254 comments

[ 2.9 ms ] story [ 61.5 ms ] thread
I am. So I don’t use it.
Wonderful article. Even we were working on the similar issue. One way could be, instead of using Symmetric key (probably stored in the browser - hence not safe) to encrypt passwords before sending to LastPass server, they could have used Asymmetric crypto system. Solution similar to this can be very helpfull in this case : https://www.youtube.com/watch?v=Slhwunm4oT0&feature=youtu.be Notice the private key never leaves the mobile device and hence the client does not has to trust on LastPass browser client.
Firefox Send uses something similar.
LastPass is just so damned ugly and terrible to use compared to well crafted products like 1Password.

It's like the phpMyAdmin of password storage.

As a not too impressed LastPass user, is it worth switching?
When LastPass got bought, I immediately looked for an out - I am happy with the move to 1Password.
It's shocking how badly designed and slow it is. They somehow manage to hide everything you'd use frequently under 10 clicks or taps, and by default organise things info irrelevant categories which you can only stop by removing each one individually.
At least it works on all platforms well. 1password is a disaster on anything not Apple.

It's usability (last pass) has been getting worse though....

You used to be able to go to a username or password field, hit the down arrow, and it'd let you select through your various accounts. I hate touching my mouse and loved that interaction. Really wish that came back.

I hope they took it away for a good reason, like a security vulnerability.

1password works perfectly well as a browser extension on both my Arch and GalliumOS machines. There is also a CLI that spits out JSON, and you can find (or code) a wrapper around it (or use jq to display the JSON nicely). Client on windows at work works fine too. Don't really understand where you're getting at with your criticism.
Have you tried 1Password lately? They used to be trash, but I use them on mac, windows and android and it is far superior to last pass in almost every regard now.
I've been using 1Password for a few years. It feels a bit over-featured to me. It has worked reliably though.
I don't get the hate. I've been a LastPass user for 5 years and it works for me most of the time. I've dabbled in 1Password, Chrome native password management, Firefox native, random Hacker News password manager recommendations. LastPass...still the best off...AND I got my brother and dad to use them and get excited about password safety.

What's so terrible about people using better and better passwords? It's not perfect but I am so much happier with my dad using LastPass versus the shitty password strategy he had before...it was post-it note password management.

Yeah, I also think it's interesting. I have been using LastPass forever and use 1password for work, and LastPass seems a lot easier to use for me. Both are better than using "password" as your password.

I will admit that I don't store my Google password in any password manager. That is the root of trust for everything, so I remember the password and use 2FA. The other accounts aren't as important.

I live in fear of forgetting my Google password (although I have several locations where my backup codes are stored) so I broke it into several parts and stored them with innocuous sounding names like "sister's birthday" and "plumber's contact info", but using a poem I know well as the phrase key. The times I've needed to refresh my memory it was very easy for me to retrieve it.
> ..my Google password in any password manager. That is the root of trust for everything

Why? Google is an Ad company...

Because usually Gmail is the place through which we can restore any other account.
Google for people getting blocked by Google ;) And there is nothing you can do.
Gmail. Reset password to almost any account via reset password Same is true for any email provider
LastPass on Windows doesn't stand out as being as shockingly ugly or ill-conceived as it does on macOS or iOS. It just sort of blends in with a lot of the undesigned applications that make up the Windows ecosystem.

That doesn't mean it isn't ugly. People deserve better.

> What's so terrible about people using better and better passwords?

This is a complete red herring - it's an argument for using password managers in general, not LastPass in particular. The issues here are whether it is being done in a way that unnecessarily compromises those better passwords.

There's nothing wrong with the idea of password managers, even physical ones might work for some people, but LastPass is just such a lazy, ugly, clunky implementation of one.

One organization I worked with accidentally created a password manager and it looked better than LastPass. Since it grew to become a huge security risk it got migrated to LastPass, which was barely useable and, at that time, got hacked, so that's a plus, and then migrated to 1Password the instant they added group vaults.

> It's not perfect but

I think it's fine to enjoy a product, but it's also good to recognise when something could be better. Anything can be better.

I recently made the switch from LP to bitwarden and have been incredibly happy about it. I can self host everything + the autofill and UI polish (browser extensions, mobile app, CLI) is much better. AND it's FLOSS ((A)GPLv3).

Even including the self hosting setup, my all-in migration time was <30 minutes.

I looked through a ton of other options like keepass and the author's own PfP. But mobile, web, and yubikey support are all very important requirements for me.

I love bitwarden also. Having tried a few password managers, it has the most pleasant mobile experience.
+1 for Bitwarden!

Switched to it somewhat over a year ago from LastPass after I read up on LastPass’ ‘security’. The only thing I dislike about Bitwarden is that on their iOS app it sometimes takes a while (>30s) to load the search function. I love that their chrome extension has a dark mode!

30s seems a lot, I never see that. Maybe it depends on the amount of pwds saved...
Their Android app is notoriously slow as well in search.
Same here migrated to bitwarden from lastpass. So far my experience with bitwarden has been great. Bitwarden apps are very good.
Ok, I'll bite... I tried to import from LastPass and ran into this error:

https://github.com/search?q=org%3Abitwarden+exceeds+the+maxi...

So the notes fields can't store more than 10k, which isn't going to work for me at all.

Update:

Found this python script and ran it. https://github.com/bitwarden/web/issues/194#issuecomment-464...

Only had two notes that were too long. Added them in by hand. Problem solved.

I love Bitwarden but this is indeed a big and weird pain.
(comment deleted)
In the comments on the article, someone asks about Bitwarden. The author mentions there's a possible vulnerability, but in depth research isn't worth it, because he doesn't get paid for reporting vulnerabilities. This scares me about all these 'better than Lastpass' open source alternatives. First, they tend to get less attention from the infosec community. Secondly, I need to make sure to properly secure the server I'm running it on myself, of which I'm not 100% sure I can do myself, nor most developers I've worked with, let alone any person not working in IT.
Bitwarden paid for a third-party security audit last year and no major issues were found.[0] They also have their own bug bounty program at [1].

