And this is why I like Bitwarden. I can run my own server, so when it goes down I know exactly who's to blame and exactly when it will be back again.
LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers
LastPass's cloud service suffered a five-hour outage today that left some people unable to use the password manager to log into their internet accounts. Its makers said offline mode wasn't affected – and that only its cloud-based password storage fell offline – although some Twitter folks disagreed. One claimed to be unable to …
COMMENTS
-
-
Wednesday 21st November 2018 21:00 GMT mosw
Re: Another Day ...
"Another day -- another cloud problem. Anyone see a pattern emerging?"
Although I understand the sentiment in this comment, I would be curious to see some actual numbers as to the the availability of typical in-house systems vs cloud based systems. In my, admittedly limited, experience with small businesses I am seeing less downtime with cloud based solutions than in-house ones.
-
Thursday 22nd November 2018 07:10 GMT really_adf
Re: Another Day ...
I would be curious to see some actual numbers as to the the availability of typical in-house systems vs cloud based systems. In my, admittedly limited, experience with small businesses I am seeing less downtime with cloud based solutions than in-house ones.
I would also be curious. I also have limited experience but the main observation I would make is that when it's your own systems, you get to choose when you do the risky things that, sometimes, you will get wrong and cause issues for users. That choice can virtually eliminate, or at least mitigate, the impact when things don't go to plan.
-
-
Tuesday 20th November 2018 23:07 GMT ma1010
Keepass
I use Keepass which runs on Windows, Linux, Mac, Android and, I think, BSD. My passwords are available on my Windows work computer, my Linux home computer, my Android phone and a USB key which I use to synchronize the different machines - and the synchronization works perfectly. (I don't actually synchronize the phone - for that I copy the password file from one of the computers onto the phone.)
I've used this for years without any problems. I have my passwords with me all the time, without a cloud in sight.
-
Tuesday 20th November 2018 23:59 GMT Peter 26
Re: Keepass
I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.
Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.
-
Wednesday 21st November 2018 00:48 GMT ma1010
Re: Keepass
Copying the file is a minor nuisance, but beats having my "cloud" account disappear for however long the provider decides to be TITSUP.
Also, I'm an odd duck and don't use my phone a great deal - mainly just look at email or make a call. I rarely use it on my phone, but on occasion it's handy.
-
-
Wednesday 21st November 2018 02:25 GMT ThatOne
Re: Keepass
> but at quite some inconvenience
Come on, how often do you add new passwords? I copy password files too, and in average I need to copy the updated password file to my phone 2-3 times a year. The rest of the time it either hasn't changed, or the changes aren't needed on my phone.
Besides I synchronize my phone weekly for other stuff, like documentation, address books and similar stuff anyway, so it's not really an inconvenience. Being locked out because their server fell over would be much more annoying, IMHO.
-
-
-
-
-
Wednesday 21st November 2018 12:15 GMT Roland6
Re: Keepass + Dropbox
>This was the reason I created a Dropbox account (many years ago).
Whilst this resolves some issues with Keepass, you are still vulnerable to Dropbox outages.
Personally, as a Lastpass user, I wasn't aware of there having been a problem until reading this article, but then I use the off-line client across my devices...
-
Thursday 22nd November 2018 10:00 GMT Korev
Re: Keepass + Dropbox
This was the reason I created a Dropbox account (many years ago). Keep the updated keepass file on Dropbox for convenient access. For those moments without internet, you'll have the last local copy on your device.
I have a similar setup. I have a pair of KeepassX databases; one for work, t'other for home stuff. The work one (keepassx is the approved standard) gets backed up to OneDrive for Business (again approved). The home stuff lives on a NAS and also gets backed up to a cloud.
The only downsides are the potential for $CLOUD to get hacked and then the encryption cracked; the other is manually entering >20 character random passwords onto an IOS device manually soon gets old...
-
-
Tuesday 20th November 2018 23:55 GMT SVV
Five hour outage drives netizens bonkers
This statement assumes that using a third party cloud based password manager was a sane thing to do in the first place. Anyone who sticks with it after a five hour outage stops people working can be safely classified as not only having being driven there, but permanently resident from now on.
-
Wednesday 21st November 2018 05:59 GMT Lars Johansson
What's all the fuzz about?
