|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
I have been using “free” Last-Pass for years. From what I’ve read recently, the latest failures in the system have left all Last-Pass users vulnerable.
Can someone provide a step-by-step process for disengaging from Last-Pass and installing a better security service? …and, of course, what that service would be (free or pay)?
Thank you.
Most password managers will import Lastpass data so you only need an export to change.
As for which one to use, it depends very much on what features you want and how much you want to pay.
Are you happy to pay?
Do you use it on more than one platform? Which?
Do you want it online or locally under your control?
Do you have multiple users / partner?
Do you need to use it on a public machine / internet cafe?
Do you make your own backup or do you want the manager to do it for you?
Do you require automatic credential fill or manual under your control?
How technical are you? Do you want to spend the time setting up your logins for (semi) automatic fill.
cheers, Paul
1. How to export your vault as CSV file to use with other password managers:
How do I export stored data from LastPass as a generic CSV file? – LastPass Support
2. How to delete your LastPass account using this link:
LastPass – Delete Your Account
3. Remove/uninstall anything to do with LastPass in your browser extension setting and/or apps on desktop.
I migrated over to Keeper which I am happy with (I got a half-price deal at Christmas) and then changed all passwords for the 84 accounts I had with LastPass (free version) wishing I had done this a year ago.
Once you have chosen a new password manager, after double checking that it will import your CSV file from LastPass (most will), set up your new password manager and import the CSV file into your new account via the account settings. Hope this helps.
The first thing I did was export all my data from LastPass into a csv file. Next I changed my Lastpass Password. From there I opened the csv file with MS Excel and printed an old fashion paper copy using MS Excel. Working from the printed spreadsheet, my next step was to evaluate which entries had the most sensitive or potentially exposed data. The passwords to these were changed first.
In view of what has happened , I decided it was time to do a major cleanup of all my online accounts. My goal is to identify which accounts no longer exist online, delete accounts that are no longer used, and change passwords for the rest of the accounts. This has proven to be a difficult and revealing task. In some cases sites which appear to no longer exist, are owned by another company and the original username and passwords work in their new websites. Some accounts need to be reactivated in order to change the password or be allowed to delete the account. Two accounts so far would not allow me to reset my password stating that my original password had too many characters, yet I could still login with that password.(?) The workaround was to say that I forgot my password. In one case I was presented with my original password in plain text. sighh.
As I was working in LastPass deleting accounts, discovered it was necessary to also do the following. Under Advanced Options/Manage your Vault/View Deleted History. From there you can select Permanently Delete All. (This is like emptying a recycle bin).
I decided to go with KeePassXC for my next password manager. The reason for my selection is that KeePassXC works in both windows and linux. Also I prefer to use a database that is stored on my own device or a location of my choice. I watched online tutorials to assist me in setup, importing data, and how to use.
First off, change your master password at LastPass to be 14 characters or larger. If your “Password Iterations” setting under Advanced Settings is less than 100100, or your master password was less than 12 characters, be sure to change all your passwords that were stored at LastPass.
Start with a new password manager, then change the password for each account stored at Lastpass. Repeat ad nauseam.
————
I can’t recommend any cloud based password manager to store *ALL* your passwords. The attack surface is so much larger with cloud based password managers.
Instead of a review of individual password managers, how about a high level review of desired features? Perhaps a desired feature list would be helpful to discuss. For example:
– Not tied to another product, standalone.
– Not cloud based.
– Does not contact the Internet (unless asked)
– Encrypted password file can be easily backed-up
– Auto-relock ability
– Easy to start & terminate
– Update & defect history available
– Customer forum available
– Open source
– Password generator
– 2FA/MFA supported
– Handles Windows Clipboard History insecurities
– Notes field available for each entry to store random security question answers and which MFA was used
– Free
– Some cross platform support
– Entries can be displayed by category
– Search all fields function
– Encryption algorithms are solid.
– Your privacy is maintained.
Which password managers pass this screen?
Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.
Keepass2 suits me fine, good reputation, local encrypted in my usbdrive in my keyring. When I send this encrypted database to a www-cloud-volt I alwas encrypt it with PGP_desktop-encryption.
@Globalist : report your findings please [never too old to learn 
]
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