[0]: https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assess... [1]: https://hackerone.com/bitwarden

Audits can be hit and miss, I’ve seen high quality code review companies just miss major and obvious mistakes in the security by simply not tracing the execution logic step by step in critical code sections and instead just scan the code for common known mistakes based on code fragment matching.
> Audits can be hit and miss,

The same could be said for proprietary applications, which may never see third party audits because 'meh, customers have no access to our source and IP protection or something'

They have a vulnerable disclosure program, not bug bounty, as they are not paying for bugs reported there.

Which is a shame, I have reported bugs to a lot of other password managers, but will not dedicate time to one that is not paying me for it.

They're 'paying' you by being part of a movement to improve society for everyone; which includes free use of their software.

Sure, you can't eat that, but man does not live on bread alone.

You'd tell a neighbour if they'd accidentally left their car door open, wouldn't you? Most people would even shut the door if they weren't around. Same principle.

That's not a fair use of word "pay". I get where you are coming from but it's obvious what he means and feels manipulative to use it that way.
Sure but we wouldn't go out looking for open doors. If you want me to patrol then you need to pay me.
(comment deleted)
> Most people would even shut the door if they weren't around. Same principle.

This is a poor example because finding bugs requires a lot more effort than giving a door a push (which I find a little spurious - I wouldn't touch my neighbours' car).

There is in practice an almost infinite amount of things you can donate time to and all else being equal (for example, they're all password managers) I doubt you'll convince most people by telling them they should do it because "it makes things better for everyone", they could be making everything better for everyone and still getting paid - that's the superior option. Even if I think you are correct.

I appreciate that they have a good way of contacting them with security issues, and if I found any by accident or used to tool daily myself I might report stuff. However, I will not dedicate time hacking something I do not use myself, to report stuff for free.
> I need to make sure to properly secure the server I'm running it on myself

I think, for practically everyone, it is far more likely that shared infrastructure (like LP or hosted bitwarden) would be centrally compromised. For example, this post mentioned compromising a safety check for all lastpass users by finding a single vulnerability on a single lastpass domain.

Unless you go to extreme lengths with your personal opsec, a targeted attack by a skilled attacker is pretty much sure to be able to compromise you.

(In fairness, I don't actually know if self hosted bitwarden is enough for all classes of attacks or if I should also compile the clients myself in order to remove any references to the main bitwarden domain)

> I think, for practically everyone, it is far more likely that shared infrastructure (like LP or hosted bitwarden) would be centrally compromised.

I believe the opposite to be true. Any use of Shodan or any vulnerability scan of the public internet provides strong evidence that centralized, funded and focused services do security better than 99% of orgs and individuals.

You can’t run infrastructure and app security better than a specialist SaaS company. You don’t have the same time and money.

Yes, the blast radius is smaller for self-hosting, but that’s small comfort when you are still inside the blast radius.

Attackers will spend resources proportional to the expected reward. Alone I am a low value target, but using a standardized solution makes me part of a huge reward pool. As such my strategy is to require manual work by the attacker to compromise me.

Combining a few of the shelf components (dropbox + keepass in my case) should be easy enough to not screw up so badly it isn't worth putting your eggs in a different basket as everyone else.

If you can pass your password database via something like dropbox (or your own nextcloud), then KeePass has had audits, for example by the European Commission's EU Free and Open Source Software Auditing project. And you don't have to trust your server that does the syncing.
Plus KeePass has the best Android client out of any password service, KeePass2Android.
KeePass2Android don't have those audit
The semi-recent ability for it to work with android's built in password filling has been really nice for me. It now works properly with firefox android out of the box, selecting the correct username/password based on the url. Previously the best way was to use the keyboard that it comes with and select the password yourself. Now it works everywhere.
In terms of intentions, Bitwarden is very open and attempts to do everything right while putting itself under scrutiny. I suspect that as the company gains more and more users they will grow into the top choice, ie, when they get the cash to hire 1-2 more developers (or even afford a high-paying bug bounty system, )

For example, I chimed in on github semi recently about there being a lack of automated tests and within a week somebody claimed to have decided to prioritize it. With other companies, 1) we wouldn't have known, and 2) we wouldn't ever know if it was fixed

TLDR, long term looks great for bitwarden, short term makes me a tiny bit nervous though

Edit: looks like they added 3 test files that I could find, which isn't terribly comprehensive but I assume there are more I missed on the other repos...

I second it. I also switched from LastPass to Bitwarden. The main reason was now my data which are online is more valuable than it used to be a few years ago and I don't want to be the scapegoat of their failure in case if it happens.

Another reason, It has a polished app and works flawlessly on all the platforms and I can host it myself.

How did you perform the switch? I reviewed lastpass export function and it outputs an entirely non compliant csv file. It's probably impossible to parse...
Why take chances or add complications?

https://www.passwordstore.org/

Keep it simple, keep it local, keep it CLI.

Been using pass for years. It's great and I highly recommend it. There are also some great browser plugin for it as well.
And now you have to trust the plugin author that he won't steal your passwords.
The plugin is open source and I have automatic updates disabled. And you can always use it without the plugin just fine.
I am a password store user, however it is a very nerdy solution. The use of git is it's biggest strength because you can host it yourself super easily, but your also stuck with git's awful ux. Also the lack of file name encryption limits the options of using free git hosts - maybe that's for the best, but it clearly limits adoption even more.
All the major git providers provide free private repos.
The file names being stored in plaintext makes unwilling to recommend even private git servers - if your worried about leaking which porn or torrent sites you use.
What password manager does tptacek use?
1password it seems: https://news.ycombinator.com/item?id=14777726

I’ve also seen it recommended by Troy Hunt (haveibeenpwned creator): https://www.troyhunt.com/password-managers-dont-have-to-be-p...

