Sounds like you’re making things more complex/worse by having to do it manually via Keepass.
Another reason to not use the Lastpass Authenticator app for Android: https://hackernoon.com/lastpass-authenticator-app-is-not-secure-77b9743c3007
Keepass isn’t complex.
All you have to do is manually sync the file, how often do you update your passwords that require this anyway?
Why do you have to manually sync the file? With Dropbox it just goes in a folder and Dropbox auto syncs it. The only time I can see having to manually sync it is on mobile maybe.
Great. Which is why I use Lastpass (not for the authenticator though) and not some other lesser-known apps. They have resources towards fixing this stuff.
For people on a budget or ultra cheapskates, Enpass’s Pro membership is $4.99 instead of $9.99 USD for a limited time.
I’m using the LP authenticator, because the backup feature seemed most convenient while still providing ‘good enough’ protection for me.
How does Authy work with a new phone? Don’t you need the old phone number and master password to access backups? Or do you rely on the ‘multi device’ thing to copy from desktop to a new phone (and delete the old one)?
Lastpass is for ultra-cheapskates, because it’s free-- there’s no particular reason to pay. I’ve been looking at Bitwarden, but just have no reason to switch.
When you install Authy on a new phone, you will need the old phone number and your master password, yes. I use a google voice number myself. I believe there’s some way to authenticate using an already-authenticated copy of Authy on an existing device also.
Yep. If you have Authy on another phone, or on your PC (either standalone app or Chrome plugin), you can have it prompt your existing Authy devices to authorize the new device.
Douchebag LogMeIn (new owners of LastPass) just abruptly doubled the subscription price of GoToMyPC from $203 USD to $406 USD so I’m worried they’ll do something to LastPass in the future.
They already doubled LastPass subscription. If they doubled again, that will be like a 300% increase!
Note that the article refers to browsers’ native password managers but I don’t see why it couldn’t work on third party plugins like 1Password and LastPass. I’d anticipated this sort of attack for years after seeing the wrong fields being helpfully filled out a few times leading me to disable AutoFill.
I don’t see them doubling Lastpass again, as 1Password only charges 50% more ($36/yr). They could easily match that, of course. But unless they also cripple the free tier… who cares? There’s no strong incentive to pay for Lastpass right now.
If they really piss me off I’ll go to Bitwarden. I would have done it already just for the hell of it, but Google’s Project Zero put in a ton of effort to help secure Lastpass and Bitwarden hasn’t completed a code review yet.
I can’t speak for LastPass, but I’m pretty sure 1Password doesn’t offer any kind of autofill feature. I believe you could stealth in some invisible fields with identifying information when you sign up for a website, and those tools might well capture it and resubmit it later, but that still requires a user action to sign in on the subsequent visits. This attack is aimed at a more passive scooping up of user data.
Well this is disturbing.
Received an email a few days ago from steam that someone logged into my account from Russia but they got blocked by not having the steam guard code. “Shit happens” I tell myself, go to change the password, have LP generate a new one, copy/paste it in and good to go.
Get another email this morning that the same thing happened again…
Well that’s scary as hell.
Yeah, you probably have a keylogger running somewhere. Time to run scans.
Are you sure the email is legit? Could be a clever phishing attempt.
Hopefully he didn’t click the link in the email!