Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

LastPass Hacked for Second Time This Year

grad said:
I generally agree, but regarding the 2nd reason, there is no need to expose your own server for syncing. Passwords are personal and there is no need to access them simultaneously from different places and they are not supposed to change every day either. You can keep the dbs locally on every device and sync only when you return home.
Click to expand...
Many reasons. As @TriBruin listed below, sharing mortgage account and other billing is important. My wife and I share a vault for bills. This is probably one of the selling points of a password manager.
TriBruin said:
Sure,

  • I am at work and I have changed my work account password. But, my iPhone still has my old password to access my email. Because my password is sync'd between my computer and my, I can quickly and easily update my email password on my phone. (Sure, the alternative is to type my password by reading it from my computer screen, but, as I take security seriously, typing a 15 random character password is PITA.)
  • I change my password to my favorite streaming service, I want to my sure my son, who lives 1500 miles away, can login. I guess I could call him and read it over the phone. But, it sure it is easier to have my son just open his copy of the password manager and use the new password
  • I have an local administrator account on the computers I manage. Password is rotated every 30 days, or whenever we are concerned the password has been compromised. Update the password, save it in our secure vault, and make sure that only those who are authorized to see the password have access. Updates are immediate.
Click to expand...
Great points. I added sharing a vault with my wife for bills.
grad said:
I could go with "A secret that is known by two people is no longer a secret" but I won't. Is there a reason you needed to change your password ? (don't tell me that you forgot it ;)). Anyway, password sharing and viewing from different locations was supposed to be illegal for many services (which I hated it as I was often on the move, visiting different countries), then many companies came up with family plans etc.


I do not see why the secure vault needs to be on the cloud ?
Click to expand...
Cool, I’m glad whatever you do works for you. If sharing passwords for bills is “illegal“ then put me in jail.
 
I am not really concerned if anyone is wrong or different. I initially said that _I_ would rather not use cloud companies for passwords. Someone made fun of it and I only tried to suggest that there might be alternative ways, maybe less convenient maybe more flexible, you decide. And I used "you" in some comments (instead of "we") talking generally, not to attack anyone personally.
 
grad said:
I generally agree, but regarding the 2nd reason, there is no need to expose your own server for syncing. Passwords are personal and there is no need to access them simultaneously from different places and they are not supposed to change every day either. You can keep the dbs locally on every device and sync only when you return home.
Click to expand...

And this is exactly what I do.

For years I have been using 1Password 6.x. Because there is no longer a valid upgrade path to the standalone version of 1Password 7.x, my use of 1Password has been given an EOL date: the day that Rosetta 2 is dropped from MacOS. Since 1Password 6.x is an Intel binary, while I could continue to use it on my mid-2011 MBA, I wouldn't be able to use it on my M1 Pro MBP. Yes, Rosetta 2 will support the compatibility for it now, but when that is dropped, then all Intel binaries will stop working as well.

So I cut my losses and went to Enpass. I have that locally on my Mac, my PC, my iPhone and iPad, and back up my vault to my NAS. My Mac is the main source for everything, so if I need to sync my vaults, I sync through that, back up my vault to my NAS, and I'm done. Nothing for my vaults gets exposed to or gets out to the Internet, just like I had been with 1Password 6.x.

BL.
 
TriBruin said:
Security and convenience is always a balancing act.
Click to expand...

Another aspect is that security is far from trivial to achieve and most "naive" self-made solutions are actually not as secure as they might seem.

A self-made solution is not always a bad idea, but likely, a "normal user" gets far more security and convenience by using iCloud or a third-party password manager out-of-the-box than by trying to put in place their own solution.
 
  • Like
Reactions: jhman
bsolar said:
Another aspect is that security is far from trivial to achieve and most "naive" self-made solutions are actually not as secure as they might seem.

A self-made solution is not always a bad idea, but likely, a "normal user" gets far more security and convenience by using iCloud or a third-party password manager out-of-the-box than by trying to put in place their own solution.
Click to expand...

That's what a lot of people think...

Then LastPass and Dashlane's security problems completely dash that realm of thinking.

BL.
 
bradl said:
That's what a lot of people think...

Then LastPass and Dashlane's security problems completely dash that realm of thinking.
Click to expand...

That's debatable though. A third-party can offer a solution which turns out to be not as secure as expected, but said solution could still be more secure than what the user themselves would be able to put in place.
 
Last edited:
bsolar said:
That's debatable though. A third-party can offer a solution which turns out to be not as secure as expected, but said solution could still be more secure than what they themselves would be able to put in place.
Click to expand...

True, but that also comes with a cost: the user's autonomy in what they can do, especially in the chance of a breach happening. However, it is up to the user to pay that price, should they want to go with the route of convenience.

BL.
 
bradl said:
True, but that also comes with a cost: the user's autonomy in what they can do, especially in the chance of a breach happening. However, it is up to the user to pay that price, should they want to go with the route of convenience.
Click to expand...

