Thats the thing, it doesn’t matter at all how secure the app itself is, as long as the crypto has been done well, which is the case with keepass.
1 Like
Then it could be something less complicated (and maybe more secure because it’s not an app) as a text file with your passwords and you encrypt it with AES256, like I do with my files before uploading to some cloud or save them in external hard disks and usb pendrives.
The point is that I don’t trust in only 1 app with ALL my passwords. And maybe you only need to crack the password of the app. You crack 1 password and you have them all.
Encrypting is exactly what it is, a password manager just makes an encrypted file in which you store your passwords, and because you need to remember only one secure password, means you can use way stronger passwords for everything. Sure a keylogger can intercept the encryption, but at that point intercepting your passwords normally is possible too.
1 Like
I mean that a text file and a command in Terminal is simpler and I’m sure that less vulnerabilities.
Anyway, another thread should be: can we trust in passwords only?
Kee Pass has embedded protection against keyloggers.
When typing the master password : Tools / Options / Security / Enter Master Key on Secure Desktop = Yes. (Incredibly, this option is not enabled by default – and buried deep. At least it wasn’t last time I checked.)
When Auto-Typing username and password : Edit Entry / Auto-Type / Two-Channel Auto-Type Obfuscation = Yes. (Needs to be enabled for each entry separately. Not enabled by default, because some sites won’t accept it. Very few of them, in my experience.)
2 Likes
Even if you have, a memorable password is not a good password, even if you have the best system ever 
Deal breaker. I had not understood that. It makes Less Pass impossible to use, in practice. Unless you envision never to change your master password, but that would be a stupid assumption to make.
In fact, Less Pass-type programs have always looked to me as challenging intellectual games for crypto-minded people. It’s fun science. Practical tools ? Not so much.
2 Likes
I can see a system where you would be able to remember passwords that are not rememberable on first sight, the same way you are able to learn to remember dozens of numbers via the techniques.
Like for example “kloning-FLOWN~&88–namaste” would be in my opinion very strong password and I can imagine having a memorizing technique for remembering such passwords.
When Lastpass got purchased by Logmein for $125M I switched to Bitwarden instead…figuring it’s open source and how are Logmein going to make that $125M back + profit on a free password manager? (Probably by selling info).
As it stands I use a somewhat complicated password, I don’t use 2FA because it requires a smartphone - I use a phone that could have been made in the early 90’s, because I think smartphones are already compromised when they are sold - people are paying $1000 for a tracking device. I might get a dongle of some kind for 2FA though.
However 0day is always a worry no matter what you do and then we found out about how access to computers is enabled through Ring bus regardless of your OS… I figure everything you do is vuln now and I just try not to be low hanging fruit for “l3370 scr1ptk11d13s” or whatever they call themselves these days.
As for site passwords they are all like 30 char’s with a load of symbols…if I ever lost access to my BW account I would be screwed.
About the 2fa thing, if you have a spear computer laying around, you can use TOTP based 2FA with KeepassXC on a computer.
Also, welcome to our forum!
1 Like
I don’t think that is true. As @Zlivovitch pointed out, reputable password managers have protections for keyloggers. Password managers are more likely to build in protections for the common user (URL detection to protect against phishing, etc.) then a text file and terminal program.
Theoretically, this might be true, but I don’t think it’s realistic. I probably have 200 passwords in my manager. Some of which I probably haven’t used since I created them. It’s not realistic for me to remember all of them until I need them again.
I think we’re talking about different things. What I mean is something easy: only decipher a text file to check a password from time to time and nothing else, and as simple as a Terminal and a file. A password manager works different and it has many features, and so more programming language and sooner or later vulnerabilities, as we have already seen in the past. Anyway I can’t trust in 1 single program to manage all my passwords. Of course you are free to do it.
Lets put it like this: if the vast majority of security experts advise you to do something, it typically becomes a good idea to follow that advice.
2 Likes
Probably by selling Lastpass Premium subscriptions, and password management services to enterprises? Not everything is a conspiracy!
That being said, Bitwarden is still probably the better choice 
4 Likes
A company I know which does ~$440M in profit a year uses Lastpass. It costs them…$50 a year.
$125,000,000 + operating cost + tax / $50 is an awful lot of sales.
1 Like
This is just a bad argument. LastPass for business is $4 a user. Which is generally going to be used by smaller businesses, or large ones who don’t have a lot of people needing password managers. Enterprise won’t be $50 a year and they will also sell security packages on top of that, which is why you have to contact them for pricing. They would happily advertise $50 a year for enterprise. There is a reason they don’t post the pricing.
Second, they also charge everyday users. Yes they have a free tier but put the best features in paid accounts.
Like others have said, not everything is a conspiracy.
2 Likes
LastPass password manager allows the user to import the already existent passwords from various systems and applications and merges them to create a single active master password that is additionally managed already from the app although premium feature comes up with 24/7 tech support and many more features.
I have KeePassX which I downloaded from my Debian (buster) repository, is there a better fork for my OS? Are this features available in the desktop application or are this within the browser one?