Submitted by Doener23 t3_zwjrs2 in technology
Comments
passinghere t1_j1vclwg wrote
Seems that Bitwarden is usually well recommended and it even has a page on their website with full instructions for moving all your data from lastpass.
With the added advantage that their free service allows both android and PC unlike lastpass.
dubiousadvocate t1_j1vlfa2 wrote
How do they monetize their service?
jeffreyd00 t1_j1vqof6 wrote
They have a paid tier. Just go to their website
dubiousadvocate t1_j1vrg1s wrote
I’ll check into it, thx! It took me almost a decade to convince nearly all my extended family to use a vault service and at the time LastPass was one of the better ones. I spent much of the Xmas weekend apologizing and asking folks to change their MP. Embarrassing…
wpalant t1_j1vwns9 wrote
Disclaimer: I’m the author of the article linked by the OP.
I’m sorry to be telling you this but it’s too late for changing the master password now. It’s the master password in use when the data leaked that matters.
On the bright side: it isn’t very likely that the passwords of a regular “nobody” will be decrypted. I’ve outlined the considerations here: https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/
However, if you want to mitigate the risk, there is no way other than changing passwords now. Especially passwords of high-value websites (banking accounts, shopping sites etc.).
dubiousadvocate t1_j1w0amd wrote
Fantastic, thank you for the background and recommendations.
jeffreyd00 t1_j1vv1d4 wrote
I dunno why you felt the need to apologize. You didn't hack it, you didn't sell the company off to someone else that let it stagnant and fester into a liability for all of it's users.
grandspartan117 t1_j1x9h34 wrote
I’ve been using Bitwarden family plan for some time and it’s been a great service.
chess_1010 t1_j1wfuz4 wrote
For me, it is KeePass, hands down.
It keeps things 100% in your control: no cloud or similar service. For the tech-savvy, it's probably the most secure option that still has some good ease of use features.
It is not one I would set up my parents on - it's a little too "DIY" for that, but for someone who understands all the settings, it can be a very secure choice.
If you want cloud, it is doable through Dropbox, OneDrive, etc., but the actual KeePass file remains fully encrypted.
crispy1989 t1_j1whwin wrote
I'll second keepass (specifically, keepassxc). It is indeed a little more work to set up, especially if you want proper synchronization; but for something as critical to my life as a password manager, I don't trust any third party to act responsibly and in my best interest. It also has some neat features for "power users", like SSH agent integration, so all my private keys can be stored encrypted with the password database. Currently have keepassxc set up to sync through nextcloud and require both a master password and static key (usb stick) to unlock.
TXcfe t1_j1wwtdk wrote
Same here. I’ve been using KeePass personally for years now, and it’s the only password manager my company still allows (LastPass USED to be allowed). I use it with OneDrive to sync with my iPhone.
lethargy86 t1_j1x3f4m wrote
Strongbox on iOS/OSX is a KeePass implementation that’s pretty user friendly once you have it set up. Not free. But I love it on my iPhone and then use regular KeePass on my Windows PC with Google Drive. Probably even more streamlined on Mac.
WestcoastHitman t1_j1wp1fp wrote
Is use keeper. It’s well worth it imo
Tranquilelephant t1_j1xczxs wrote
Is it considered one of the best?
WestcoastHitman t1_j1xeffe wrote
APOLLO457 t1_j1zt58h wrote
Is Google's built in password manager trash?
lol-its-funny t1_j1zzxa0 wrote
Has anyone audited BitWarden?
[deleted] t1_j1v8enk wrote
So what’s the general consensus on which password app is the best to use? I simply cannot remember all the usernames and passwords I have.