Main Area and Open Discussion > General Software Discussion
LastPass alternatives with two-factor authentication? (including premium LP)
tomos:
I'm currently using Enpass (www.enpass.io)-40hz (August 25, 2015, 12:53 PM)
--- End quote ---
are you using that with any kind of two-factor authentication?
Edit// I took the liberty of changing the thread title to "LastPass alternatives with two-factor authentication? (including premium LP)"
-tomos (August 25, 2015, 02:46 PM)
--- End quote ---
No. But as no user data is stored on their server (which is only used to sync between devices) would it be all that necessary? The data is encrypted by your device and remains on your device(s) so I don't see where some man-in-the-middle attempt would make any difference. All data is encrypyed and local. You wouldn't even need to decrypt in order to synchronize. It would be a little more work for the local clients - but EnPass wouldn't need to worry or know about any of the the actual data.
Am I missing something? :huh:-40hz (August 25, 2015, 04:29 PM)
--- End quote ---
well,
as you know, I'm no expert. But the idea that all anyone needs is one password and then they have access *all* my passwords, and more - I find that pretty scary.
MilesAhead:
I'm currently using Enpass (www.enpass.io)-40hz (August 25, 2015, 12:53 PM)
--- End quote ---
are you using that with any kind of two-factor authentication?
Edit// I took the liberty of changing the thread title to "LastPass alternatives with two-factor authentication? (including premium LP)"
-tomos (August 25, 2015, 02:46 PM)
--- End quote ---
No. But as no user data is stored on their server (which is only used to sync between devices) would it be all that necessary? The data is encrypted by your device and remains on your device(s) so I don't see where some man-in-the-middle attempt would make any difference. All data is encrypyed and local. You wouldn't even need to decrypt in order to synchronize. It would be a little more work for the local clients - but EnPass wouldn't need to worry or know about any of the the actual data.
Am I missing something? :huh:-40hz (August 25, 2015, 04:29 PM)
--- End quote ---
well,
as you know, I'm no expert. But the idea that all anyone needs is one password and then they have access *all* my passwords, and more - I find that pretty scary.
-tomos (August 26, 2015, 03:43 AM)
--- End quote ---
We are on our way to Gattaca
40hz:
I'm currently using Enpass (www.enpass.io)-40hz (August 25, 2015, 12:53 PM)
--- End quote ---
are you using that with any kind of two-factor authentication?
Edit// I took the liberty of changing the thread title to "LastPass alternatives with two-factor authentication? (including premium LP)"
-tomos (August 25, 2015, 02:46 PM)
--- End quote ---
No. But as no user data is stored on their server (which is only used to sync between devices) would it be all that necessary? The data is encrypted by your device and remains on your device(s) so I don't see where some man-in-the-middle attempt would make any difference. All data is encrypyed and local. You wouldn't even need to decrypt in order to synchronize. It would be a little more work for the local clients - but EnPass wouldn't need to worry or know about any of the the actual data.
Am I missing something? :huh:-40hz (August 25, 2015, 04:29 PM)
--- End quote ---
well,
as you know, I'm no expert. But the idea that all anyone needs is one password and then they have access *all* my passwords, and more - I find that pretty scary.
-tomos (August 26, 2015, 03:43 AM)
--- End quote ---
Me too. (And I'm no expert either. ;D) Which is why I memorize passwords to critical things such as my bank accounts etc.
But even with that, the passwords in my password manager are not the actual passwords. They're merely memory joggers for the actual passwords. You'd need to know how my "system" (which is pretty idiosyncratic as I'll be the first to admit) works.
Not that it matters. Experts generally agree passwords are better than nothing but far from secure with today's computer resources and state of number theory. Passwords are risk mitigation rather than risk elimination tools.
Unfortunately, nobody is quite sure what to replace passwords with. So passwords it is for now.
40hz:
I'm currently using Enpass (www.enpass.io)
-40hz (August 25, 2015, 12:53 PM)
--- End quote ---
I haven't tried it (was a bit surprised by having to enter an email and a captcha for a free download), but a quick google suggests it is a password database that does not offer auto-fill like LastPass and others, is this still the case?
-Jibz (August 25, 2015, 05:02 PM)
--- End quote ---
It's limited as far as autofill goes. They keep promising additional browser plug-ins RSN. But we're still waiting.
That however, isn't a showstopper for me because I never use autofill since it's a security weakspot. Besides, the "passwords" you'll find in my EnPass database aren't the actual passwords anyway.
wraith808:
Unfortunately, nobody is quite sure what to replace passwords with. So passwords it is for now.
-40hz (August 26, 2015, 08:22 AM)
--- End quote ---
I'm actually starting to use Enigmaze.
Enigmaze is a Premium Hardcover Notebook Specifically Designed to Quickly Create and Store Strong Passwords.
--- End quote ---
LastPass alternatives with two-factor authentication? (including premium LP)
I backed it in the Kickstarter. But that doesn't solve my problem with sharing with my wife, so I don't use it for all of them (of course, 2 factor has that problem too- but with lastpass, I authenticate once and am done). It's now on Amazon if you're interested.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version