I guess one thing that could be done better on LastPass’s end is somehow grandfathering in current users somehow.
I have so much info stored in LastPass and it’s only three dollars a month I went ahead and upgraded to premium. Plus it will renew at tax time next year so might as well keep that as my renewal lol.
It looks like I’m the only one rediscovering Keepass / KeepassXC. I was always uncomfortable with vendor lock-in for all of these online services. There’s just no protection against them changing the deal (again) in the future, whether you pay or not. The Lastpass Firefox extension has been getting steadily worse and buggy so I was actually looking at switching before this new development. This was the push I needed to take back my password database and I feel so much better.
The Keepass clients and file format are open source, so it can never be taken from you. I sync my database through Onedrive and use Strongbox and/or Keepassium on iOS. Sharing is a bit less straight forward, but it can work in a couple of ways. Android has Keepass2Android, which I haven’t tried but is well regarded.
I’m really liking KeepassXC, but their browser extension seems a bit buggy too. Maybe I just need more time to figure it out. Keepass works with the Kee Firefox expension pretty well so far. Apparently they can both be used without an extension by using the auto-type function (although I haven’t tested that much).
If you’re going to give money to support something, why not open source?
1 Like
I finally got my reluctant wife to start using lastpass and now this. How this BitWarden on iOS?
Seems good. My wife migrated her iPhone from LastPass to Bitwarden a few days ago. No issues yet.
I’ve started using 1Password. Very happy so far.
Their support and Twitter account were very welcoming. When I mentioned to Jake Moore at Eset about it, they answered, saying they would be pleased to help me move over.
I mentioned an issue with the Yubikey and they said they had passed it on to the developers as a suggestion.
(The issue was that I wanted to use my Yubikey, but there was no option to set it up. I then added an Authenticator for 2FA and then the Yubikey option suddenly appeared. I said, it would be good if either the Yubikey option appeared greyed or there was a notice about having to set up the Authenticator first, it would be more helpful and user friendly.)
1 Like
Nah you are not the only one. Steady Keepass user here for ages 
1 Like
This irks me but ultimately you are correct. Lastpass is #1 for a reason
The big thing, and what got me to switch, is that you can host it yourself. That does put a lot of responsibility onto me, but I feel better knowing where my password vault (and its backups) is.
Those interested in 1 Password should head over to the Relay.FM site. They are a podcasting group that has several podcasts that are sponsored by 1Password and if you join through their link you get 20% of the first year price.
And a side note, they have several excellent Podcasts dealing with technology. Several of the Twit folks host Podcasts there. Whats nice is they stay on topic with technology related Tips and Tricks without the social and political commentary.
2 Likes
I just started going down this route! Finished a trial of Lastpass just as this news came out, wasn’t impressed so I decided to try Keepass.
I’m digging it so far. Also a fan of the open source nature, and the “bare-bones” kind of approach. I couldn’t recommend this method to anyone looking for a turn-key solution though.
I’ve got just about everything I want working thru a few extensions. Yubikey database auth, TOTP integration, Chromium browser integration, and using my Syncthing network to keep the database updated between computers with the built-in synchronization/trigger feature.
I’m using the Kee extension for browser integration as well, haven’t had any trouble with it yet.
If you sign up for the 1Password family plan at the moment, you get 50% of the first year.
Like many others here I switched to Bitwarden. The funny thing for me is, I was thinking about switching before this news came out. Mostly because they have a paid tier for $10 a year that has all the features I need. This news just accelerated the switch over. I understand LastPass needs to make money and people should support them. I feel they really need a “mid-pay tier” for people that don’t need all the bells and whistles but just a few premium features.
Yes, I probably should have mentioned that Keepass is not as turn-key as the paid solutions, but with a bit of work you can get to a pretty good solution. My reasoning for going to the trouble is that this is the last switch I will ever make. Going fully open source and offline-client-based means there can never be another bait-and-switch. No vendor lock-in. Lowest risk.
I’m still using and comparing both Keepass and KeepassXC as the database format is compatible with both. They are very similar, but each has their own benefits. The one feature KeepassXC has that Keepass doesn’t is KeeShare. It’s a bit confusing at first, but allows for syncing a shared folder in your database with another database (use case: you and your wife both have personal databases with a shared folder synchronized between the two). I haven’t decided if KeeShare is worth the trouble as you can easily just share a third database. KeeShare just gives you the convenience of having shared stuff within your database instead of having a separate shared database that you have to open. I’m probably leaning toward just sharing a separate database.
I do strongly feel that password management is too important to trust to a vendor. In my experience, you just can’t trust them to maintain interest in their products for the long haul. I’ve been burned too many times. Sure open source has a similar risk, but at least they can’t take away what you already have and others can always fork and carry on.
Oh, and there is a neat app called Keeweb, which is a web based UI for interacting with Keepass database files. It also has a Nextcloud integration, which is cool.
1 Like
Keepass is great for tech users. I need a solution that can be used by novices, which is why I went with LastPass and now 1Password.
Put it this way, LastPass and 1Password are too complicated for the users to set up themselves and they can just about use the ad ins for their browsers and the mobile apps… There is no way I could get them to use something like Keepass.
1 Like
I use Dashlane and have so far been very happy with it, the rot seems to set in with all of these companies at some point so I’m looking to move to a OpenSource solution.
BitWarden looked very promising at first, until you discover it’s based on a whole Microsoft stack (Written in C#, Visual Studio, SQL Server) and their service runs on Azure… which isn’t going to fly at all given Microsoft’s woeful security record (see Exchange zero days) why would ANYONE trust such a critical role to Microsoft?.. KeePassXC it is.
Considering that Azure’s security architecture prevented Microsoft-hosted Exchange services from being affected by the exploit, I’m not sure that example is a particularly potent condemnation of Azure security.
The most secure password manager is a notebook in a safe. Everything up from there is trading security risk for convenience.
1 Like
“…in a safe, guarded by someone who only gives you access if to turn up accompanied by someone personally known to him who can vouch for you”. Some places take their security very seriously. 
1 Like
Even more secure if no one knows the combination, like Leo’s bitcoin wallet key. 
2 Likes
This is anecdotal, but I believe the US has a security scale where the highest level is “everyone who worked on the project is dead”. 
1 Like
Lol that’s now my go-to excuse for why I haven’t advanced further in my career.
“No mom I didn’t get the promotion, but it’s probably a good thing due to their security protocols, y’know throat slash gesture”
1 Like