No reviews yetBe the first to leave a review for LessPass
Wispr Flow: Dictation That Works Everywhere ā Stop typing. Start speaking. 4x faster.
Stop typing. Start speaking. 4x faster.
Promoted
Actually, this makes sense but I guess it requires an extra layer of security before generating the password in untrusted browsers. What do you think about adding two-step verification before generating the password? Would it make the system safer?
@guillaume20100 I mean new devices that the user is trying to regenerate his/her password so in case an attacker grabs user's credentials, he/she will still need to verify before regenerating the same password.
@sekodev In the case of public computers, I would assume that the machine is compromised. I certainly wouldn't do any banking on such a machine. If I need a password for a service, I will use my phone to create my password, and visually copy it on the compromised computer. But personaly I don't use services on public computer and never log in. And I recommend to do so. Hope it answers your question
Did I get it right: you take one master password, and use that as seed to generate pseudo-random passwords for all the other sites? The idea is brilliant and deceptively simple, however, have you done formal security analysis on this approach? It seems insecure to me. Consider this: if somebody were able to steal your master password, they'd be able to generate the passwords and gain access to all your other LessPass-managed sites.
@kixpanganiban you're right we need some security audit https://github.com/lesspass/less.... And If somebody find your master password, yes your probably not good. We are making an app to encourage people to "regularly" change their master password and increase security of the tools. There is more on github if you're interested in. Thank you
Report
@guillaume20100 Ah, but then it would be self-defeating, no? Since if you change your master password, you'd be forced to change your password for all registered sites as well since they would have to be generated from a new seed. I guess that's the tradeoff -- convenience for security. This flaw notwithstanding, I still love how simple LessPass is and kudos to you guys for all your work.
Report
Surely this means that it's easier to find the way it encrypts passwords? (sorry, noob with this stuff)
How timely. I'm still using KeyPass since most of my stuff is stored on there but this looks like a great time to switch. Looks simple and beautiful! @guillaume20100
@kevinohlsson KeePass generate random passwords and save them in an encrypted vault. So you need a way to sync your vault beetween all your devices. LessPass recreate a unique password for every site base on unique information you know. So you don't need to sync your passwords. Learn more on https://blog.lesspass.com
Report
So it's like MasterPassword merged with LastPass that can be self-hosted and is a bit simpler?
@bgiesing39 Yes except that you can not save a password in our database. So you can not save your credit card number for example. And more important, LessPass is open source. Lastpass is not.
LessPass
LessPass
LessPass
LessPass
Re:amaze
LessPass
LessPass
LessPass
LessPass
LessPass