OneLogin = Breached : Alternative Password Managers?

Jayy · Mr. Ponzi Joined: 08 Jun 2009 Karma :

Not the first time it has been breached and similar services like Last Pass and Roboform are equally as vulnerable.

Is there a password manager that doesn't require online accounts, local only and will fill your usual login boxes with user/pass?

Been looking around but most seem to require online accounts and synching... no thanks.

Ste · Not Work Safe Joined: 01 Sep 2002 Karma :

The only way to not be vulnerable to services or a program you're running locally being breached is to use a .txt file for maximum security. Razz

stinkwheel · Bovine Proctologist Joined: 12 Jul 2004 Karma :

Write them down in a little book. Keep it in your pocket. Don't lose it.
____________________
“Rule one: Always stick around for one more drink. That's when things happen. That's when you find out everything you want to know.”
I did the 2010 Round Britain Rally on my 350 Bullet. 89 landmarks, 3 months, 9,500 miles.

Ste · Not Work Safe Joined: 01 Sep 2002 Karma :

Maximum security can be increased by keeping the .txt file on a USB stick which is encrypted with a passphrase rather than password.

For passphrases, have a look at diceware: https://www.google.co.uk/search?q=diceware

P. · Red Rocket Joined: 14 Feb 2008 Karma :

I have a password vault with work, doubtful you'll ever get in.

However, I have very few things that are truly worth protecting, the stuff that is has been pushed so far into my head that I'll remember it... always.

Perhaps writing your own bit of kit using your own stuff to keep your own stuff locked down. Something written by someone else always means someone knows...

Jayy · Mr. Ponzi Joined: 08 Jun 2009 Karma :

I store most things in KeePass on my local machine which is encrypted but that doesn't save me the time and effort Last Pass does by form filling user/pass boxes on all the sites I use.

Jayy · Mr. Ponzi Joined: 08 Jun 2009 Karma :

Ste · Not Work Safe Joined: 01 Sep 2002 Karma :

I didn't say anything about big cloud services. Razz

t121anf · World Chat Champion Joined: 23 Feb 2007 Karma :

Falco · Traffic Copper Joined: 27 Nov 2015 Karma :

KeePass (as mentioned) is the one that sounds closest to what you want.

I would strongly recommend against writing your own encryption scheme. Use a generally available bit of freeware (veracrypt is the spiritual successor to truecrypt and is pretty easy to use). Security through obscurity is worthless, a well made encryption scheme should be impervious to someone knowing the details of it, knowing the salt length,number of hashes and whether its Sha-1 won't help. If they are sophisticated enough to be using a side- channel attack to get the info off your computer, a home-brew system will pose no obstacle.

Schneier's law: "any person can invent a security system so clever that she or he can't think of how to break it"

Having said that, LastPass isn't particularly insecure.Unless they are keeping your passwords in plaintext (they aren't) then stealing an encrypted vault isn't hugely useful. It's not ideal of course, since in the next 20+ years computing power may actually allow for a successful attack on the files, but that is the trade off, security for convenience.
____________________
I tell you what, mathematically, I'm having it