Thoughts on Sticky Password Premium?

lleb13 wrote: ↑ I'm thinking of switching from my beloved 1password. Anyone use it? Feedback?
My beef with 1password is that their new model is subscription based. I use ios, android, pc and mac so I prefer a 1 price for all approach.

There is what appears to be a wicked good deal on a lifetime subscription at mobilesyrup. Though I'm unsure if I'm allowed to post it..

Are you paying a subscription with 1Password or did you get grandfathered before they implemented the subscription-based price model? I've been grandfathered with the license that I purchased before so I don't see a reason to switch unless there is a new, compelling feature that they implement that won't be available to the grandfathered plans.

rvs007 wrote: ↑ Are you paying a subscription with 1Password or did you get grandfathered before they implemented the subscription-based price model? I've been grandfathered with the license that I purchased before so I don't see a reason to switch unless there is a new, compelling feature that they implement that won't be available to the grandfathered plans.

Grandfathered but from what I gather I can't sync my Mac passwords with my Android phone.
I was previously using an iPhone and didn't have any issues per say.

I believe you can still sync, but you would need to use Dropbox. 1PW is designing most of their new features around the subscription model and using their sync cloud service, and it does limit those of us who don't want to buy into the subscription model.

I'll give it a shot, thanks!

lleb13 wrote: ↑ I'm thinking of switching from my beloved 1password. Anyone use it? Feedback?

Yes, I do. I like the option of syncing locally without using the cloud.
It's so mindless to use, I also bought it for my parents.
I also like when I backup and import passwords, I can choose which one I want to import instead
of needing to import the entire file.

However, I've never used the Mac version.

There is what appears to be a wicked good deal on a lifetime subscription at mobilesyrup. Though I'm unsure if I'm allowed to post it..

This $23.99 deal is probably better: https://www.stickypassword.com/buy-prem ... 77d4229faf. Price is in USD.

I have been using Sticky Password for years and years. I swear by it and it probably is my most important piece of software other than maybe MS Office. For the very longest time, I used the free version which is fine but when there was a sale of a lifetime license for about $20US, I opted for the premium version. A free year of Premium SP is often offered by sites like giveaway of the day or Bits du Jour. If I'm not mistaken, it was offered by BDJ last week.

The difference between the Free version and the Premium version is mainly cloud syncing which scares some people. I have a strong master password so I am not as concerned as maybe I should be.

lleb13 wrote: ↑ I'm thinking of switching from my beloved 1password. Anyone use it? Feedback?
My beef with 1password is that their new model is subscription based. I use ios, android, pc and mac so I prefer a 1 price for all approach.

There is what appears to be a wicked good deal on a lifetime subscription at mobilesyrup. Though I'm unsure if I'm allowed to post it..

Bitwarden?

brew99 wrote: ↑ I believe you can still sync, but you would need to use Dropbox. 1PW is designing most of their new features around the subscription model and using their sync cloud service, and it does limit those of us who don't want to buy into the subscription model.

Never got dropbox to work but I was able to sync my data via WLAN! I think I'm still going to buy sticky password for a sibling heh.

Cheers

why pay when lastpass is free

sexyj wrote: ↑ why pay when lastpass is free

https://www.theregister.co.uk/2017/03/2 ... abilities/
"What should password managers not do? Leak your passwords? What a great idea, LastPass"

The servers have been hacked more than once (Lastpass admits twice; hackers elsewhere suggest they've hacked Lastpass over and over again).
http://www.pcworld.com/article/227268/l ... rview.html (unh, we may have been hacked in 2011)
http://www.businessinsider.com/security ... 013-2015-6 (2013)
https://www.grahamcluley.com/flaws-last ... searchers/
(it's not just this stuff either)
https://www.seancassidy.me/lostpass.html
There was a point where they denied it was a big issue too. I'm even not talking about Tavis Ormandy: "Are people really using this LastPass thing? "
Vulnerabilities were discovered even before then. And there was the LogMeIn acquisition. I refuse to touch Lastpass.

