|
OSI bean dip posted:Do not use LastPass. Can you elaborate on the reasoning for this? Any theoretical vulnerabilities with LastPass? Assuming you have a strong pass-phrase that isn't used anywhere else and use TFA what is wrong with LastPass that local password management like KeePass solves? I understand that ideally you would want an attacker to need access to your password database and that you can control that if you don't hand it to a third party but if you aren't dealing with a nation state level attacker I don't see how they are going to get through AES-256 with a 30 character passphrase and TFA. Keepass alone without more stringent browser security isn't going to keep you from entering you password on a XSS compromised page while LastPass has that functionality built in. * For the sake of argument lets say that an attacker can pwn your personal computer just as easily as they can pwn LastPass's server so they have access to your password DB either way. If we go from that assumption what advantages does KeePass have over LastPass in terms of security? Carthoris fucked around with this message at 21:30 on Aug 6, 2015 |
# ¿ Aug 6, 2015 21:25 |
|
|
# ¿ May 2, 2024 01:30 |