(I’m using bitwarden myself, couldn’t justify the subscription cost for my usage)

I'm also using bitwarden, but palent seemed skeptical about it in the comments. Here's a copy of the comment:

Reply from Wladimir Palant:

Unfortunately, I didn’t make notes last time I looked into this – the issues simply weren’t serious enough for reporting. And I only looked at a small portion of the codebase, so when I look at it now it will probably be some different code paths. So the getDomain() function I see under https://github.com/bitwarden/jslib/blob/dd46d5ecdd51f91dace5... is indeed using URL objects. It also knows that tld.js won’t handle IP addresses correctly, but it will only consider IPv4 addresses in dotted decimal notation and not IPv4 addresses in other notations or IPv6 addresses. All of that appears to be a minor risk but not an actual issue – assuming that URLs are already normalized when they get here (ok, let’s ignore the code prefixing URLs with http:// here).

The code at the bottom of this function is quite problematic however. Rather than ignoring non-HTTP URLs, this function will pass them to tld.js. But tld.js isn’t aware that non-HTTP URLs can have different semantics, so it will happily return “example.com” when it is fed something like “data://example.com,asdf/”. Oops, I think that one might even be exploitable…

I think I’m going to stop here. This needs a structured effort, not spending ten minutes every now and then. As I said, the codebase isn’t bad. But there are obvious issues that shouldn’t have been there. As always, spotting the issues is the easy part – proving that they are exploitable is far harder. I’m not going to spend time on that right now, so let’s just file these under “minor quality issues” rather than “security problems.”

I've never trusted password managers. I write the unique portions of my passwords in a notepad and combine those with a common but unwritten alphanumeric sequence to form my full passwords.
What happens if you lose your notepad?
What if someone gets a series of leaked passwords from you, can they get back the alphanumeric sequence and brute force the unique portion? What happens if your notepad gets stolen, do you have backups?
The uniques are quite long so good luck trying to brute force them. As for it being stolen, it doesn't leave my house. I've never been robbed but if I was I doubt they'd steal a small worn notepad sitting in a desk drawer.
The question was about backups, not about what a thief would steal.

What happens if your home burns down: do you have backups of the notebook?

What about backups, do you just lose access to everything internet if the notebook is lost? What do you do when you need to access something when you're not at home?
What if you get a bang on the head and forget how to reconstruct your password.
I wouldn't trust any password service that uploads my data anywhere, with or without the key (though especially with the key like here). I wouldn't trust it if it uploaded the password data to Dropbox or any similar service under an account I own. Even if the data is encrypted, someone can get access to it and work on decrypting it offline. That's simply too big of a risk considering the power of state actors, although I assume state actors would just get the data directly from each website and not need my passwords. Still, can't assume anything about any adversary. Others could certainly be capable of cracking an encrypted file offline.
To the same effect that means you shouldn't trust anything going over any network ever. They can just as well decrypt your TLS connection offline as they can an encrypted data store. In which case, why do you not trust when you send your encrypted password over an encrypted connection, but not when your plaintext password gets sent over an encrypted connection?
> Even if the data is encrypted, someone can get access to it and work on decrypting it offline.

That fear is irrational. While you go on to describe one reason for that, another is that cracking a solid encryption isn't something people can just do.

The vast computer power necessary to maybe crack something like a humble RSA1024 in 8 years can more easily make enough BitCoin to buy a small nation.

This is not an irrational fear given how Last Pass and many other password managers are designed. Last Pass (and others) derive encryption keys from their users passwords (via PBKDF-2).

Thus a (smart) attacker needn't guess the user's encryption key directly. They just need guess the user's password, "hash" it via PBDKF-2 with the proper params and see if it decrypts the data.

Using a sub $1,000 GPU and a table of common passwords obtained from popular website database leaks it's not that hard to crack the average joe's vault.

You are assuming Joe would use a "common" password to encrypt their highly sensitive password vault. Joe only has to remember one password since moving to a password manager. Even my mother uses a decent password for that. I'm not saying your situation isn't feasible but Joe has failed to use the product properly.

I think i saw that some of these managers have integrations with https://haveibeenpwned.com/ and that could extend to the vault password too. Maybe it already does.

Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.

The ironic thing here is randomly generated passwords produced by a password manager are highly likely to be more secure than the password that protects the password vault itself.

> Yes. Given how mass data leaks have shown just how bad people are at choosing passwords - I think it's a very safe assumption that a large proportion of Last Pass users have weak, easily guessable master passwords.

Indeed. Which is in part why we developed the Secret Key. Even if someone chooses a relatively weak Master Password and all of the data were stolen from our servers cracking even just a single password of a single user via brute force would be implausible. The effort to reward ratio is very high (perhaps insurmountably so) on the effort side.

Full disclosure: I work for 1Password.

With a salt and enough iterations of PBKDF-2, even easy passwords should be reasonably difficult to crack.

The problem of course is deciding what a reasonable number of iterations is, but given the time it takes to decrypt my password I'd say they use quite a lot.

The entire point of PBKDF2 is that a sub-$1,000 GPU isn't helpful.

It's certainly straightforward to use PBKDF2 in a way that is resistant to common / leaked passwords: add a per-database salt, then you can't go through the table in advance. For each individual user you want to target, you have to start trying passwords.

But even if you don't, the whole point of a password manager is to allow the single master password/passphrase to be something complicated. The average breached password should not be relevant here, and a good password manager's UX should encourage/force you to use something more complicated.

1Password, for instance, requires that you provide a 25-character random string in addition to your passphrase; it's not enough to just have the passphrase. I believe they're both used as inputs to key derivation.

Your arguments are sound in theory. But not in practice (for LastPass, 1Password has a better design). For example LastPass was deriving their encryption key with only 5k rounds of PBKDF-2 iteration (but used ~100k rounds to create their authentication hash)[1].

In LastPass's case, assuming the attacker has obtained a copy of the encrypted data, a smart attacker can ignore the authentication hash and just try encryption keys directly.

