LastPass Got Hacked, Time to Switch to KeePass

> removes all features
> becomes paid
> gets hacked
> refuses to elaborate
> dies

wiger_

>The virgin password manager
>The chad “write my shit down in a book and store it somewhere safe”
Ayy lmao

bigsyrup

The reason why Keepass is good is because you handle the database file yourself and what type of security you use on it. Rather then trusting that LastPass cloud or another companies cloud.

ComradeRachel

The virgin freemium cloud vs. the chad self-hosted lad

Brancliff

I keep all my passwords in my head, Security gets better with age. Once the dementia update kicks in, Even i won't be able to get my passwords lol.

ndl

That's the beauty of offline password managers. Before you even begin to hack one, you very likely need to get through some password authentication first.

luszczi

Ah yes, the company that thought they could make money by starting to charge their users for using a simple password manager. I'm shocked they had any users left.

bitsloth

Looking at the incidents where master passwords were allegedly stolen - it appears to be either credential stuffing (using passwords from other hacked websites), or something client-side to try to nab the password before it's encrypted (usually a vulnerability in a browser plugin).

Should be noted that things like keyloggers can nab passwords from both cloud and local password managers - so a huge part of your own security is ensuring your own systems aren't compromised.

In the case of the incident reported by BleepingComputer in 2021, there was apparently a bug in a system LastPass was developing to warn of possible credential stuffing.

logicalfundy

I deal with LastPass/LogMeIn’s support staff on a regular basis and can attest that if LastPass says everything is fine, everything is most assuredly as far the fuck away from fine as possible.

jsan

Also worth a mention, KeyPassXC has a browser integration addon by the developer too so you wont even have to copy/paste passwords if you don't want.

terminalvelocity

We need an alternative software list video. First RustDesk, I2P and now KeePass. It would be helpful to have all these in 1 video so viewers can make decentralized choices first, rather then as they watch more and more videos👍

deadcrypt

I agree with most of your points here. I disagree with the assumption that open source code is actually looked at by a lot of eyes. Several security issues have arisen and affected a vast majority of projects because that's exactly what's not happening

xx

Hey man, just wanted to say I appreciate u bringing this type of stuff to the public. Thanks!

CubicsLetsPlays

I adapted using password managers a few years ago. Before that, I was the kind of person who would save them in browser. LastPass was the one I chose, because let's be honest, it is the Chrome of that realm, majority who uses a password manager, is most likely using LastPass. But I never liked the UX personally and was looking for an alternative that works for me, open source or not. So like just after a month of adapting to the password manager ways of things, I made a switch from LastPass to Bitwarden and was it an upgrade in every possible manner. It is FOSS and it's UI/UX is crazy simple that works for me. Never looked for an alternative ever since because I don't see anything being better than this, not at least for me personally.

eddiethehead

Thank you for pointing out that open source code is more secure than proprietary code! I wish more people would understand this when they go to the voting booth!!!! We will never have any ways of knowing that our vote has ever counted if we don't have access to the source code!!

raiden

I've had an experience with LastPass I can only describe as outraging. I tried to copy a password one day, only to realize the password I copied actually wasn't my password, it was a corrupted Unicode string. Some other passwords had the same issue. I was locked out and unable to log in to some services that I really needed to log into to do some work. I contacted support and they told me the engineers are aware of the issue and it will be fixed in a WEEK.

This is on the level of installing a smart door lock for your home, the servers malfunctioning, and support telling you to sleep outside for a week as the engineers try to fix the servers.

alex

Hacks are exactly the reason I've never used a cloud password manager. Way too big of a target. Until now I've been using randomly generated passwords that I store on an encrypted note, but KeePass + Syncthing sounds like perfection. I'll definitely be switching to that.

TravellerHD

Switched to keepass xc months ago. Took a lot of time resetting a ton of password to safe randomly generated ones given by it but I believe it was worth it overall. Have it on my desktop, laptop, and soon android phone. Pretty upset though that Apple iPhone doesn’t have it.

Edit: Thank you for showing the iPhone version. I didn’t know there was one compatible with an iPhone application of keepass.

dannydogs

Switched to Keepass and KeepassXC years ago. Keeping your own passwords on 2 usb keys and a computer for backup reduces your risk to you giving up your password and Keyfile. Use both and put 500 random SSH Keys on a usb key, luck, if I loose it very few people that will ever be able to break encryption.
Thanks for the video and heads up !

wildmanjeff

I feel like these “password managers” are all vulnerable. And yet they “claim” that writing passwords on paper is “extremely unsecure”.

Yeah… if they claim something that everyone is doing for decades is suddenly “unsecure” is all just to get you to “buy the solution” and make storing passwords “easier”

Blood-PawWerewolf