![]() ![]() So, if you let your session open and left your computer, anyone can steal you password. In chrome, for example, it seems that your password are simply in plain text on your file system. If someone else know your operating system account password they can steal all the password in your manager. Lastpass on the other hand store your passwords on their server and encrypt them using the master password associated with your lastpass account.īrowser password manager : It assumes that your operating system account is secure. For example, on windows, if you want to view your saved passwords you need to enter your windows credentials. ![]() The password manager included in your browser usually store your password on your file system and protect them using your operating system account. If you don't trust the upload-feature completely, use Keepass to keep some passwords offline. The reason to choose Lastpass in the end is because I realized I became sloppy and all those features in one place makes it a good deal. ![]() I have used both, first Firefox, then Lastpass, then again Firefox and now Lastpass. Most of Lastpass features can be added with addons to the Firefox Password Manager. Then it comes down to features and risks, and both have pros and cons. Removing the passwords from the unprotected Firefox password manager is a good idea, as you've already decided to use Lastpass.Īs is answered here already, when using a master password, it is pretty safe. The "normal" user won't be confused and can check this box. So when Lastpass asks this question they oversimplify, but I guess with good reason. This is the use case for most people, but probably not for the visitors of this site. They login to a site, Firefox offers to store the password, they agree, and that's it. I guess most of the time people use the password manager in Firefox without master password. The checkbox in the screenshot refers to the Firefix Password Manager without Master Password, although it doesn't check and it works in both cases. (My initial research reveals complaints and vulnerabilities in old (pre-Sync) versions of Firefox, including confusion about which login components are encrypted and which are not, suggestions that new Sync is "zero-knowledge" (but no clarification on what is stored in plaintext locally), claims that LastPass uses JavaScript for encryption and is therefore inherently insecure and, most confusingly, endorsement of LastPass from Mozilla.) I assume the threat model is something like daily browser use, including entering passwords for online banking etc, and storing and sharing login credentials between browser installations on different machines you own.) ( not comparing LastPass to unsynced Firefox without Master Password).
0 Comments
Leave a Reply. |