5k rounds of PBDKF-2 on a sub-$1,000 GPU is quite tractable to crack.

Was it a trivial thing for LastPass to fix? Of course. But that's not the point - if an attacker got a copy of the data before you fixed it - it's too late.

[1]https://palant.de/2018/07/09/is-your-lastpass-data-really-sa...

I’ve been using Lastpass for years. It’s not as unique as it once was but it’s still good.

Anecdotally, Joe Siegrist personally emailed me when I launched my first SaaS product to say he liked it. That felt great.

Sucks that Logmein bought it (horrible company who hates their customers) but glad he got a win out of that business for himself.

I use gopass. It's like an extension of pass. The difference is that it has support for multiple stores. And you can add different people to the stores and synchronize each store with git. I wrote a tutorial and a cheatsheet (mostly for me)

http://woile.github.io/posts/sharing-team-secrets/

Nice reference! On Linux I have a keybinding which opens a terminal with a fzf listing of my password entries. when I select the name I want, it types the password with xdotool into whatever is focused. I bet it's just as fast if not faster than the browser password managers' autofill.
Password managers like LastPass and 1Password have a significant advantage over offline database tools like KeePass: You can easily share individual passwords with your co-workers in a somewhat secure way.

KeePass for instance lacks the ability to do just that. You can either a) share the entire database or b) use multiple databases with different passwords. However, a) is not secure as your co-workers get access to passwords they do not need and b) is very inconvenient.

LastPass (or 1Password, Bitwarden) makes sharing individual passwords within your team very easy, convenient and secure enough. You can create shared folders and define permissions to access those by certain members of your team, and most importantly, deny access to other members. Is there any offline based password manager that allows you to do that (and is usable by the average Joe)?

when is it a good idea to share a password with someone anyway?
Whenever you need a shared account for anything.

It's the superior choice to sharing an existing/personal account.

And people will do it, the best you can do is making the sharing secure.

The scenario I often have is a group of sysadmins and you all need access to a vendor's page.

At home, I take care of most of the bills. There are a few services where bills are under her name and account, but I need access.

When there is no better option. For example some B2B partners only provide one set of credentials for their management interface.
My spouse and I share our streaming media accounts, for example. We also share passwords for the account on the utility company website, the phone company, and the internet company, some are under my name, some his, but they are really joint bills.

The other case I've run into is at work, when the company has an account with an outside vendor rather than individual users.

Some scenarios I have seen:

- You have a social media account that a group of people should be able to access. (Facebook does this "right," in that pages don't have their own login credentials, and you go through your personal Facebook account to access the page. But I kind of wouldn't want to use my personal Facebook account for work, anyway. Twitter, Instagram, Reddit, etc. treat each account as its own log-in-able entity.)

- You have an AWS account where you want to avoid a single point of failure for the root credentials. Yes, each person should use their own IAM creds for day-to-day use, but if person X is unavailable person Y should be able to get to things. (And for casual projects, "learn about IAM" is a significant burden over "learn how to upload pages to S3" for limited benefit.)

- You have a web hosting account from someone who's not AWS who gives you a single username and password. Or a DNS registrar account (most registrars I've seen don't let you split up access). Or whatever.

- You have a shared email account for replying to things as a team, or even for just archiving emails. Again, some systems do this "right" - if you're using Exchange, you can allow one user to access another user's inbox. But most people aren't on Exchange, they're on something like Gmail.

- You have an account for some service where you shouldn't be sharing passwords according to the service, but doing so is strictly in the service provider's benefit, not yours. Netflix is the canonical example.

Your root AWS account should have 2FA, and storing TOTP seeds in your cloud password manager makes it 1FA.
I have 2FA on my shared AWS account - my project partner and I both scanned the QR code at the same time. (You should be backing up your QR codes anyway in case you lose/break your primary phone; scanning it simultaneously with a secondary phone is a great approach for this.)

Even if this weren't possible, it would still be better to use 1FA than to arbitrarily pick one person to have root account access and lock the other person out simply because you "should" have 2FA.

Family sharing accounts for Netflix, Spotify, the thermostat, the newspaper, ...
Just make a shared Keepass database. You dont want to mix your personal and project password data anyway.
How well does KeePass support having multiple open databases? And ideally one would also want something like GPG where every sysadmin has his own password to the same shared file, which I do not think it supports.
In my experience, Keepass works great with 2 databases open.

On my work computer, I have my own personal DB and my Work DB open at all time. I mainly use the passwords for the web, and the Kee extension in Firefox and Chrome finds the right password without any problem, from both DB. I have my personal ssh keys stored in my DB as well, and Putty can access them without problem.

I can't speak for shared DB though, as I've never used it in that way.

Quite well, I always have my webdev, sysops and business kdbx open simultaneously.
So given the requirement to access passwords across multiple devices, what alternatives exist that stand up to similar scrutiny?

Ease-of-use and "looks pleasant" be damned, just security-wise. https://www.xkcd.com/937/

Keepass + Syncthing (with staggered backups)
This seems like the best solution for syncing with Keepass, especially since every new sync target needs to be approved.

Sharing password files via Dropbox, Google Drive, etc. is convenient, but how is that really different than what Lastpass does?

With Syncthing being peer to peer, there's a lot less opportunity for someone else to even know your password file exists.

I use KeepassXC which I sync to my home NAS from two computers and my phone. Keepass DX is the best Android app I've found and it supports opening the database with your fingerprint.

I don't see the fuzz here if needing to have a browser extension. When a site asks me to login every now and then, I'm ok with opening the app and copying the password.

Yes, KeepassXC rules them all :). I use KeepassXC on Linux and Windows, macPass on a mac (has same db format, but macOS Aqua interface) and MiniKeePass on a iPhone. I use two keepass databases (as data loss prevention). For Linux and Windows db is stored on a Dropbox. On a mac and iPhone on a iCloud. I merge them once a while.

