Why would I use Keepass when Lastpass is even more secure?
If somebody gets your Keepass DB, they just have to guess your password.
Meanwhile, somebody has to know your Lastpass password and then break the 6 other multifactor methods you can add to your account.
On top of that, you don't have to spend so much time syncing your Keepass DB.
Keepass BTFO.
>If somebody gets your Keepass DB, they just have to guess your password.
And how will they get my DB when I'm taking every conceivable measure to prevent that from happening?
Who are the bad boys more likely to target, the single person with one Keepass DB, or the big service storing passwords of tens of thousands of users?
You are fucking retarded if you entrust your passwords to a 3rd party service whose security measures you cannot verify.
>>53172310
>And how will they get my DB when I'm taking every conceivable measure to prevent that from happening?
Lol as if you can stop them.
>>53172285
>6 other multifactor methods
You're not using all of the multi factor authentication methods you have on LastPass. You pick one to enable to 2FA.
>If somebody gets your Keepass DB, they just have to guess your password.
You're also not taking into account that you have 2FA on KeePass as well.
>On top of that, you don't have to sped so much time syncing your Keepass DB.
Happens automagically with my OwnCloud without having to worry.
Your arguments seem flimsy.
>>53172388
I use 2 multifactor options.
>You're also not taking into account that you have 2FA on KeePass as well.
No you don't.
>>53172285
>they just have to guess your password.
they also need to have my key file thats stored safely on flashdrive with my keys
>>53172285
If someone could get your KeePass dB they could get your lastpass db
>>53172405
>I use 2 multifactor options.
Me too.
>No you don't.
Yes, you do. See https://keepass.info/features.html
>One master password decrypts the complete database.
>Alternatively you can use key files. Key files provide better security than master passwords in most cases. You only have to carry the key file with you, for example on a floppy disk, USB stick, or you can burn it onto a CD. Of course, you shouldn't lose this disk then.
>For even more security you can combine the above two methods: the database then requires the key file and the password in order to be unlocked. Even if you lose your key file, the database would remain secure.
>Trusting a meme closed source product/company with your passwords
>2016
You do realize how long it would take to brute force a 7+ charactor password, right?
>>53172314
>Lol as if you can stop them.
Define "them".
Nobody will be as retarded to target me. Because either they have intel about my person, in which case they know I'm just an average guy with below-average wealth, or they don't have intel about my person, in which case they take a huge gamble trying to obtain my Keepass DB and then trying to crack it (which is going to take a damn long time given the strength of the keyfile).
So in the end, the reward/effort ratio is just too low for any sane person to consider that.
Meanwhile, the Lastpass servers are looking far more attractive. In fact, it might even be worth blowing money on a 0day to get into them because you know those DB contents are going to contain information that's juicy as fuck simply by going by how many users are registered with Lastpass.
>>53172494
>mfw
>>53172445
>keyfiles
Kek. If you lose it or it gets taken, you're fucked.
There's a reason that Lastpass doesn't give you keyfiles. They are fucking stupid.
>>53172310
Most people use dropbox to sync keypass dbs. Dropbox is laughbly insecure.
>>53172518
If you lose keys to your house you are fucked too.
I think you should leave your house open, keys are fucking stupid
Why don't you show us how easy it is to crack a Keepass DB? then I will believe you.
>>53172518
>If you lose [your key file] or [if it] gets taken, you're fucked.
Weak argument. See https://lastpass.com/multifactor-authentication/ If you lose any of these methods, you're fucked too.
>>53172497
Only with a very large character space and sufficient entropy this will take roughly a year, which you can easily distribute over multiple processors on multiple systems to speed up.
This is very feasible and not hard at all.
>>53172518
Most of the 2-factor authentication methods Lastpass offers amount to the same thing.
You have the classic hardware tokens, which you can also realize with Keepass.
You have something akin to a TAN list you print out - which can be lost as well. A fingerprint authentication - which is laughable since these fingerprint readers are getting cracked open one after another and not even high-end professional fingerprint readers are that great.
And then you have a wide variety of smartphone apps for which you must be a colossal kek to use since you outsource yet another attack vector to an external closed-source application which you can't control.
I'm actually surprised they don't offer an SMS TAN since that is the pinnacle of unsecure two-factor authentication.
>>53172525
>Most people use dropbox to sync keypass dbs. Dropbox is laughbly insecure.
Lol yeah it's fucking stupid. I bet most of these Keepass plebs use Dropbox.
