Some of the commenters on my Roboform to Keypass post noticed that I moved to LastPass and wanted a comparison, so here it goes.
Keypass and Lastpass really serve two different audiences. Keepass is a separate program on your computer with plug-ins for browser integration. No Keepass plugins ever worked well enough for me. LastPass is browser based with extensions (or plugins) for every major browser on every platform. LastPass uses the same master password model as Keepass so if you’re comfortable with that you should be right at home with LastPass.
Once I realized this key difference the decision to switch was much easier. The fact is a vast majority of most people’s passwords, like mine, are used in browser. Auto filling and form saving saves so much time over Keepass where I always had to copy/paste passwords from the Keypass app as the hacked together plugins for Keypass .
Like Keepass, Lastpass is free for use on the desktop. A premium subscription for $12 per year gets you mobile apps (iOS/Android/BlackBerry/Win Mobile), multifactor authentication, and priority support. The iOS app is much, much better than any of the Keepass apps available. I subscribe to the Lastpass/Xmarks combo package for $20/yr this gives me access to my passwords and bookmarks from everywhere. LastPass is so good and seamless that I would pony up the $12/yr just to support the company.
One particularly nice feature is when you need a password for use on the desktop, if you’re setting up an instant messaging client for example. LastPass has an option to copy password and asks for your master password before copying it to the clipboard. It’s a nice little added security check so someone cannot sit at your computer while logged into Lastpass and copy your passwords. You can disable this feature temporarily if you’re setting up multiple accounts at the same time.
The only caveat, Lastpass’s data is stored online (in the cloud) to facilitate syncing of your passwords on every browser and every device you use. Your passwords are encrypted prior to upload and that’s good enough for me. I just renewed my premium subscription which means I’ve been using Lastpass over a year now without a hiccup!
#1 by Tom Sellers on January 15, 2012 - 1:27 pm
As much as I embrace Keepass, I had much empathy for your angst with its browser integration. I still use Roboform on the PC, and I keep my screensaver on a short timeout to prevent unauthorized use of everything rather than just protect my passwords. However every time I create a new password on a site in Roboform, I have to manually replicate it again in Keepass. Once a day Keepass syncs to my S3 CLoud Drive, and then Folder Sync updates it on my Android device. As soon as I read your post I proceeded to the ANdroid Market. It seems that there are leagues of Android users not very happy with it. Some are astute enough to make the observation that it seems that the fault at the heart of many of the complaints lay with the constrictions imposed by the Android OS and not the Dev’s of LastPass. There is one review posted Dec 7 by ‘Kay.One’ that seems to be comprehensive enough that I changed my mind about adopting it for Android for the time being anyway. I appears you can mitigate some of the pain of using their required proprietary browser (a restriction imposed by Android OS) by using their Dolphin plugin, but I’m not a huge fan of Dolphin either, and being shoehorned into these two options gives me some trepidation as well. I’m looking forward to seeing what others have to say about the Android specific aspects and hope that Android listens up and improves things in future.
#2 by Big Dan on January 15, 2012 - 2:10 pm
Thanks for stopping by Tom. I have no Android devices to test with or else I’d play around with it. There is a Lastpass plugin for Firefox mobile. I’m don’t know if that runs on Andrioid or what but maybe that helps some?
#3 by Stephen on February 6, 2012 - 5:47 pm
Hi Dan,
Thanks for both of your writeups from last year and this year on Keepass and Lastpass.
I’ve used Roboform v6 for years and now have my first Android and considering their Everywhere service, which is $10/year. The Roboform Everywhere service sounds very similar to LastPass and wonder if you might have any opinion on the differences.
While I have no problem doing online banking, the threat of someone getting into one of my accounts has limited impact – ie, the got one account. If someone hacked into my online account of passcodes, they’d have access to everything I own. That’s a quantum leap of risk exposure.
Thanks for sharing your experiences,
Stephen
#4 by Big Dan on February 6, 2012 - 5:52 pm
Hi Stephen,
Thanks for stopping by.
I have no experience with Roboform’s newer services; I jumped shipped 2-3 years ago now. I do agree Lastpass’s all-or-nothing master password model can be troubling from a security standpoint. All I can say is LastPass has been an awesome experience. I’m confident the my master password is mixed case with enough symbols and numbers to be secure.
-Dan
#5 by Tom Sellers on February 6, 2012 - 7:21 pm
I installed Roboform Everywhere about a month ago, and ironically have not really had a chance to use it as online banking, etc., are not great on a phone anyway, so I normally wait until I’m home. As you know, there is a limitation imposed by Android that forces password managers to use their own browser. I not sure about their proprietary browser and where it gets its DNS. I redid a website about a week ago, and I went to it with the Roboform browser, and it still gives me the old site which has to be cached somewhere. Then when I clicked on a link it found the new site. Looked for a refresh icon and could find no way to reload the page. For the time being whenever I create a new password or site registration I am mirroring it in Keepass as well. One of my banking sites uses a two-page login system where I have to enter the passkey on the second page. THis causes Roboform grief, and in fact I had to look it up manually, then enter it manually to login to the banking page.
#6 by Big Dan on February 6, 2012 - 8:01 pm
Tom if you’re using Bank Of America, as I remember it Roboform has a specific process for saying their two step login: http://www.roboform.com/support/manual/roboform#loginmultistep
Big Dan´s last [type] ..Hello world!
#7 by Tom Sellers on February 6, 2012 - 8:35 pm
Dan,
Thanks very much, man your memory is amazing, you must drive your wife nuts when you have an argument!
Anyway I went and gave it a try and it seemed to work great on the Windows 7 desktop. So then I did a Sync and it told me there were no changes since the last sync. Undaunted I then went and synced the Android device anyway. It did pick up the new passcards I had just changed. SO encouraged, I gave it a shot on the phone. It goes to first page and fills it in and then moves to the second page. Then, unfortunately, it does not auto fill that page.. In fact I cannot seem to figure out how to make it fill. Even if the cursor is in the correct box, and you hit >menu>fill it still will not fill the box. Part of the problem of course is this is a Canadian Credit Union so they may be using some other algorithms for their windows, but we’re closer now than I was before, and it works on my desktop better anyway.