I do use Lastpass, fortunately I do not use the Firefox client affected by the latest issue, which has already been patched (One thing Lastpass has done well is security response and patching). I don't store everything there, but I do store some things there for various reasons (mostly needing to use them on idiotic sites that actively block copy/paste).
I store absolutely everything in encrypted databases (multiple small files for performance and separation) (not keepass, mono is too much of a pig to run on my desktops). The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync via it's normal repo synchronization. I gain the advantage of "oops" recovery as well with the version history. The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync. Nothing's perfect, but the amount of work needed to get past the encryption should vastly exceed the rather low value of what's stored there (in my case). On 07/27/2016 03:34 PM, Stephen Partington wrote: > I know several of you here are using keepass. of those users who is working > with the various browser integrations and the various android apps. and the > usual or unusual means of keeping the db across multiple locations. > > I have been wondering about keepass and its use for some time, but now with > the recent security hold found in Lastpass i am taking a second look at it. > > https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/ > > PS i know this is not a real 0 day bug, so does the author. not sure why > he decided to do that sort of weird headline. > > > > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >
signature.asc
Description: OpenPGP digital signature
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
