I fully expected them to tell me to pound sand… but they sent me the NDA. I reached out directly to LastPass, asking for access to similar information as the author of the above article, indicating I would be happy to sign an NDA as well.Unfortunately I can’t seem to find this article, years later. This was based on having reviewed “behind the scenes” information that he was under NDA not to disclose in specifics, but which he described enough to get me interested. I read a very interesting article in which the author provided generalized opinion about the security at LastPass. LastPass had demonstrated that they knew how to handle proper security incident response 1.There were three key pieces of input that convinced me to try LastPass, which I would end up using until November of 2017: They talked good talk and I wanted to know if they walked the walk, so to speak, when it came to security. They were still a standalone company at the time (more on that, later), and I was curious. At the time, none of these was to my liking.Įventually (two or three years later), the inconvenience of having to keep up with that USB drive (and a couple of scares that had me convinced I had lost it yes I had backups no, double-encryption didn’t make me feel ok with that) led me to deciding to move my data into the butt.Īround this time (end of 2014), LastPass was getting more and more popular. There are many ways to set up butt-based sync services with KeePass, either leveraging one of multiple plugins to the app itself, or setting up your own favorite butt sync service to make sure the KeePass database is always available.Ī number of articles provide guidance on how to set up your favorite butt syncing service. Threat models adjust over time as we become better informed. One could certainly ask why I bothered with double-encrypting, given that KeePass encrypts its vaults to begin with, but I figured double encrypting was better than single encrypting, and given the relatively high likelihood of losing a USB drive, I felt it prudent at the time. There are some issues with this approach that I encountered, such as losing the USB drive, the USB drive becoming corrupted, or not having local administrator rights on a machine that I needed to access my passwords from (required for TrueCrypt at the time, and still required by its replacement, VeraCrypt, for at least some features). I carried it around in an encrypted TrueCrypt volume that lived on a portable USB drive. Years ago (read: 2010-2011ish?), I used KeePass. In that light, these posts are also about why I made the decision to stop trusting my passwords to LastPass after three years of use, why 1Password is not currently a reasonable alternative (in my opinion), and why I ultimately went back to using KeePass and my own syncing solution. This is one step in my ongoing quest to improve the security of my information and systems. These posts are to documement my overall experience with different password storage solutions, and an amateur evaluation that I performed from the perspective of a customer/user of different password vault options. LastPass versus 1Password versus KeePass, part 1
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |