![]() ![]() I want a setup where both my wife and I can access our shared KeePass database simultaneously on multiple computers, plus on a couple of Android phones, with bonus points for having a self-hosted, password-protected web interface in case we have neither our own computers nor our phones with us. ![]() Bitwarden is better since it's open source (and you can host the stack yourself), but since I'm already familiar with KeePass, I'm not ready to give up on that ecosystem yet. Sure, there are solutions like LastPass, but I have an inherent mistrust of a closed-source, cloud-based password manager. But what about a scenario wherein two (or more) people want to access/change the database simultaneously? If you're just using something like Dropbox to sync the database, then you will likely end up with file conflicts and lost data. Indeed, I recommend it to anyone in a single-user situation. Toss in something like Keepass2Android, and you have mobile access as well, all for free. ![]() Just stick the database on Dropbox, Google Drive, or use Syncthing, and voila, you can access your password database everywhere. It works brilliantly, especially for a single user. We are continuously reviewing our existing processes and working to make them better to comply, and exceed, the requirements of current applicable data protection standards.For years I used KeePass to manage my ever-growing number of passwords. "All LastPass users, regardless of browser or device, are given the option to opt-out of these analytics in their LastPass Privacy Settings, located in their account here: Account Settings > Show Advanced Settings > Privacy. These trackers collect limited aggregated statistical data about how you use LastPass which is used to help us improve and optimize the product. Earlier this month the company (which is owned by LogMeIn) crippled its free offering to support only a single device type, and many users have said they would switch as a result – like user Mattias Ahnberg, who wrote on Twitter: "This means I will finally migrate away to 1Password instead of being blocked by such a limitation that you're adding." Losing free users may even have been the intention, but the tracking issues affect paid users as well, which would be more of a concern.Ī LastPass spokesperson told us: "No sensitive personally identifiable user data or vault activity could be passed through these trackers. The discussion about trackers in LastPass comes at a bad time. Kuketz recommended changing to a different password manager, such as the open-source KeePass. In his view, the presence of the trackers demonstrates a suboptimal attitude to security. Kuketz did not suggest that actual passwords or usernames are transmitted, but did note the absence of any opt-out dialogs, or information for the user about the data being sent to third parties. During use, the data also shows when new passwords are created and what type they are. He found that this included details about the device being used, the mobile operator, the type of LastPass account, the Google Advertising ID (which can connect data about the user across different apps). Kuketz also investigated what data is transmitted by inspecting the network traffic. These things do not belong in password managers, which are security-critical, he said. Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |