastPass or Dashline for password hunters.
2. If you sinc your database through Dropbox and it's hacked then they get only encrypted file not a plain text. If your master password is strong enough they probably won't spend much efforts to break it.

Though as we know nothing is 100% secure.

 

[jamescv7]

KeePass is a pain for auto-logins.

Well yes I should agree on that part which some people prefer convenience rather security, because of one click access style.

------------------------------------------

Here are the other alternatives you can try, basically everything plays on how the program will be convenient followed by standard security measures.

Link

 

[ForgottenSeer 19494]

If we take Keepass+Dropbox combo as an example then we must consider the following:
1. Dropbox is a way less attractive target then say LastPass or Dashline for password hunters.
2. If you sinc your database through Dropbox and it's hacked then they get only encrypted file not a plain text. If your master password is strong enough they probably won't spend much efforts to break it.

Though as we know nothing is 100% secure.

LogMeOnce password manager uses Amazon Web Services instead of Dropbox. Passwords are encrypted locally on your PC, transmitted through HTTPS to your Amazon Web Services (each person has a unique space there for it's passwords than the other users, when passwords are received there they are encrypted once again and salted. These servers (as with the LastPass, Dropbox, and other reputated file storing and password manager companies) should be secured and and monitored manually 24/7 for anomalies and if there is a breach you will be notified. You should change all of your passwords for more security and better practice every say 72 days. That way even if there is a breach that is not detected by the time your passwords will be decrypted (if they are at all) you'll have already changed your password. And MFA is very important.

And how you will be able to sync your passwords to other devices if you don't trust a company? And what's the point of using a password manager if you are limited only to PCs with installed client? Security is important, but more important is to combine it with usability. That's the real deal today.

 

[shmu26]

I found this interesting post on LastPass site, it might actually solve some issues with google products:

How do I prevent LastPass from filling erroneous form fields?

As an example, let's say you are on Google and there is a field on that page that LastPass is filling with the value 'abc123'.

To prevent LastPass from filling in the value, follow these steps:

1) Locate the site in your LastPass vault that contains the data 'abc123'. The easiest way to do this is to go to your LastPass vault and search for 'google.com' to list all matching sites.

2) For each matching site, click the Wrench icon to bring up the Edit Site window. If you saved the site originally using the Save All Entered Data method, then the fields will be displayed. If we automatically saved the site for you, click on the Wrench icon at the bottom of the window to edit the saved form fields.

3) Look for the field with a value of 'abc123' and click [-] to delete the field.

4) Click 'Save' to dismiss the Edit Form Fields dialog.

I searched in the LastPass vault for all the "google.com" entries, and the very last one had weird custom fields, one of which was filling in the word "inbox". I deleted the fill-in for that field, and it fixed my problems.
Now google docs doesn't go off-line, and other issues I was having with google products were also solved.
Just thought someone might benefit from this knowledge.

LastPass free edition is a good product, hard to find something equal or better.

 

[Solarlynx]

LogMeOnce password manager uses Amazon Web Services instead of Dropbox. Passwords are encrypted locally on your PC, transmitted through HTTPS to your Amazon Web Services (each person has a unique space there for it's passwords than the other users, when passwords are received there they are encrypted once again and salted. These servers (as with the LastPass, Dropbox, and other reputated file storing and password manager companies) should be secured and and monitored manually 24/7 for anomalies and if there is a breach you will be notified. You should change all of your passwords for more security and better practice every say 72 days. That way even if there is a breach that is not detected by the time your passwords will be decrypted (if they are at all) you'll have already changed your password. And MFA is very important.

And how you will be able to sync your passwords to other devices if you don't trust a company? And what's the point of using a password manager if you are limited only to PCs with installed client? Security is important, but more important is to combine it with usability. That's the real deal today.

Good points! Though I adhere to a bit contrary point of view in this respect.

Never heard of LogMeOnce, thanks.

 

[ForgottenSeer 19494]

I searched in the LastPass vault for all the "google.com" entries, and the very last one had weird custom fields, one of which was filling in the word "inbox". I deleted the fill-in for that field, and it fixed my problems.
Now google docs doesn't go off-line, and other issues I was having with google products were also solved.
Just thought someone might benefit from this knowledge.

LastPass free edition is a good product, hard to find something equal or better.

I actually had the same problem with LogMeOnce and my university account. Fixed it the same way LOL.

Good points! Though I adhere to a bit contrary point of view in this respect.

Never heard of LogMeOnce, thanks.

Well, i'm not sure why this is true, but it is. Seems to be not so popular.

 

[DJ Panda]

I would totally use Avast Passwords. I use it all the time and have greatly reduced the amount of duplicate passwords I had. There has been hate over security browser extentions but Avast Passwords is top notch IMO.

 

[shmu26]

I would totally use Avast Passwords. I use it all the time and have greatly reduced the amount of duplicate passwords I had. There has been hate over security browser extentions but Avast Passwords is top notch IMO.

does it have a good automatic log-in for regular sites, and an option for "ask for password" for the more sensitive sites?

 

[Ink]

In Avast Antivirus Settings > Passwords.

Change the frequency to ask for Master Password, from on reboot, once a week, once a day and twice a day.

Left-click on Avast Passwords extension.

 

[Solarlynx]

I would totally use Avast Passwords. I use it all the time and have greatly reduced the amount of duplicate passwords I had. There has been hate over security browser extentions but Avast Passwords is top notch IMO.

Can we use it free on Androids? If yes then in Avast AV?