Resolved Password Managers versus the Browser

Lastpass has much to recommend it, particularly in light of its ability to generate strong passwords, allow for frequent and easy changes and save all of that information in an encrypted form on their server rather than my computer. In fact, I've used it for months and recognize its strengths.

But it does have some detractions, one of which is the fact that my information is stored out there, so to speak. I've never been fully comfortable with this idea.

Frankly, I long for the simple days of letting my browser handle my passwords (i.e. Firefox/Chrome). Any input would be appreciated.

 

Pete, thanks for the response. Isn't Roboform pretty much the same program as the Lastpass extension for Firefox?

 

Well you know, Pete, I was listening recently to Steve Gibson on TWIT talking about Lastpass and trumpeting its security. Apparently he seems to have no problems with storing one's passwords on an external server as opposed to on one's own hard drive.

May I ask you... do you use a password manager and if so, which one? If not, how do you manage your passwords?

 

Not to belabor this more than needs be, is there a reason you would choose Roboform over Lastpass? Furthermore, are you choosing the paid-for or the free version of the program? Thanks.

 

As I mentioned, Steve Gibson (the security guru who appears on Leo Laporte's internet show once a month: TWIT) is currently trumpeting the extension/program. It's worth a read if you're unfamiliar with the program. You can read about it here:

https://lastpass.com/

I'm not trying to convince you of anything since I'm a bit befuddled by it all myself.

 

Oh... I completely understand, Pete. If I were absolutely sure of the program, I would never have posted here. I'm not trying to convince you (or anyone else) of anything. I'm just seeking to get some information from folks wiser than I.

Instead of using a program like Roboform, what about using either Chrome's or Firefox's method of storing passwords under a master password? Would that be a reasonably secure way of handling one's passwords?

 

Tony, what do you suggest then? It's hard enough to generate strong passwords that are different from one another throughout the many sites on which one is a member. Lastpass is an extension for Chrome, IE and FF BUT it stores your passwords (and information for form fill) on its site in encrypted form. The only thing the user needs to do is remember a single master password which even the LP folks do not know. BUT... the information is on their servers unlike Roboform which Pete mentioned. So... I repeat: what do you suggest?

 

Arie, Leo Laporte seems to swear by Gibson. And we must admit that Gibson has developed some great software programs (i.e. spinrite). I can't really find anything of a negative nature in regards to his security knowledge. Can you point me in the right direction?

 

Here's my understanding about the questions you raise.

If someone were to get hold of my laptop, it would not matter since the passwords are only retrieved with a knowledge of the master password which only I know (and it's a strong one). The company addresses the issue of your question as to whether they go out of business or their servers are hacked. I would agree with you that there is no safer place than the user's brain BUT the impossibility of remembered dozens and dozens of strong passwords mitigates against that avenue. As for my banking, that is NOT kept by Lastpass. That is one site for which I keep the password myself. Below is a link to a series of FAQ many of which address some of the points you've raised.

https://lastpass.com/support_faqs.php

I think I've probably beaten this thing to death. I appreciate the input from everyone. I'll mark the thread as resolved. Thanks.

 

I'm looking at KeePass for a manager. It's open source and free. And your main password can be up to 128 characters. And even then I would not store passwords to financial web sites anywhere in a computer, mine or otherwise.

It is bad enough to store your jewels in someone else's pocket but to do so and have no idea where that pocket is physically located is really scary!