Main Area and Open Discussion > General Software Discussion
LastPass alternatives with two-factor authentication? (including premium LP)
tomos:
Notes on trying to use a Windows phone authenticator/authentication for LastPass:
Duo Mobile did not work for me. Got into a loop trying to register it with lastpass: "An error occurred. : A" :( :)
Microsoft Authenticator (AKA 'Authenticator') is not on Lastpass's list of possible authenticators, but they cleverly disguised it as 'Google Authenticator' i.e. pretend that is for the Microsoft App and it will work.
Lastpass link with more info:
https://helpdesk.lastpass.com/multifactor-authentication-options/microsoft-authenticator-app/
Deozaan:
Enpass was recently mentioned in the thread on recent LastPass vulnerabilities so I figured it was a good time to update any interested party on my use of it since I last mentioned it in this thread.
I've been using Enpass since August 2015, so about 1.5 years. (Which is also almost as long as it has been since anybody posted in this thread.)
It does enough right that I'm still using it. But the experience can be somewhat cumbersome at times, especially on mobile or where browser extensions come into play (at least on Windows). I've found it works great on Linux, and will quickly fill out forms with the press of a hotkey (Ctrl+\ by default). But that hotkey doesn't work for me on Windows, and the browser extension requires many extra clicks just to copy the password to the clipboard compared to LastPass.
Often times when there's a new update, a dialog will pop up telling me there's an update, and showing the changelog. Except the changelog text area is almost always completely blank.
LastPass alternatives with two-factor authentication? (including premium LP)
And on mobile I have it configured to allow me to unlock my database with a PIN within X hours after I use my master password to unlock it. But because my device is getting a bit long in the tooth (Nexus 7 2013) it often closes Enpass in the background to free up memory/resources for whatever app is currently in use. This means I frequently have to type my long and secure master password on my mobile device, which isn't fun using a mobile keyboard, and is made even worse when using Enpass' provided keyboard, because it hides numbers and symbols behind "alternate character" displays. So even though Enpass does provide a mobile keyboard that technically supports autofill, I most often find myself switching tasks to the Enpass app itself to login and copy my username/email then switch back to the app and paste, then switch back again to Enpass to copy the password, then switch back to the app to paste and finally login. And maybe a third switch back and forth if the site/app also requires 2FA TOTP.
Mostly I just wish things were more streamlined in it. Especially the browser extensions. As I said, on Linux, it's great. I just press Ctrl+\ and if I've logged into Enpass recently it will autofill. Otherwise a small dialog will popup where I type in my master password and then it autofills. I rarely interact with the main application itself on Linux, and I wish the experience was similar on Windows (and Android). As it is, getting a password from the browser extension often requires:
* Clicking the extension icon.
* Searching for the site if it didn't find/list it automatically.
* Clicking on the little "i" symbol on the side of the list for the site to display the saved login details (with password(s) still masked).
* Clicking on the two overlapping rectangles symbol which represents copying to the clipboard.
* Clicking into the form and pasting.
* The previous step closes the extension popup, which means I may have to repeat the process 2-3 times in order to fill out username, password, and sometimes 2FA TOTP.
Whereas with LastPass, it takes two clicks. I really wish Enpass would get me straight to the info I want instead of hiding it behind extra clicks. One or two clicks doesn't seem like much of a difference, but multiply it by 2 or 3 for each login and then consider all the times you ever have to login to anything and they add up and become frustrating over time.
All that said, I'm still using Enpass. I like the cost (free on desktop, one-time purchase on Android). I like that it handles TOTPw so I don't need yet another app/device. I like how it all runs locally and doesn't require a connection to some master server. I like how it can also optionally sync across devices using a variety of cloud storage options. I like how it allows you to customize how it generates your password, or add other fields to be saved with your passwords, etc. There's a lot to like about it. But there's also plenty of room for improvement.
If you're looking for a password manager, I'd recommend giving Enpass a try. But if you're satisfied with your current password manager, I certainly can't say it is by and large the best one out there and worth transitioning over to.
Perhaps we could also hear from 40hz to see if he's still using Enpass, and why or why not.
IainB:
Thought this could be relevant: (cross-posted from separate discussion thread)
...Not sure how service vs software distinction is relevant here. All I meant is online is bigger risk and therefore online options are the poorer option unless your use case demands it...
...KeePass can have vulnerabilities but installed in a folder locally the chances of it being hacked is lower, not sure how that is debatable.
__________________________
-rgdot (March 29, 2017, 01:00 PM)
--- End quote ---
Thankyou for that. Yes, that (emboldened) all seems to follow. Yet, despite the truth of the third emboldened clause and my having known that, I am still a LastPass user, and accepted the risks, thinking them to be miniscule.
That's probably about to change though. I have to face up to the fact that the apparent flaw/weakness identified in the software (binary component) of some versions of LastPass would not be of such concern nor present such a risk and be so susceptible/vulnerable to attack if said software was not necessarily keyed/tied into the LastPass Service component.
Bother! LastPass was so convenient too.
-IainB (March 29, 2017, 04:56 PM)
--- End quote ---
Navigation
[0] Message Index
[*] Previous page
Go to full version