- Feb 4, 2014
- 105
What's your favorite password manager all around?
I think 1Password or Dashlane is for me !
I think 1Password or Dashlane is for me !
What's your favorite password manager all around?
I think 1Password or Dashlane is for me !
1Password uses AWS, which worries me. They also use the AWS Crypto-Library, co-developed by the NSA/CIA which worries me even more. Dashlane is expensive and sends incredible amounts of telemetry and logs to logs.dashlane.com which is an AWS server based in Ireland. When I reached out to Dashlane, got escalated, they said 'for proper function' of the program they need to know everything you do and track it.
These days, I recommend Bit Warden. Opensource, strong Crypto Libraries, stored on secure Azure servers, excellent support and FREE.
As an option, I like Stickypassword. While they use AWS for storage they don't use AWS crypto libraries and have never had a breach or compromise.
If NSA and CIA would be after me, my passwords would be the last thing i'd care about..
AgileBits.OnePassword.Desktop.exe is sending more packets than Dashlane, Lastpass also sending lots of packets all the time...If crypto is compromised, by anyone, then it is basically compromised by everyone. That should be your worry. Backdoors impact everyone that uses something because they put you and everyone else at risk. Case in point, Juniper's NSA backdoor getting used by criminals.
If you choose to believe what Dashlane tells you, great. But keep in mind, that telemetry is increasing your threat surface. Have you seen the number of logs it sends and how often? It's not like they bother to take the time to bundle it, encrypt it and send it off to them. Nah, let's just send logs/telemetry every 60 seconds, why the heck not..
No thanks. Your PW manager should have no outbound connectivity unless it's syncing. If it does, you should concern yourself with it.
Sticky Passwords here. It has some nice features. Some other day it warned me that a site was trying to forward my login to another site and asked me if I wanted to insert my credentials anyway. As it was just Google redirecting my login to the corporate user site I had nothing to worry about but I had no idea it could detect this kind of redirection.
lastpass is very good...