LastPass
Password Manager, Auto Form Filler, Random Password Generator & Secure Digital Wallet App
Links and Download
Other
BlackBerry App World, Windows Phone Store, Edge extension URL, Chrome Web Store, Opera Add-ons URL, Firefox Addons URLSocial
Summary
Our users have written 58 comments and reviews about LastPass, and it has gotten 1629 likes
- Developed by LogMeIn, Inc.
- Proprietary and Freemium product.
- Subscription that costs between $3 and $7.
- Average rating of 2.9
- 201 alternatives listed
Most of recent security issues are really related to chrome and phishing and aren't really 0 day vulnerabilities, chrome doesn't have the same environment as other browser when it comes to addons programming, most extension that deal with outside request done through human input can be forged so i don't know what is the fuss about it.
I don't think this app should be marked as insecure as long as it isn't 100% developers fault.
Great password manager with robust feature set.
Sadly there is no longer a way to store your passwords locally without a web browser and their "Pocket" application has been deprecated and is even blocked by the servers.
It is known that Lastpass DOES NOT encrypt the URLs at which you have accounts.
See here: https://systemoverlord.com/2015/09/16/what-the-lastpass-cli-tells-us-about-lastpass-design/
This means that which websites you have accounts with can be a) known to Lastpass, b) known to government agencies who subpoena them, c) known to anyone who breaches their servers to pull this data, d) used to profile users (you will have a fairly unique collection of URLs, probably), e) it might - in principle - be used to monitor when you call on Lastpass to let you into these sites.
Don't go with Lastpass. Go with Bitwarden, precisely because they are open source and because, unlike Lastpass, they encrypt EVERY field in your database.
An alternative is to go with something like KeepassXC (also open source) and connect to the browser via a plugin.
Very interesting, would you say Buttercup password manager is good too? It is open source but stores your data which is encrypted to Dropbox, Gdrive, Box
Reply written over 3 years ago
Buttercup is ok, and if you want to use services like Dropbox, Gdrive, etc. then that's your call. My opinion is that:
1.
These are encrypted, zero-knowledge service in their own right, which means that if you sync your password database with them, they'll never know about it. Dropbox and their ilk can see at least that you are syncing a password database, and if the Snowden leaks and previous Yahoo.com scandals are anything to go by, it's not unlikely that those files can be earmarked for future analysis, as is done with encrypted emails.
Another option is to use Cryptomator to secure your files on Dropbox, etc. Cryptomator is one of my absolutely favourite apps for advancing online security: simple, free, open-source, necessary and cross-platform.
However, that doesn't get around the fact that if you go with, e.g. Buttercup + Dropbox (via Cryptomator or not), you still will have Dropbox, GDrive or whatever installed on your machine. I don't advise that, either (see list of alternatives above), because they have questionable practices. But that's a whole new rabbit hole to dive into and probably beyond the scope of this question/comment.
Reply written over 3 years ago
I see, well Buttercup says that they encrypt password file before storing it on Gdrive, Dropbox, etc. Also you do not need to have the Gdrive client installed on your device Buttercup to sync with it.
I'll open an issue on Github for Buttercup to have support for Sync.com it looks good. I am currently using Bitwarden, i have found Buttercup and enjoyed it only issue i have with buttercup is that it can't import Bitwarden CSV file and syncs with mainstream unproctected cloud services.
Thanks :)
Reply written over 3 years ago
I tried the free plan for test without reading the comments about it and without researching more from other sources.
So far it worked "ok". Usage is very straight forward and easy. Does not always recognize Login-Fields, but mostly ok.
Also has plugins for every browser etc.
When I found out that its app tracks user habits for marketing, also does not encrypt the entire database (e.g. URLs) I stopped using it and deleted my account.
That's a big NO and the opposite of what a user's whish for such a tool is, especially if you take the paid plan. Then you pay not only the 35$ but also with the tracking data, which makes it more expensive than others, if you value your data.
Security MINUS privacy!
Lastpass' business model worked thus:
Enthusiast needs to store one password
Tries Lastpass
Recommends to normies
Now that goes:
Enthusiast needs to store one password
Tries Lastpass
Moves on to a less monetised system
Bitwarden does everything Lastpass USED to do for free, for free. So Lastpass has no reason to exist other than removing your data from it.
Pending approval
“LastPass reported to have 7 embedded trackers while alternatives have none”
https://alternativeto.net/news/2021/3/lastpass-reported-to-have-7-embedded-trackers-while-alternatives-have-none/
Closed source and now you can only use 1 device with out upgrading to premium so better move to bitwarden which is open source and free to use for unlimited devices.