<a href="https://en.wikipedia.org/wiki/LastPass#Security_issues" rel="nofollow">https://en.wikipedia.org/wiki/LastPass#Security_issues</a><p>At this point, LastPass is a form of password sharing. No rational person should be trusting it.<p>If anyone wants an alternative, I'm a big fan of <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a>
For anyone looking for an alternative, let me pitch pass (<a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a>). Think of it like it like the vim/emacs of the password storage space — it’s minimal, highly portable, easily expendable, has a minor learning curve, but is well worth it.<p>Pass essentially takes your passwords stores them in a regular file and encrypts the file using GPG. These files are then stored in a folder that uses git to do version tracking of the files. All this means that:<p>- Pass can easily be distributed (you can sync your password across devices via GitHub, Gitlab, or your own ssh/git setup)
- Passwords are encrypted using GPG, so y unless someone has your private key they’re not decrypting anything
- It’s open source and there is a client for basically all operating systems
- If you can’t install a client or need to access a file, it’s just a regular encrypted text file so you can decrypt it using GPG and edit it how you see fit.<p>Things that suck:
- Setup isn’t as easy as lastpass: You’ll need to generate an private key/public key pair. While this is fairly easy, sharing that key to your other devices can be hard especially mobile.
- Your passwords are now protected with a key file not a single password (most likely it’ll be a keyfile protected by a key) so if you’ll need to make sure you back up that key.
- It doesn’t just work, if you want cross platform usage, you need to setup your own cross platform distribution method. Although the pass community basically uses git for distribution so it isn’t horrible but not as seem less as other products