However for many years I used just a single db for every device and didn't had a single problem with it. Started to used two, after I switched from Dropbox to iCloud on a mac and iPhone.

try Syncthing instead of Dropbox and you will be completely free of any third party provider risk
I personally use Syncthing, and it's fine as long as the computer you're trying to get data from doesn't go down at any time.
Syncthing is peer-to-peer, so I believe you'd only have a problem if _all_ the computers you're trying to get data from go down at the same time.
I wanted to like Keepass, but this is a lot of friction vs. the alternatives. Less context switching in my day is helpful for me keeping on task.
Same here. I've been a LastPass user for years before switching to KeepassXC. Actually, one of the things that made me switch is the browser extension. As a web developer, I had a hard time keeping all my sessions open (I had a rather strict policy at the time) between my browser sessions.

So I switched to KeepassXC, which allows me to have a cross-platform app, and the database is stored inside my Google Drive. I also use a security file that's kept out of the Google Drive as another security layer.

Oh, and the auto-type feature of KeepassXC is amazing. Some sites have a weird username/password combo scheme, so I can program KeepassXC to enter the correct keystrokes for a given website. Works perfectly.

The threat scenario described by the article: If someone within LastPass wanted to gain access to your passwords (e.g. rogue employees, or via court order) there is a way that the extension could be made to upload your vault key back to LP if you click on certain things within the extension, namely some parts of the preferences, or something like that. Any such change would be publicly detectable, but could theoretically be targeted to avoid widespread notice. So in other words, the vault itself is not fundamentally flawed, but the design of the current extension doesn't proactively firewall against LastPass turning into a bad actor.

My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.

As a long-time LastPass user I appreciate this kind of analysis, but this is just not something I have enough cycles in the day to let bother me. BTW the last time I opened my preferences was 3 years ago. LastPass is quite open to scrutiny and what's important is how responsive they are to new findings -- very responsive, from everything I've ever seen. Including many findings from the author of the article.

By far the biggest problem with LastPass is that it sometimes just doesn't apply (or misapplies) the password or username to the appropriate form entries, and I have to go find it and copy it. Occasionally it also misses the saving of a new password (that it generated) and I have to put it in the vault by hand. I suspect this is a really hard problem given the massive variety of forms out there, but would be curious to hear if other password managers never have these issues.

The user experience declined slightly after lastpass got acquired.

For a year or two, lastpass for Firefox didn't have the copy option for usernames and passwords. I had to edit, show password, then copy.

The autofill problem became pronounced after the acquisition as well probably through no fault of the new owner. Many sites like Google and Microsoft have switched to a multi-step login process where username is entered first and password is entered on a different page

Also a proof of sites abusing autofill & hidden forms to steal passwords probably influenced the current situation.

I found my perfect ux with password-store, xmonad, and xmonad-contrib's pass prompt module. It takes a bit of time setting up but it pays for itself. I don't store any passwords in my browser and filling in passwords is super quick with fuzzy completion.
How do you sync the passwords between devices (including mobile & non-linux) and keep them backed up?
Not the op, but it's easy to sync and back up because it uses git. Password store on android also supports this.
Yup, it's just git. Passwords are files in a git tree so you usually do not run into any conflicts unless you manage to change the same password on both ends, which also should be easy to resolve.
How do you manage mobile (iOS in particular)?

UP (uncle post) mentions a home-made Android app to sync... is there a more mainstream option?

I use the same setup as the GP.

password-store uses git+gnupg so backing them up is a matter of distributing the git repo. My git repo lives on each of my laptops and I have a 'central' host of it...so it's backed up via distribution.

For getting passwords to my phone I use a homemade Android app + small web app that sends them to my phone encrypted on-demand from my laptop or desktop. There are Android apps for using password-store but you have to put your GnuPG keys on your phone for that and I prefer not to do that.

Two years ago I submitted a ticket asking them to add the "copy password" option to SSH key type entries. A simple and obvious feature. They said they'd look in to it, then nothing. Meanwhile in that time all I've seen them change has been the animations in the menu.
Fascinating. I submitted the same ticket a month or two ago, with the same initial response.

(Now I just stopped holding my breath. Ah, breathing is good!)

Just use Bitwarden now. It has everything Lastpass has, used to have, and more. And most importantly, you can run your own server.
Also switched to Bitwarden the other day and it's far superior. None of the irritating bugs Lastpass extensions/integrations had, works perfectly on Firefox, Android, 'web' etc. In general it feels a lot less clunky and it's Firefox addon for instance has many more quality of life features.
My one issue is that their desktop app takes a long time (several seconds) to open on my Mac, possibly because it uses Electron. And, I wish they had a bookmarklet like LastPass does, for rare situations where I can't use an extension.

But overall, yeah, it has been better than LastPass.

The things that Bitwarden lacks for me is a global hot key to search my vault and the ability to only have the app running my menu bar so I don’t have to see it in my alt-tab options. Haven’t looked into Bitwarden enough to see if there is an API to write an Alfred workflow or something to search the vault.
Lastpass seems to work fine for me on sites with multi-step login like Google.
FYI copy password works after installing the binary add-in on Win and Linux at least. Why this is necessary I have no idea however.
It was because of changes to Firefox's extension system. That said, communication about this was suboptimal. I would have liked for the UI to inform me of the binary option to get back that functionality.
I moved to 1PasswordX for this feature alone. No binary required.
I have LastPass with binary component installed and copying passwords doesn't work on Ubuntu 16.04 LTS with LP support confirming the issue without ETA.
I'm using Firefox on windows, I don't have binary component installed but Copying Password works for ME. Here's something you could try:

Go to a site with saved passwords e.g. http://news.ycombinator.com

Lastpass icon changes to show you have an entry. Click the icon, click "Show matched sites." Hover over the entry and you'll see three buttons: Copy username, Copy Password and More options.

I'm assuming these buttons don't work for you. Right-click instead on the entry and you should see a menu with the following items: Autofill, Copy username, Copy password, Copy URL, Go to URL, Edit, Delete.

