Main Area and Open Discussion > General Software Discussion

LastPass alternatives with two-factor authentication? (including premium LP)

<< < (5/12) > >>

tomos:
One alternative is to go premium with Lastpass ($12 per annum) and get a YubikeyOne problem is that they offer four different Yubikey versions - and the comparison page is all double-ductch to me:
https://www.yubico.com/products/yubikey-hardware/

So, interested in thoughts on Lastpass *and* also other options that might be safer to use than the free Lastpass.
-tomos (June 16, 2015, 05:54 AM)
--- End quote ---

You can enable 2-factor even on Lastpass free.  Use Microsoft or Google's authenticator and you're good to go.  I have LP free while I'm evaluating it, and that's what I'm using.
-wraith808 (June 16, 2015, 10:12 AM)
--- End quote ---

I've been using the google Authenticator with Lastpass and I've noticed this flaw:

Say I'm trying to login to google: I click the little symbol in the name field and the Lastpass window pops up.
I fill in my Lastpass password and (in this browser at any rate) a new tab opens requesting the verification code.
But, meanwhile, in the google tab, the name/password fields have been filled:
I am able to login there, *without* having finished my Lastpass login, i.e. without having filled in the verification code.

That defeats the purpose. I'm wondering should I report to Lastpass, or is this a case of them really wanting us to go the paid route.


EDIT// that problem is in Iron browser (but not in PaleMoon) - can anyone confirm in Chrome?

tomos:
EDIT// that problem is in Iron browser (but not in PaleMoon) - can anyone confirm in Chrome?
-tomos (July 20, 2015, 11:59 AM)
--- End quote ---

I'm unable to reproduce this in Chrome - it's very odd still, that it happens in *any* browser.
Makes me wary.

tomos:
summary:
with google authenticator required for logging in to Lastpass, I'm often able to bypass using it, when logging into certain sites (Ebay, google).

Say I'm trying to login to google: I click the little symbol in the name field and the Lastpass window pops up.
I fill in my Lastpass password and (in this browser at any rate) a new tab opens requesting the verification code.
-tomos (July 20, 2015, 11:59 AM)
--- End quote ---

^ that was in Iron portable. I have been able though to reproduce this in Firefox and PaleMoon.
Basically, with google Authenticator required for Laspass:


* open your login page
* click on the little symbol in one of the fields - that will open Lastpass dialogue
* type in your Lastpass password
* google Authenticator dialogue opens - in the back, *sometimes* the login details including password will be filled in already
* close google Authenticator dialogue - Lastpass is not logged in, yet you have gotten logged into your site without filling in google Authenticator
The above flaw has worked for me with gmail and Ebay. Not with dc oddly ;-)

It's possible this is not a problem with Lastpass, but rather with the browser cookie settings. Or the site's cookies.
I was always amazed, that I could just type 'inbox' in the addressbar, select my gmail inbox link - and it would load without requiring a login, no matter what my login settings were for google. This was a problem with (default) cookie settings - but I would still hold google at fault for not changing things from their end.


I cant even find cookie settings in FF 39 :-/

Deozaan:
So, recently I've been a bit unhappy with where LastPass is going. My subscription is due for renewal soon, so I figured I'd consider alternatives.

Things I'm not liking about LastPass:


* The mobile (Android) app is now asking for location permissions. I feel there's no need for a password manager to need my location. I wrote to LastPass support about this and they said it was for their stupid LastPass browser that is also built into the app. I told them the browser was superfluous and that they should separate it into another app if they wanted to include that functionality, because all I wanted from them was to be able to store and retrieve my passwords. They didn't really respond to that.
* The browser add-on is now nagging me to "try LastPass Enterprise!" I'm already paying for LastPass Premium, and I'm just one person. Stop nagging me to try something meant for large companies!
* Every so often, the browser extension's auto-form-fill functionality stops working on sites where it has worked for months (or years). The only way I've found to get it to start working again is to delete the "site" and create it again.
I pretty much only pay for LastPass Premium to access my passwords on Android. And I don't use any of the features of the LastPass app (on Android) other than simply retrieving my passwords. I don't use their stupid browser. I don't have it auto-fill passwords or prompt me with login info, nor generate passwords on Android. Is there anything out there that provides the convenience of LastPass (secure cloud storage/retrieval) for Android without any of the extra crap?

40hz:
I'm currently using Enpass (www.enpass.io)

Syncs across virtually any platform (Linux too!), no user data stored on Enpass servers, one time purchase - no subscription, no sign-up required, sync through any cloud service, all encryption (AES256) handled by your own device. Full feature desktop client is free. Mobile platforms run around $10 for the "pro" (i.e. full) version. Trial versions available.

Lots to like here. I've been using it for about 6 months. Zero problems to date.

Navigation

[0] Message Index

[#] Next page

[*] Previous page