@noeldemartin there's also KeePass. I use it and there are many compatible apps and programs on multiple platforms.
@hector Looking briefly on their site it looks like there is actually a database with your passwords, somewhere. The beauty of LessPass is that it is stateless, so my passwords aren't stored anywhere :) They are generated each time using a combination of multiple things (the site I'm trying to log in, my "master password", etc.)
@noeldemartin I understand that the LessPass passwords are deterministically generated. However, realistically, you will still need to hold some state aside from the master password: username, options, and importantly, the counter. If a site has a security breach, or if there's a bug causing a password reset and you need to change your password, you will need to increment the counter and remember it.
Therefore, since you will realistically need to keep some state synced anyway, consider the following advantages of KeePassXC aside from what I already mentioned:
- Fully encrypted database, meaning that even if someone steals your device they cannot access the password vault without the "master password" i.e. encryption key.
- The database is typically less than 1 MB in size even with a hundred entries.
- Keeps track of timestamps when any entry is created or modified, so you know how old your password is.
- Configurable random password generator, seeded independently each time (IMO better than deterministically generating ALL your passwords from a single seed).
- Stores additional fields with each entry aside from the password, including username, email, notes, TOTP (2-factor auth), custom fields etc.
Therefore, since you will realistically need to keep some state synced anyway, consider the following advantages of KeePassXC aside from what I already mentioned:
- Fully encrypted database, meaning that even if someone steals your device they cannot access the password vault without the "master password" i.e. encryption key.
- The database is typically less than 1 MB in size even with a hundred entries.
- Keeps track of timestamps when any entry is created or modified, so you know how old your password is.
- Configurable random password generator, seeded independently each time (IMO better than deterministically generating ALL your passwords from a single seed).
- Stores additional fields with each entry aside from the password, including username, email, notes, TOTP (2-factor auth), custom fields etc.
@hector Yeah, it has some advantages for sure, but also some trade-offs. I've been using LastPass for a while which is using this paradigm of storing the passwords somewhere, so I'll try LessPass to see how it goes. In the end, if I ever forget any of the seed data I can always reset the password. I don't keep really important passwords (the ones that cannot be reset by email) on these services.
LastPass
(3/3) So I'm moving to LessPass; something that is open source, doesn't rely on any servers and it's been recommended to me multiple times. If any of you is not using a password manager, I strongly recommend you to do so!