Try the copy password entry. Hope it works for you.

(comment deleted)
I'm pretty sure this is fixed in the latest version. I can copy the user/pass directly from the extension menu. It also works fine on Microsoft and Google.
LogMeIn is where products I genuinely loved go to die.

Years ago it was Hamachi (the LAN-over-internet software). Then it was LastPass and via it XMarks (itself acquired by LastPass shortly before). XMarks suffered much more grievously than LastPass — I suffered data losses on multiple occasions before finally throwing in the towel.

> Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.

This seems to me like a great argument to avoid all cloud based providers and their mobie apps. Especially when opensource, time tested, self-hosted solutions exist.

You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.

> You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.

From my practical observation: People will go to great length to avoid dealing with a crappy UX. That can include falling back to "YOLO, I'll just use the same password everywhere" if the password management process is sufficiently atrocious. So I'd say good UX is part of the security concept, bad UX will compromise it.

For me, the UX of maintaining an improved security posture is quite an important part of these products success, I get improved security and the product doesn’t make me think. The only way it could be better for me as a long term LastPass customer is if I had a good/safe tool to synchronise with the macOS keychain for improved redundancy and providing myself a future “exit strategy”, I rarely have to think about my use now that its integrated into the native iOS password prompt.
> You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.

Maybe, but a good UX goes a long way to convincing people to use the solution. The best security solution is the one you actually use.

> Compromising security for better comfort is not a very good strategy.

This approach is exactly why the vast populace has essentially no security. I'd be glad if my parents were to switch to last-pass, as it is so much better then weak password re-use schemes.

I'd say that compromising security for comfort is a given, its guaranteed to happen. The best strategy here is to make sure that users will have the most security after the compromise.

> You seem to be more concerned about UX than security. Compromising security for better comfort is not a very good strategy.

People are reusing passwords and writing passwords down on post-its specifically because they haven't found sufficiently UI friendly options of password management. Regardless if that is out of ignorance of available options, UI not being friendly enough for them, or some other technical hinderance.

A compromise isn't weighing between an ideal scenario and your current situation. A compromise is finding an optimum between value extremes in acceptable real world scenarios. An ideal security extreme is a disconnected system, but that's never something you can compromise towards since the comfort/usability reaches 0.

You're trying to move security up by getting users away from pass reusage and post-its. In this case added comfort happens to also be increased security.

> This seems to me like a great argument to avoid all cloud based providers and their mobie apps.

Any app that gets updates is vulnerable to that type of attack.

The open-source, "time tested," self-hosted solutions do not check that the website you're trying to paste a password onto is the website you should be pasting the password onto. That is a real and serious security risk, and the fact that the open-source solutions don't attempt to solve it does not mean it should not be solved.

I think a lot of people feel uncomfortable giving a proprietary product access to their passwords, and feel more comfortable doing the copy-and-paste themselves. But compromising security for better comfort is not a very good strategy.

>The open-source, "time tested," self-hosted solutions do not check that the website you're trying to paste a password onto is the website you should be pasting the password onto

Keepass has a third party Firefox extension that does this. Bitwarden is open source and has their own extension that does the same.

You can edit form fields for every password entry to fix the "filling out the wrong form entry" problem.
> My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.

I respectfully disagree that apps are the same as webpages. The big difference is that apps are signed, so if things are done properly, you only have to trust the devs of the app and whoever operate their CI. Web pages on the other hand have no such security (yet), which means you also need to trust the cloud provider, the CDN, the fact that the website was not hacked, the ops team of the password manager, and probably anyone who is able to make a valid SSL certificate and might do MITM...

Disclosure: I work for a company that makes a cloud-based password manager.

If, like most people, you're downloading the extension via Google/Safari/Firefox, then it really is no different than apps.
Extensions are fine. The issue is only for pages served from a webserver.
I too don't have time to worry about this kind of attack, which is why I don't use web-based password managers. I just use KeePassX and copy/paste.

I don't have time to really think about all this complexity and what it means for my security. So I just avoid it entirely.

I use KeePass too, great little program. It isn't as "mobile" but I don't really see the benefits of online solutions. It certainly isn't added security.

The website from the service in question also suffers from severe JS-errors on their page (FF 66).

KeePass here too. On Android, it is absolutely terrible paired with Dropbox. I'm not sure who to blame, but the database will not stay up-to-date and I have to click and re-open my key file _every_time_. On a fresh install, it stays good for several months, then it will get out of sync and I'm not sure how to get it back to in sync.
Which Android port are you using? There isn't an offical one, so you may have better results trying a different one.
Fair enough. I just noticed down below someone was using keepass2android or similar. I'm using keepassdroid, and I noticed they have an issues page. Filed one. I might investigate bitwarden if I get bored[1]. Thanks btw, it really did not occur to me actually that there would be other versions.

[1]something that will not likely happen between family, work, and chores around having a large property

FWIW I use KeePass2Android and I sync to my OneDrive. I have no issues with it on Android 9 on a Huawei device running EMUI 9
It works perfectly for me (Keepass2Android). Unfortunately Dropbox limiting syncing to 3 devices will likely make me using something else.
I always launch keepassdroid by going into Dropbox and opening the database from there, rather than by launching the app directly.
The Android (and iPhone) apps have always been more trouble than their worth, IMO.

I always manage my passwords on my computers, and type in on phones as needed. Simpler and just works.

To easy the pain of typing passwords, I always follow a consistent format that's easier. Example:

7,#/T8z%FS%zht6S

ctaq.zwjd.qnbu.ut1A

The first one is terrible to type on a little Android keyboard whereas the second is a breeze, and still perfectly respectable as far as password strength goes.

This logic sounds like "I've heard that if your car falls in a river, wearing a seat belt makes it harder for you to get out. I don't have time to worry about whether that's a real problem, so I just don't wear my seat belt. Too much complexity."
Not at all. This person is choosing not to accept additional risk, and is engaging in strong mitigation by using an offline password manager.
Plus there's nothing preventing you from using your favorite sync client (eg. Dropbox) to get the same "cloud" functionality.
ding ding ding.