I would just like to chip in my 5p to the discussion (or throw a torch, which ever):
I am a LastPass 'power user', using both the Chrome and Edge plugins as well as the Android and iOS apps, and I hardly noticed. Circuit beakers seemed to work as intended and the plugin/app read my passwords from the local copy. The only thing i noticed was the the Chrome plugin icon turning grey, indicating no connection to the cloud...
Cheers,
/L
-
-
-
Wednesday 21st November 2018 16:53 GMT Crimperman1996
> And you break that one password you get access to all. Smart move!
Which is why it's smart to use two-factor authentication in addition to that one password. I have it set for access to my LP vault itself and for certain other services where I don't want to trust access to a single factor/password (even if that is 60 characters long and stored in LP).
As with others this outage didn't really impact me at all. I saw the Chrome icon greyed and reporting it couldn't connect to the service but I was still able to use it for the main services I needed to connect to yesterday.
I don't use LP for everything - bank details for example are committed to memory - but it is used for a lot of things now as it means I have reduced the number of complex passwords I have to remember by a significant factor. I was as wary of this as I am for any other "cloud" service (e.g. very) but after a tentative trial period I think it works and that works for me.
-
Wednesday 21st November 2018 08:46 GMT Jdoley
My grandpa always said
He always mentioned that online news and articles would never be a thing and yet here we are...! I logged into my LP account no problem today, offline worked on both my Mobile App and Browser Ext. I see some of the contents about offline Pwd managers that you can maintain and manage yourself with no online sync... I am old enough to remember times when people wanted to run their own servers because Gmail and Outlook had issues and yet here we are now! Write them down in a notebook as long as you are at it...! Im staying with free for life LP ;-)
-
Wednesday 21st November 2018 08:49 GMT Jeroen Braamhaar
Moral of the story:
Put nothing in "the cloud"
- that you don't have a certified, current and regularly checked, usable and updated (local) backup of.
- that is too important to lose (for whatever reason)
- that you must have access to at critical moments.
Completely
Lost
Our
Unmissable
Data
;-)
-
Wednesday 21st November 2018 09:17 GMT Jdoley
Re: Moral of the story: Nothing in the cloud?
Except all your money, emails, pictures, contacts, government and personal details, all your location history and information, all your relatives pictures, details, data and your own backups. But passwords are the problem here :-D this just made me laugh!
-
-
Wednesday 21st November 2018 10:55 GMT Baldrickk
I can say that I honestly didn't even notice
The app on my phone worked just fine for retrieving passwords.
And worst comes to the worst - I run through the "forgotten password" loop for a service I really need access to.
Yes, any downtime has the capacity to be annoying, but then again, I also get all the synchronisation handled for me between devices.
comme ci comme ça
-
Wednesday 21st November 2018 16:53 GMT googleman
Still using LastPass for password maangement? Just Google It!
I am surprised nobody has mentioned that Google has solved the password management problem by providing a FREE Password Manager for ALL which is also built-into Chrome browser and automatically synced with all your devices (phones/tables etc). Just visit https://passwords.google.com
-
Thursday 22nd November 2018 10:49 GMT Arkhanist
Lastpass stores and decrypts the password db locally. It uses the online sync only for backup of the db and syncing changes between different computers. It's not a cache, you can set it to never go online at all right from the start.
The online service can't decrypt the pw db at all either, it's stored as an encrypted blob which only your master pw unlocks. The web-based login on the lastpass website actually uses a javascript version of the client that downloads and decrypts the pw db on your local pc.
Where it will fall over when the cloud service is offline is using the web client (as opposed to the plugin), on a new machine, or syncing changes automatically, unsurprisingly. It's no different in principle than using a keepass db with dropbox or the like, just wrapped up a bit prettier, easier to use but admittedly a more obvious target.
The only reason I noticed it was down was when I added a new password to it on one PC, then it didn't automagically sync it to another.
-
Thursday 22nd November 2018 13:36 GMT steviebuk
That explains...
...why Lastpass was being annoying the other day. Thought it was just me. Lucky for me it fell over to the local login.
Lastpass also has a REALLY bad issue of form filling that has fuck all to do with a password and user name box. Namely Ebay. Setup an Ebay listing and it will silently slap in a big bit of script. You get a warning after you post the listing.