LOL,

LastPass encrypts your Vault before it goes to the server using 256-bit AES encryption. Since the Vault is already encrypted before it leaves your computer and reaches the LastPass server, not even LastPass employees can see your sensitive data! A hash is a representation of your Master Password.

"We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."

Update: In an e-mail to reporters, Ars resident password expert Jeremi Gosney said the real-world risks the breach posed to end users was minimal. He based his assessment on the LastPass response to the breach and the system that was in place when it happened. He paid particular attention to the 100,000-round hashing routine, which he said was among the strongest he has ever seen. Gosney, a password security expert at Stricture Group, wrote:

https://arstechnica.com/information-tec ... passwords/

LOL

Webslinger wrote: ↑ https://www.theregister.co.uk/2017/03/2 ... abilities/
"What should password managers not do? Leak your passwords? What a great idea, LastPass"

The servers have been hacked more than once (Lastpass admits twice; hackers elsewhere suggest they've hacked Lastpass over and over again).
http://www.pcworld.com/article/227268/l ... rview.html (unh, we may have been hacked in 2011)
http://www.businessinsider.com/security ... 013-2015-6 (2013)
https://www.grahamcluley.com/flaws-last ... searchers/
(it's not just this stuff either)
https://www.seancassidy.me/lostpass.html
There was a point where they denied it was a big issue too. I'm even not talking about Tavis Ormandy: "Are people really using this LastPass thing? "
Vulnerabilities were discovered even before then. And there was the LogMeIn acquisition. I refuse to touch Lastpass.

sexyj wrote: ↑ LastPass encrypts your Vault before it goes to the server using 256-bit AES encryption. Since the Vault is already encrypted before it leaves your computer and reaches the LastPass server, not even LastPass employees can see your sensitive data! A hash is a representation of your Master Password.

Doesn't matter when Lastpass browser extensions leaked passwords. And it doesn't matter how "minimal" the damage was. Shouldn't have been any at all.
Just damage control spin

https://www.theregister.co.uk/2017/03/2 ... abilities/
"Stop press: Ormandy has found another password-leaking bug in LastPass for Firefox 4.1.35. That'll need patching, too. Or just dump LostPass and find other manager."

Done.

cool, let me know when someone actually got "hacked" during the leak

Webslinger wrote: ↑ Doesn't matter when Lastpass browser extensions leaked passwords. And it doesn't matter how "minimal" the damage was. Shouldn't have been any at all.
Just damage control spin

https://www.theregister.co.uk/2017/03/2 ... abilities/
"Stop press: Ormandy has found another password-leaking bug in LastPass for Firefox 4.1.35. That'll need patching, too. Or just dump LostPass and find other manager."

Done.

sexyj wrote: ↑ cool, let me know when someone actually got "hacked" during the leak

Their own blog releases don't claim that no one was affected. Instead they state the "vast majority" were protected.

Exposed email addresses and password reminders from 2015 are enough for me. But suit yourself

sexyj wrote: ↑ cool, let me know when someone actually got "hacked" during the leak

Your nonchalant attitude towards a password managing database having leaks is hilarious. Even worse is that you would still recommend them... If you're looking maybe Equifax is hiring?

why? because people got hashed passwords that they can't do anything with?

lleb13 wrote: ↑ Your nonchalant attitude towards a password managing database having leaks is hilarious. Even worse is that you would still recommend them... If you're looking maybe Equifax is hiring?

sexyj wrote: ↑ why? because people got hashed passwords that they can't do anything with?

Customers were also told to change their Master Passwords because weak ones were potentially susceptible to brute force/dictionary attacks, especially when used in conjunction with password reminders.
Email addresses were also exposed.

https://www.theregister.co.uk/2015/06/1 ... ta_breach/

It's probably not worth arguing about though. If you're happy using lastpass, then use lastpass. At least they fixed the problems they did have, I guess.