Over the past couple of years I have been using a Password Manager called "LastPass". I have been extremely happy with the product, and when they bought Xmarks (bookmarks sync tool) I was even happier :) So much so, I signed up for an annual subscription to enable it on my Droid.
Access to my passwords - most of which I can't remember (and have no need to) - wherever I am, and all for a reasonable annual fee.
If you want to know more about Password Manager's, Troy Hunt has a blog post from 2011 covering the whole thing much better than I titled "The only secure password is the one you can’t remember".
So, back to today - as I mentioned, LastPass - very happy camper.
Until today.
LastPass announced they are "joining the LogMeIn family" (see https://blog.lastpass.com/2015/10/lastpass-joins-logmein.html/).
So?
Well, LogMeIn have a habit of being a little less ethical than I might like. Again, Troy in 2012 covered it quite nicely in "How LogMeIn is enabling scammers to profit". Additionally, a number of the responses to LastPass' blog post (see the announcement above) show that there are a *lot* of people who have had similar experiences with LMI.
Well, the feature I enjoy the most with LastPass is the fact that the "master password" never leaves my machine. I like too, that there is a "backup copy" of my (AES-)encrypted password file on their servers. They did, by the way, have a breach earlier this year, and the manner in which they handled this was excemplary.
All great big ticks. But just not big enough to overshadow the bitter taste that LMI brings with it. Sorry guys.
So, where to?
There are a number of other Password Managers out there - https://en.wikipedia.org/wiki/Password_manager
The next contender seems to be 1Password (https://agilebits.com/onepassword). I've been playing with it over the last couple of hours, and I am not as impressed as I hoped I might be.
The biggest disappointment with it is that it is aimed primarily at the the Mac/iDevice market. As such, the MacOS version is currently 5.x while WinOS is 4.x.
It does have an Android version (which I am also playing with). Actually, on that, to sync with Android, 1Password uses Dropbox to sync the file(s) around. So, "emulating" the feature of LastPass - but using a third-party tool. It does give them "plausible deniability" if (when!) their servers are breached, as they don't even have encrypted copies of the files on their servers. This did involve me creating a new DropBox account - I would have liked to use either my GoogleDrive or OneDrive, but there appears to be no integration with them.
The sync onto the Droid version is slow as a wet week, though.
I'll have a play for a few more days, although I am wondering if I should perhaps look at something OpenSource, like KeePass or KeePassX. They appear to be not as "smooth" as the commercial products above, but there appears to be quite an ecosystem building up around them, including a firefox extension.
I will (try to) keep you posted.
No comments:
Post a Comment