For sure. I'm not saying users should relinquish their autonomy: what I'm saying is, in matters of security, if someone wants to take things in their own hands they should make sure they actually know what they are doing since security is very easy to mess-up in unexpected ways if they have only a superficial understanding of it.
 
All great discussion about where to keep your passwords. But, this really has nothing to do with the LastPass hacks. The one before the current one was a software breach (hopefully a minor one). If you're running hacked software, it won't help much that you keep your passwords locally (or that you think you are keeping your passwords locally).

@Apple_Robert 's post about double blind passwords is probably the most important point in this thread with regard to the LastPass issue. He's eliminated the need to trust the software he's running.
 
  • Like
Reactions: TriBruin
NightOne said:
I keep thinking about Enpass but it seems like there is little to no information on who develops it.
Click to expand...

The 1Password Migrants thread has a lot of info on Enpass, CodeKey, Bitwarden, and a few others, especially when it comes to migrating.

Support for Enpass is decent. Updates are frequent when needed. The good part though is that if you purchase a standalone license, it is tied to your email address, so that license will work on whatever platform you want to put it on. For example, it works for my Mac, PC, and iDevices. Migration to it isn't bad, either, as it will import everything directly from 1Password.

The UI isn't as clean as 1Password, but definitely works, and is customizable. For more, have a look at that thread, or https://www.enpass.io/

BL.
 
VineRider said:
Looks like they are based in India, with an office in the US as well.

Contact Us - Enpass

Contact us We'd love to help and answer any question you might have. SupportForums Write to us Full Name Email Subject Country Mac Traditional Win32 Linux
www.enpass.io www.enpass.io
Click to expand...

Exactly, they rent some office space in that building in India. It looks like you can rent like a 10 x 12 or something. The U.S. address looks like a FedEx Office location so basically a PO Box.

We have zero clue who they really are.
 
  • Like
Reactions: Mr. Heckles
NightOne said:
Exactly, they rent some office space in that building in India. It looks like you can rent like a 10 x 12 or something. The U.S. address looks like a FedEx Office location so basically a PO Box.

We have zero clue who they really are.
Click to expand...

Umm. It isn't. I've talked to their support, at 1pm PT, when they were in the office in Delaware. It's a suite in that building. They know what they are doing; As a sysadmin myself, I always verify what I am getting into before jumping in. They know what they are doing, and are fully supported.

Definitely have a look at The 1Password Migrants thread. Tons of info in there, especially on Enpass, Bitwarden, Strongbox, Secrets, Minimalist, and many others.

forums.macrumors.com

1Password migrants thread

So as you know 1Password is forcing you to the subscription model which is something I refuse to pay for a simple piece of software that is basically a glorified password protected spreadsheet file browser. I am fed up of subscription model and greedy companies that abuses it. I have already...
forums.macrumors.com forums.macrumors.com

BL.
 
Last edited:
NightOne said:
Exactly, they rent some office space in that building in India. It looks like you can rent like a 10 x 12 or something. The U.S. address looks like a FedEx Office location so basically a PO Box.

We have zero clue who they really are.
Click to expand...
My sisters company does this. They are in Indiana and rent a small office in a suburb of Chicago and Milwaukee (no one in them unless there is a meeting). People in Wisconsin don‘t like doing business with people from Illinois or Indana (for her work anyways), so they did this. It gives the illusion they are in those cities/states, and it gets them a lot of business.
 
Mr. Heckles said:
My sisters company does this. They are in Indiana and rent a small office in a suburb of Chicago and Milwaukee (no one in them unless there is a meeting). People in Wisconsin don‘t like doing business with people from Illinois or Indana (for her work anyways), so they did this. It gives the illusion they are in those cities/states, and it gets them a lot of business.
Click to expand...

In this case though, Enpass is on the 11th floor of a 20-story building.

BL.
 
bradl said:
Umm. It isn't. I've talked to their support, at 1pm PT, when they were in the office in Delaware. It's a suite in that building. They know what they are doing; As a sysadmin myself, I always verify what I am getting into before jumping in. They know what they are doing, and are fully supported.

Definitely have a look at The 1Password Migrants thread. Tons of info in there, especially on Enpass, Bitwarden, Strongbox, Secrets, Minimalist, and many others.

forums.macrumors.com

1Password migrants thread

So as you know 1Password is forcing you to the subscription model which is something I refuse to pay for a simple piece of software that is basically a glorified password protected spreadsheet file browser. I am fed up of subscription model and greedy companies that abuses it. I have already...
forums.macrumors.com forums.macrumors.com

BL.
Click to expand...

I have actually read that thread quite a long time ago. My takeaway was that EnPass was probably the best 1Passowrd competitor. I have seen several offer for lifetime licenses at a discount but I just don't know much about the company behind it.
 
bradl said:
In this case though, Enpass is on the 11th floor of a 20-story building.

BL.
Click to expand...
And that’s what my sisters company does. I think the rent is about $3000 a month but it brought in an extra $90,000 a month in profit (for the Wisconsin office). All because they opened an office there with just a conference table and 4 chairs.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back