Re: [gentoo-user] Moving from Lastpass to Bitwarden

[Kusoneko]

On Thu, Feb 18, 2021 at 03:22:52PM +0100, Frank Steinmetzger wrote:
> So the natural answer for my password needs is keepass (by now the XC
> variant). I sync it between my Linux machines with all other files using
> unison.

That is also what I use. I also personally use my phone with KeepassDX
for when I'm not next to my personal PC, and I have the databases synced
together through Syncthing. However, on the topic of Syncthing, I
haven't had any issue so far, but I also haven't been able to find
anywhere if the thing encrypts traffic that's sent from anywhere to
anywhere else. From what I understand of Syncthing though, it seems to
give each machine a unique ID, let's you give them names and then
specify a shared folder, then using the local networks it can find
other devices running Syncthing, and on the wider internet, it seems to
connect to some random "discovery servers" that seem like their purpose
is to act as a way to have the devices find each other if they're on
other networks so that the shared directories stay synced at all times.
I just wish I knew if the files are encrypted e2e or not when using this.

Kusoneko.


signature.asc
Description: PGP signature

[gentoo-user] Re: Moving from Lastpass to Bitwarden

[Grant Edwards]

On 2021-02-17, Dale  wrote:

> Anyone have info on switching from Lastpass to Bitwarden? Thoughts?

I just did it this afternoon.

The whole process took about three minutes:

 1. Sign up for Bitwarden account
 2. Export .csv from Lastpass
 3. Import .csb to Bitwarden
 4. Install Chrome plugin.

Everything "just worked". I was so impressed, I coughed up the $10 for
premium.

I'll have to do some experimenting with the CLI app for doing backups...

--
Grant

Re: [gentoo-user] Moving from Lastpass to Bitwarden

[Spackman, Chris]

On 2021/02/17 at 06:51am, Dale wrote:

> I simply googled for 'alternatives to Lastpass' and Bitwarden was one of
> a few that came up.  Several links were articles comparing the two.  If
> a person doesn't like what Lastpass is doing, it won't take much to find
> other password managers.  They may pick something besides Bitwarden but
> still, they have the option of switching. 

I recently switched from LastPass to Bitwarden and this is exactly what
I did. Many articles rated both highly, making me feel better about
Bitwarden. I also liked that it is open source AND more affordable. I
wish I could run my own server, but my security-foo is not strong enough
to risk exposing not only my computer, but my passwords to the entire
internet. 

However, there is another option that I've not seen anyone mention
(apologies if I missed it): use local password manager (such as the
excellent KeePassXC) for financial / very important sites, and an
in-browser, Internet-connected manager for general sites of little
consequence (like Slashdot, for example). I personally keep everything
in KeePassXC and a subset of frequently used, non-financial sites in
Bitwarden. I'm much more likely to log into a news site or perhaps even
a shopping site from various computer. But, banking sites or other
financial sites? ONLY from my Gentoo computer, because I am most
confident of its security.

Similarly, use different browsers for different purposes. I use Firefox
for daily browsing, with hardcore security installed (ublock matrix, for
example). Google Chrome is only for Google sites. Another browser is for
banking and other shopping. Still has strong security, but not as strong
because, at least for me, that tends to break those sites. Also, this
browser only ever goes to those sites.

In short, I guess I'm saying there is no need for either / or
thinking. There are lots of ways to approach security.

> I logged into my credit card on my cell phone, about the only thing I
> use on my cell phone anyway, it worked OK once I figured out how to
> get it to fill the info in.  I might add, Lastpass has issues with
> that site as well.  If I didn't know better, I'd think the website
> tries to prevent people from using a password manager.

I agree - sites should be encouraging password managers, not
discouraging them. I forget which site is was, but I had to deal with
one that somehow disabled copy and paste (even with middle mouse button)
in the password set up / change field. I used pwgen to make a 25
character random password and then had to type the monster into the
site, twice! I'm sure most other people (less careful types) would just
have switched to an easier password. Luckily / Oddly, the site did allow
pasting into the password field for regular log in.

-- 
Chris Spackman (he / him)   ch...@osugisakae.com

ESL Coordinator The Graham Family of Schools
ESL Instructor  Columbus State Community College
Japan Exchange and Teaching Program   Wajima, Ishikawa 1995-1998
Linux user since 1998 Linux User #137532