I use keepass with Key and Master password combination. I store the password database on the dropbox/SFTP and carry my key with myself on my cell phone, laptop etc. and then the master password is in my mind :) . So with this , even if my password database gets compromised or dropbox gets hacked, My password database is still encrypted and the keys/password is not with the password database file. Amit K Nepal (CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist) On 7/28/2016 1:25 AM, Joseph Sinclair wrote: > I do use Lastpass, fortunately I do not use the Firefox client affected by the latest issue, which has already been patched (One thing Lastpass has done well is security response and patching). > I don't store everything there, but I do store some things there for various reasons (mostly needing to use them on idiotic sites that actively block copy/paste). > > I store absolutely everything in encrypted databases (multiple small files for performance and separation) (not keepass, mono is too much of a pig to run on my desktops). > The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync via it's normal repo synchronization. I gain the advantage of "oops" recovery as well with the version history. > The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync. > > Nothing's perfect, but the amount of work needed to get past the encryption should vastly exceed the rather low value of what's stored there (in my case). > > > On 07/27/2016 03:34 PM, Stephen Partington wrote: >> I know several of you here are using keepass. of those users who is working >> with the various browser integrations and the various android apps. and the >> usual or unusual means of keeping the db across multiple locations. >> >> I have been wondering about keepass and its use for some time, but now with >> the recent security hold found in Lastpass i am taking a second look at it. >> >> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/ >> >> ​PS i know this is not a real 0 day bug, so does the author. not sure why >> he decided to do that sort of weird headline.​ >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss