- Feb 4, 2014
- 105
What's your favorite password manager all around?
I think 1Password or Dashlane is for me !
I think 1Password or Dashlane is for me !
What cloud Password manager you use?
- Thread starter reystar
- Start date
I started to use from today LastPass.
- May 16, 2013
- 844
1Password uses AWS, which worries me. They also use the AWS Crypto-Library, co-developed by the NSA/CIA which worries me even more. Dashlane is expensive and sends incredible amounts of telemetry and logs to logs.dashlane.com which is an AWS server based in Ireland. When I reached out to Dashlane, got escalated, they said 'for proper function' of the program they need to know everything you do and track it.
These days, I recommend Bit Warden. Opensource, strong Crypto Libraries, stored on secure Azure servers, excellent support and FREE.
As an option, I like Stickypassword. While they use AWS for storage they don't use AWS crypto libraries and have never had a breach or compromise.
- Feb 4, 2014
- 105
If NSA and CIA would be after me, my passwords would be the last thing i'd care about...lol. Dont think we have lots of criminals here that CIA and NSA is after... It's a very extreme scenario. But based on your scenario, if you worry about that kind of stuff, i think cloud solution is not safe for you, since people can hack into pentagon, i am sure they can hack any password manager, so offline is the way to go in case you worry about that too much!
I asked Dashlane about that, they said they said:
"We do collect technical and feature usage data in order to analyze how our product performs and to improve our services. This technical data informs us which features are being used and whether they are working correctly and does not reveal any of your personal data or passwords stored in Dashlane.
For instance, we may log information such as successful or failed log-in attempts, or which platforms you have you installed our app on (e.g. Windows, macOS, iOS, Android) and how many items are saved in your account. None of this technical usage data is tied to any of your personal information within the application (e.g., your passwords, secure notes). We would never track your websites"
If crypto is compromised, by anyone, then it is basically compromised by everyone. That should be your worry. Backdoors impact everyone that uses something because they put you and everyone else at risk. Case in point, Juniper's NSA backdoor getting used by criminals.
If you choose to believe what Dashlane tells you, great. But keep in mind, that telemetry is increasing your threat surface. Have you seen the number of logs it sends and how often? It's not like they bother to take the time to bundle it, encrypt it and send it off to them. Nah, let's just send logs/telemetry every 60 seconds, why the heck not..
No thanks. Your PW manager should have no outbound connectivity unless it's syncing. If it does, you should concern yourself with it.
I use Lastpass paid version
- Jun 9, 2013
- 6,720
I have used LastPass for a long time here, it more than suits my needs. It needs to update to work with Firefox 57 soon though.
- Feb 4, 2014
- 105
AgileBits.OnePassword.Desktop.exe is sending more packets than Dashlane, Lastpass also sending lots of packets all the time...
- Feb 4, 2016
- 2,520
I'm using "LastPass premium" on all my machines. I had no problems at all with this service in the past 4-5 years...
- May 3, 2015
- 1,548
Sticky Passwords here. It has some nice features. Some other day it warned me that a site was trying to forward my login to another site and asked me if I wanted to insert my credentials anyway. As it was just Google redirecting my login to the corporate user site I had nothing to worry about but I had no idea it could detect this kind of redirection.
Bitwarden. I have recently moved from LastPass and I am very satisfied with this Open Source tool.
Lastpass, good enough for me
I spent some time talking to Sticky engineers a few months ago. It has a lot of backend and hidden detections for compromises, phishing and tampering. There is a brute force detection system as well. You can test one of the features by changing the time-zone on your PC. Sticky will detect your database is being logged into or tampered with on a machine in a different time zone than you are usually in and lock the database. It will also detect phishing and redirection as you noted - among other things. While sticky uses AWS, it doesn't use their crypto. You shouldn't see any background telemetry/logging/traversal from Sticky unless the database is syncing which I find is a good policy of theirs contrary to many others.
Bit Warden is good, and the developer is on the ball IMO.
- Jan 4, 2014
- 185
I'm using LastPass free since 2012. It's practical. But i have some privacy issues with it. I don't trust lastpass (or any other PW manager) for things like Internet Banking info or other things that really matter.
- Mar 3, 2014
- 128
Quite honestly I don't trust any Cloud Password Manager, having all your passwords in an Online database doesn't sound smart at all.
I use KeePass since it's local, so it's more secure overall
I use KeePass since it's local, so it's more secure overall
- Apr 1, 2017
- 1,759
Thnx to Mr paranoid ForgottenSeer 58943 I'm using Bitwarden:notworthy:
- Sep 20, 2017
- 93
- Feb 4, 2014
- 105
It is good, i kinda disliked the fact i have to open the browser to change a password, another problem is i cant check a password when im not on the internet
Similar threads
