Keeping your passwords safe in a safe safe.

Passwords.

Keepass logo

I’m a huge fan of Keepass. Keepass is a free program that will remember your passwords for you.

It is very easy to use and it features ‘auto-type’ so you don’t even have to copy your usernames and passwords, Keepass handles that for you.

Lastpass logo

A little while ago I heard of Lastpass. It basically does the same thing and nicely integrates with your browser, Android and IOS devices. I installed it, imported the Keepass data (which works quite well but not 100% accurately) and I used it. It’s good. It does what you should expect of it.

Then however I started wondering where Lastpass stores its data. With Keepass you have an encrypted file on your computer that holds your passwords. You can synchronise that to all your other devices by sticking it in Dropbox, Google Drive or any other file sharing system you prefer. Not so with Lastpass. I couldn’t find where that file is stored so I went looking.

It turns out that your password file is stored on the Internet, on the Lastpass servers. Each time you connect to the Internet, Lastpass will synchronise the file on the device you’re currently using.

Cloud.

Internet Cloud

So here’s the deal. You use Lastpass and you’re a happy camper. Understand that your passwords are not only on your system (in a spot that’s hard to locate; I tried and didn’t find it) but it’s also on a machine that’s outside your control. I can imagine that’s fine for vacation pictures and your collection of recipes for lasagna and hot tamales, but I didn’t feel very good about that. It’s my collection of usernames and passwords. Of course, you may argue that I’m paranoid, that Lastpass will treat your file with care and loving attention, but…

How many loving, caring systems that contain your files have been hacked lately? Yahoo for instance has a great track record of being hacked. Imagine that a hacker gets access to the file that contains your passwords, slaps some ransomware over it and next time you sync your Lastpass – kazaam, there you are with nothing left to show except a kind note from a hacker to hand over a lot of money for your files. Okay, okay, hackers can also do that to Google Drive and Dropbox (which is why I don’t keep those files there).

Control.

I like to keep things that are mine in my own hands. I’m one of the lucky people with a Synology NAS which gives me my personal cloud system (google ‘Synology Cloud Station‘). There are other ways to set up your personal cloud, I’m sure. Worst case you can always e-mail the file to yourself and download it to your device.

The potential security issue I just described made me go back to Keepass. Because I like my passwords in a safe place, one that I can decide on.

Control freak? Perhaps. But for my entire collection of credentials for online access I am happy with that title.