>>53172563
You are way more likely to lose a keyfile
>>53172641
Im about as likely to lose my keyfile as im likely to lose my virginity.
So yeah, its pretty fucking secure
>>53172285
>memory > everything
stay pleb
>>53172641
>You are way more likely to lose a keyfile
That's entirely up to you. You're no more likely to lose your hardware token than your key file stored on your flash drive.
Yet another weak argument. Just stop.
>>53172641
Are you for fucking real? A keyfile I can burn on multiple discs and put them on multiple USB drives and store them in various secure locations.
With one of those joke smartphone apps you're fucked once your smartphone breaks, which happens very often to stupid retards nowadays.
I used to use keepass etc
Then I was the victim of identity fraud, then I realized there was no point.
Anything you really don't want deleted, store it offline. Anything embarrassing you should just delete when you're done. Anything with money just ask your bank to refund you.
>>53172696
what does keepass have anything to do with your identity
>>53172725
I mean whats the point having a secure password?
Just use the same simple password for everything, there will be no consequences.
>>53172742
haha lol hehe lmao
just come on guys
>>53172678
Do you use a password as well as a keyfile? I could never just trust a keyfile for accessing literally every single one of my passwords.
>>53172285
GOOD /G/OYS , give your private data in exchange for shekels
>>53172742
>>53172755
whats the difference between:
http://keepass.info/
and
https://www.keepassx.org/
>>53172782
KeepassX is not based on mono so it doesnt look like shit on GNU/Linux, but unfortunatly it doesnt support keepass plugins (except for couple that are built in).
Who /yubikey with HOTP/ here?
>>53172285
why would i use a single password to protect my passwords? are you retarded or wat. password managers are new meme
>>53173042
Because human entropy and memory sucks. Use a password manager with 2FA.
>>53173118
how bout not using a password manager at all
>>53173131
Again, human entropy and memory sucks.
>>53173135
no you are just retarded enough to not remember your passwords
>>53173138
If you do, they seriously lack entropy.
>not using a 30+ character password on keepass
good luck with bruteforcing one of these
I need a """"good"""" online backup for my .kdbx.
I've a .key file is a external drive and Google Drive.
>>53172667
>muh memory
ok kid
>>53173042
>password managers are new meme
please go back to /b/
>>53173531
got offended weaboo?
>>53173548
kek
>>53172285
>they just have to guess your password.
Oh, is that all they have to do? That simple, easy task.
>>53172285
that's why I'm using lastpass for the past 6-7 years.... never bothered again
>>53172314
>mfw my keepass db is literally on a usb flash drive on my keys and no where else other than a backup on an external at my house
Yep, every day some asshole tries to grab that flash drive off of my pants. They're out there, anon.
Keypass has 2 factor authentication if you want to use it.
>all they have to do is guess your password
Oh I'm sure. My 23 character long password is so easy to guess. It's not even 23 characters long, that's a lie. Or is it
>>53172285
>keeping all eggs in one basket
People never learn.
>>53173035
>yubikey with HOTP
What is this? Looks pretty cool.
>>53174534
>Keypass has 2 factor authentication if you want to use it.
Yeah...only 1 kind
Lastpass has 6. Stay mad.
>>53174546
What if the basket is velvet lined and supported by a self-correcting gyroscope calibrated balancing robot?
And the alternative to the basket is having eggs lying around on the floor in your garage
In this situation you'd be retarded to put the eggs anywhere but the basket.
Your analogy doesn't work because if it did it'd also work against the use of safes in banks.
Banks shouldn't be keeping all their money in safes, that's just asking for trouble
>>53172285
>If somebody gets your Keepass DB
And how the fuck are they going to do that?
Even if they did get physical access to my computer, they'd need to be tech-savy enough to even find it.
The chances of that happening are near impossible.
>>53172285
Lastpass got sold to LogMeIn.
They were a fairly trustworthy company before then. Now I have my doubts.
>>53174548
It's a YubiKey, for 2FA. https://www.yubico.com/products/yubikey-hardware/
>>53174568
Idiot, someone getting your DB is the easy bit.
It's fucking AES-256. If the NSA wanted in they'd be stuck with bruteforcing the password. For a password longer than about 15 characters that's a few billion years of attempts.
>>53174554
Do you even know where your passwords are?
Your passwords are kept by someone else and can be accessed by anyone with a warrant.
