1. Larches's Avatar
    I am a long-standing KeePass user, but I find its browser integration and Android apps a bit ropey, and certainly harder work than a cloud-based solution such as Lastpass or Bitwarden. I have been trying both of those, and they are so much more convenient, but I do worry about how vulnerable they may be to attack.

    I know these solutions talk of end-to-end encryption as a way of ensuring security, and I think I understand that in principle, but don't know enough about it to assess how foolproof it really is. I know they keep a copy of my password database on the cloud, but then I do that anyway by having my KeePass database file on cloud storage. Maybe the difference is that both the cloud storage password and the database password would be required to access my KP DB, but only one set of credentials would be required to access my Lastpass account (for example)? I've seen suggestions that if Lastpass (et al) were hacked, the data would be useless as it's all encrypted - is it really as straightforward as that?

    The other consideration for me is that I like to maintain versioned backups of my KP DB, so not only do I have a local backup of the whole DB, but I can roll back to several versions ago if I realise there's an integrity problem with the DB. I don't know any (automated) way of doing that with Lastpass or Bitwarden (though I have only tried the free versions thus far).

    I would be interested to know people's views on all of this, as at the moment I'm very tempted by the convenience of a cloud solution (with native Android app and Firefox & Chrome extensions) but just can't decide if it's really a good idea (though I know millions of people have depended on them for a long time!).
    12-27-2020 05:06 PM
  2. hallux's Avatar
    I use a password manager, Roboform. I pay for the "everywhere" account, which includes cloud sync for my database. The database may be stored in the cloud, but it's just kept there to then be downloaded to new clients or for changes to sync to other clients. Back when another password manager was hacked (I don't recall if it was Keepass, LastPass, OnePassword or some other) they wrote a blog post or had an announcement on their page that explained how their system (the cloud storage itself) was safer than the one that was hacked.

    Here's my feeling - as long as you have a long and complex master password there is little risk to your database. If designed properly, the database is actually unlocked on your device and your password is never sent over the internet except upon the initial authentication when installing the app.

    Roboform also offers MFA, so even if your account password is compromised they can't download your database without your MFA device.
    Larches likes this.
    12-27-2020 10:26 PM
  3. Larches's Avatar
    I hadn't really considered Roboform thus far, but it sounds like it's worth me having a look - thank you for the suggestion.
    12-28-2020 06:23 AM
  4. Mooncatt's Avatar
    I generally like LastPass for its encryption, which is outlined here.

    Long story short, I doubt even the NSA could crack it and get into your personal data. My only concern with them lately is the Android app hasn't been respecting the auto-lock feature that is supposed to ask for your biometric or password to verify your identity after being idle. You can get around this by setting the auto-lock to "always," instead of a timed lock. I contacted them about it and they didn't seem interested in addressing it.
    12-28-2020 08:16 AM
  5. hallux's Avatar
    I hadn't really considered Roboform thus far
    It seems to be left out of the comparison articles for some reason. They DO report getting highly rated so someone is looking. Maybe obscurity is the best security? They have apps for all the major platforms and add-ins for the major browsers.

    There's a referral program, and we both benefit from it. If you decide to go that route let me know and I'll figure out how that program works.

    Here's how we both benefit -
    When an order for a new personal subscription of RoboForm Everywhere (1, 3, or 5 years) is placed using your link, you AND your friend will receive an additional 6 MONTHS FOR FREE!
    12-28-2020 09:42 AM
  6. Larches's Avatar
    Thanks everyone for your responses. I've just discovered that KeepassXC (forked from Keepass) has its own native browser extension, so I'm trying that out to see if that plus Keepass2Android on mobile might be a satisfactory compromise, before committing to a paid product or going down the 'full cloud' route. Looks quite promising so far (even though it would be nicer if there were a dedicated KeepassXC mobile app).
    12-29-2020 12:08 PM
  7. me just saying's Avatar
    I hjave been using Lastpass since a few months after they went live. I have been paying for the subscription just to support them. It does not bother me that my info is stored on the cloud. It actually makes things more convenient since I can access passwords no matter where I am at and no matter the major browser I am using. I also use two factor for extra protection.

    Just about every password manager has had issues over the years, lastpass included, use whatever gives you peace of mind.
    12-29-2020 01:19 PM

Similar Threads

  1. What are signs my phone is being watched ny a third party
    By Android Central Question in forum Ask a Question
    Replies: 2
    Last Post: 12-27-2020, 03:42 PM
  2. My sumsung galaxy a71 all incoming calls are showing unknown. What a reason?
    By Android Central Question in forum Ask a Question
    Replies: 4
    Last Post: 12-27-2020, 03:26 PM
  3. I forgot my password on iwawa bebe tablet?
    By Android Central Question in forum Ask a Question
    Replies: 1
    Last Post: 12-26-2020, 09:04 PM
  4. Replies: 2
    Last Post: 12-26-2020, 07:05 PM
  5. I can not find the application manager on my phone...
    By Android Central Question in forum Ask a Question
    Replies: 3
    Last Post: 12-26-2020, 07:02 PM