I use a few different versions of keepass on two laptops and an android, and they all share a keyfile through dropbox. I get most of the same functionality that my wife does through LastPass. It's convenient enough that I don't see any reason to migrate to LastPass, despite their much more polished user experience.

> more polished user experience

I'm forced to use LastPass at work, and personally find KeePass to be a much better user experience.

KeePass is more secure than LastPass, not less. I've tried a couple different password managers, but always come back to KeePassXC with a simple auto-type workflow. My reasons:

A. The auto-fill extensions don't work on enough sites to make it annoying (maybe ~20%). Auto-type is a more consistent workflow for me.

B. Lastpass (and friends) browser extension doesn't do anything for desktop apps, SSH sessions, or anything outside the browser. You have to copy and paste one at a time.

C. I like all my passwords to be a particular format because it frequently happens that I have to type them in manually (Phone, vCenter console, BIOS, etc.) and I just like that to be easy. (I use 5 groups of 4 lower case separated by periods, with one number and one upper case letter in the last group. Still very strong but also manageable to type into an iPhone).

D. I like to record more than just passwords (the email I used, answers to security questions (always random, but legit looking), bank and credit card details, stuff like that). The KeePass UI for keeping those kinds of notes is just so much cleaner, simpler, and better than anything else.

E. KeePassXC has first class support for Yubikeys.

But, now this logic sounds like "I'm so fantastically absent minded, and unable to craft reasonably complex strings, such that I cannot be expected to memorize a trivial data point, according to a mnemonic system that relates a website to what is essentially a house key, so instead, I hired an untrustworthy doorman who just leaves my keys on a hook in the lobby and lets anyone waltz in and key into any front door they like."
This strategy makes you more susceptible to phishing, which is a much more common attack and requires vigilance to avoid. I think the reduced phishing vulnerability for browser extensions is worth it.
>This strategy makes you more susceptible to phishing

One mitigation is to use Firefox account containers.

If I navigate to what claims to be Bank of America, but the tab doesn't open in my "Banking" container, that's a huge red flag.

Also, as another poster mentioned, Lastpass sometimes fails to autofill. Unless a manager can achieve 100% error free operation (unlikely), even autofill managers will also have a risk of phishing.

I don't think there's one correct answer. For me, as an expert who's confident about my security posture (2FA, verbal passwords for vendors that can reset 2FA, backup codes stored securely offsite), I value the simplicity of Keepass.

> LastPass is quite open to scrutiny and what's important is how responsive they are to new findings -- very responsive, from everything I've ever seen. Including many findings from the author of the article.

That is nice, but it is not sufficient mitigation for the issue to be dismissed.

There are more concerns in this article than the title issue, and it seems that in the past, LastPass has made some questionable design decisions that did turn out to have problems that needed to be fixed. I hope and assume that, prior to adopting these design choices, LastPass analyzed the risk and concluded that it had avoided creating any vulnerabilities, but nevertheless, there were some that it had overlooked.

If you continue in this manner, you are increasing the risk of creating a zero-day vulnerability that gets exploited, and I would guess that a central repository of passwords would be a particularly attractive target for bad actors. I would much prefer a security company to stay away from questionable design choices, rather than have rather complex and more-or-less tendentious arguments that the way they are doing it is safe, especially when there have been cases in the past where their arguments were not sound.

> This is just not something I have enough cycles in the day to let bother me.

Another reason to prefer KISS. If the vendor had refrained from making questionable choices that require complex analysis (such as the decision to fall back to server-provided pages for parts of the browser extension functionality), trying to figure out whether it matters to you would be less of a problem -- to the point, maybe, where you don't fall back on an "I can't be bothered" attitude.

The main annoyance I've had is that for some sites it tries to save 2FA one-time passwords as the new password. Accidentally click "ok" and you have to go through password recovery.
Password history is your friend, there.

My annoyance is lately it's become less skilled at detecting password changes properly, even when I'm invoking 'Generate Password'.

Ooh, I didn't know about that feature. Just googled it. Thanks :)
Lastpass' password history saved my wife from losing multiple accounts. (Chrome's password autofill was overwriting Lastpass and thus messing up certain sites)
Regarding your issue with LastPass, I use Dashlane and those issues used to plague me when I first started using it (~2 years ago). I recently noticed though that it's gotten way better.
With respect to the password-creation problem, I find the entropy of the passwords LP creates too low in any case, so I create them from /dev/urandom + base64. I've never had LP fail to recognise these hand-generated passwords.
> I find the entropy of the passwords LP creates too low

What do you mean? How are you measuring that? How do you think that would make a password of the same length and character set less secure in a practical way?

The password length defaults to too short, and in some circumstances is seeded poorly.

https://security.stackexchange.com/questions/77345/security-...

You can change the password length to whatever you want... and your link says it uses window.crypto functionality which appears to be supported in every single browser including back to IE11. [1]

So it seems like LastPass-generated passwords are fine?

[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/cryp...

Probably. But in the link I posted, did you notice the qualifier "as secure as your browser's implementation of the Web Cryptography API"? Also, AIUI, Webkit implements no PRNG so some Webkit-based browsers might have stupid implementations of the SubtleCrypto object.

The thing is, there is a chain of things you have to trust wrt the LP generator: Has the OS implemented the backend API correctly? Were there issues in the browser build that mess up the entropy derived from the OS seed? Has the Javascript done anything stupid?

In comparison, I have complete confidence in the entropy of the passwords I generate via CLI.

Wrt. password length: yes you can change it. But the dialog is a bit of inconvenience that tilts away from the hassle of switching to my terminal and typing "suggest-password". And I have something of a moral objection to password generators that default to insufficient entropy.