>>53174554
>Lastpass has 6 layers of placebo
I don't care if it had 100 layers of shit. I'm not trying any third-party ONLINE company with all my fucking data.
It's stupid.
>>53174567
> self-correcting gyroscope
That this should be powered by something.
What if the grid goes down?
What if you haven't stuck your head so far up the ass and realized there is a reason why people keep information on multiple places.
Dumb anon
also
>banks dont get robbed
please
>>53172285
Question.
Why do you even need to use that ?
>>53174593
>someone getting your DB is the easy bit.
They can break into my encrypted volume? Interesting.
>If the NSA wanted in they'd be stuck with bruteforcing the password
Who cares if they brute the password. They can't do shit without my keyfiles, which are also hidden, and required in order to open the DB.
I don't think you have any idea what's going on.
>>53174568
>And how the fuck are they going to do that?
You probably use Windows.
Didn't LastPass get all their passwords leaked a while ago?
How the fuck do you still trust them, or ANY online server with your secure data still?
>>53174633
because this is a shill thread if you haven't noticed by now.
>>53174607
Banks do get robbed. You think they'd lose more or less money by not having safes?
You can keep your keepass DB in as many locations as you want, it is a fucking 40 or so kB file.
So your basket and eggs analogy betrays a deep misunderstanding of the technology you're criticising.
>>53174633
>Didn't LastPass get all their passwords leaked a while ago?
No. Why are you making shit up?
>>53174650
https://nakedsecurity.sophos.com/2015/06/16/bad-news-lastpass-breached-good-news-you-should-be-ok/
>>53174696
>(e.g. no encrypted user data was accessed).
>(e.g. no encrypted user data was accessed).
>(e.g. no encrypted user data was accessed).
Even that link says no passwords were leaked.
>>53174598
> muh data
> muh pedo porn
aw that was a funny post, please shitpost again!
>>53174649
>Banks keep large amounts of paper money
Buddy stick to your shilling you don't know the first thing of how banks work.
If they bypass this program only once they have all your shit no matter where it its stored.
Biggest robbery of the century happened few months back on multiple banks at once and i dont see anyone talking about it here,your analogy is shit because you dont seem to grasp how money is created.
Stop talking about things you don't understand.
>>53174725
You're arguing with a counter-analogy.
The fact that you think 'bypassing this program' is a thing shows how little you understand about the security of an AES-256 encrypted database.
Banks get robbed when the vaults are open.
>>53174755
>but but muh AES
keep dreaming,you will be back in few years crying and yelling IT IS OVER ITS FINISHED AES IS GONE
>>53174755
but anon, all they gotta do is break every conventional encryption algo to get to it. thats just the easy bit!
https://en.wikipedia.org/wiki/LastPass#2015_security_breach
>Their investigation revealed that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
B T F O
T
F
O
>>53172518
>>The Current year
>>Using keyfiles you can't recreate
echo "Make America Great Again!" > Wall.txt
>>53174467
kek
>falling for the password manager meme
>>53172563
As long as you're still logged into lastpass you can disable the 2FA. I lost my keychain which had my yubikey on it and I just disabled the 2FA. Even if you aren't logged in I think you can disable lastpass 2FA from your email.
>>53174842
Not seeing the problem there at all?
>>53176786
Then they'd still have to own your email account, but yeah.
>>53172285
>If somebody gets your Keepass DB, they just have to guess your password.
If someone gets my Keepass DB then I will change all my passwords.
>guess your password
Maybe in a few hundred years they will get into it. Also they need my key file.
>>53177228
>>If somebody gets your Keepass DB, they just have to guess your password.
>If someone gets my Keepass DB then I will change all my passwords.
I'm not OP, btw. Nobody ever tells you, sadly.
>>guess your password
>Maybe in a few hundred years they will get into it. Also they need my key file.
That's a good Anon.
>>53172285
Keepass > Lastpass
kek
>>53172285
>outsourcing all your personal info to a single entity
it would actually be worth the time to attack it instead of your single keepass DB. Literally the only reason to use last pass is making sure the goyims and NSA get your credentials. If you're too stupid to keep a single file synced kill yourself immediately (or get off /g/)
>>53173035
got one of those yubikeys during the github promo
it's pretty much useless atm because neither Firefox and Keepass offer convenient integration
>>53178698
lastpass does.
>>53172641
Oh, look, this guy is an actuarian! Thanks for crunching the numbers, faggot.
