Hi everyone,
I just came across this project called LessPass, which doesn’t require a database as a back-end and can compute passwords on the fly instead of storing them. The idea really intrigued me, and I wanted to know from the community about the experience of using it - did you run into any troubles with it? How does it compare to more traditional password managers (which would need me to think of a back-up strategy)?
Is it possible to back up your passwords from LessPass? Can you use your own passwords when you prefer to? How are the client programs?
Thanks!
narc0tic_bird@lemm.ee 11 months ago
It’s a cool concept that quickly falls apart in my opinion:
I could probably list a lot of other reasons why it’s not a good idea to use it. There are probably some edge cases where it’s good, for demonstration purposes or training sessions where the participants all need unique (temporary) logins for several services.
ThetaDev@lemm.ee 11 months ago
You also cannot use it to store secret information like bank account/credit card details, API keys, etc.
ogarcia@lemmy.world 11 months ago
In my view, both a password file (vault/database) and LessPass are potentially attackable via brute force. I don’t see that one is safer than the other.
narc0tic_bird@lemm.ee 11 months ago
Point being that an attacker also needs access to said vault.
jeffhykin@lemm.ee 11 months ago
#3 isn’t true. There’s a username field, so you just put in the username of the alt accounts.
Your point about the master password and two factor is a good one though.
In practice the password requirements are rare (like 1% of sites), but problematic when they happen because there’s so many different ways to restrict passwords and trying all combinations is impractical. Needing the counter is exceedingly rare. Remembering the username isn’t a problem, but if you don’t have a consistent policy of always-using-a-username or always-using-the-email (as the lesspass username) it can be difficult to remember that. Similar situation with the URL, if it’s not abbreviated consistently, then it’s a problem.
MigratingtoLemmy@lemmy.world 11 months ago
Thanks, I’ll keep this in mind.