>By far the biggest problem with LastPass is that it sometimes just doesn't apply (or misapplies) the password or username to the appropriate form entries, and I have to go find it and copy it. Occasionally it also misses the saving of a new password (that it generated) and I have to put it in the vault by hand. I suspect this is a really hard problem given the massive variety of forms out there, but would be curious to hear if other password managers never have these issues.

Agreed, ambiguously named form input fields cause all kinds of havok, I helped our UX team track down one in our application because it was breaking my lastpass =)

For the second issue, I've just adjusted my workflow to accommodate LastPass's peculiarities. I just click "Generate Secure Password", copy it to the clipboard and fill the form myself. Then I have a copy of the password on the clipboard should LP miss adding the site properly.

While it's a slight pain to work around that particular issue, it's far better than what I used to do with regards to password reuse.

> copy it to the clipboard and fill the form myself.

I'm not that familiar with mobile dev, but could a rogue app just sit in the background, making a copy of whatever's in the clipboard?

If you have such an application installed... the system has already been compromised.
LastPass recently made a change to how they save generated passwords, it'll prompt you right after filling it instead of waiting for the login to succeed.
I was very happy when I started seeing that, that's been a huge improvement.
If you're within the same session, the Generate Password popup likely has a down-arrow next to it that will show you a list of recently generated passwords. This has been useful occasionally.
> My $.02: Given that all the cloud-based password managers have their own phone (and even desktop) apps, this seems like a moot point since a bad actor could push out an app update that does anything with your keys anyway.

I think this is a good argument against cloud-based or auto-updating password managers in general.

I subscribe to 1password where your data is synced to their servers.

I'm not sure if this is a good idea now that I've read this...

I am using pass - the standard unix password manager. It's simple and just works. It's built on gpg and git, and resides on any disk you like.

https://www.passwordstore.org/

I also started using pass when migrating. I've been nothing but happy with it. It's fast, easy to host either at home, or through Bitbucket or Github, and has clients (which IMO could all be better) for just about everything i need.

I wish the iOS app would support tombs/vaults though. https://github.com/roddhjav/pass-tomb#readme

It's only standard according to its website though.
As an aside - pass was made by Jason Donenfeld, the same guy that created Wireguard.
pass is amazing, as it makes synchronization incredibly easy in comparison to keepass. It even has a decent Android app. My biggest issue is that using it isn't nearly as convenient on Windows as on Linux, although WSL makes it quite simple.
I have 250+ passwords in pass and it hasn't failed yet. Been using it for years. It's the only password tool I would consider using.

It also happens to be great at storing any amount of sensitive text (API keys, etc.).

All the hate towards LastPass... but man, there are so many great tools with LastPass that the other services simply don't have yet.

Given I haven't looked into it in a year or so... but the Dead Man's Switch alone makes it worthwhile for me. My lawyer has this, and 30 days after I kick it he can go in and delete all my accounts.

Sharing passwords with a team, it's really helpful. Being able to share access, but not the password itself... really nice feature.

The password audit, showing me how old my passwords are, or which ones are weak... it's nice to have a sanity check on all this stuff.

Anyway, been on LastPass for a decade or so... tried a few others, always find myself back with LastPass since the others don't quite have all the features I want.

> Being able to share access, but not the password itself... really nice feature.

How you just share access? You mean the password is autofilled?

> Sharing passwords with a team, it's really helpful. Being able to share access, but not the password itself... really nice feature.

1Password offers this as well. Not allowing the end user to reveal passwords it isn't an ideal solution. The password can easily be obtained by anyone who is capable of using the browser's developer tools. Simply inspect the input element after it has been filled and the browser will give the secret away. The only way to be sure someone doesn't have access to an account after you've shared credentials with them (even "hidden" credentials) is to change the credentials for that account.

> The password audit, showing me how old my passwords are, or which ones are weak... it's nice to have a sanity check on all this stuff.

1Password also offers these sorts of checks.

> Given I haven't looked into it in a year or so... but the Dead Man's Switch alone makes it worthwhile for me. My lawyer has this, and 30 days after I kick it he can go in and delete all my accounts.

This, admittedly, we haven't found a good secure way to implement yet. Our current recommendation is to share your Emergency Kit with your lawyer, or whoever needs access, perhaps in a sealed envelope marked to only be opened upon your death.

Full disclosure: I work for 1Password.

Thanks, saved me having to look at things myself.

You'd know, is there a tool that would let me migrate all my passwords from LastPass to 1Password? I think I have like 3k passwords and the thought of manually building that DB up again is daunting.

I use KeepassXC, sync the DB via file syncing, no 3rd party servers to trust.
Am I the only one who uses Google's built-in password manager?
If you mean Chrome you shouldn't do that, Chrome stores your passwords in a SQLite database locally, anyone can access that very easily
I never really trust a binary provided by someone which also talks to a server operated by the same entity. There is no way for me to audit an arbitrary binary (or application with source, in any reasonable way), particularly since it is regularly updated on both ends.
For me, cross platform, offline access, and good UI are paramount. LP checks all that but random scripts on a Linux command line doesn't even remotely cut it.

Firefox's password safe comes close it seems, but I haven't read too many opinions about it.

If you can login to a browser and use the one password they can reset on a whim to pull your passwords then it is all in their hands anyway.
I never got comfortable with lastpass or 1password, i usually find enpass in middle ground. They don't have recurring cost to maintain webserver and security.

For me ideal is keepass but once got db corruption when syncing with dropbox like service. Hence went with enpass which allows me to sync password across devices and encrypt with keyfile and master password like in keepass.

.

I use my own password manager and would not trust many proprietary third-party developers to get things right. Most of them have a long history of failures.

It's safer to self-host and store encrypted backups elsewhere for integrity. If you're not familiar with encryption or cryptanalysis, then you can use some open source encryption programs and a text file on an encrypted partition. That's a thousand times more secure than any proprietary online password manager.

For some passwords it is also more secure to keep them in plaintext on physically secured notes. It depends on the threat scenario.