LastPass seems to have vulnerabilities discovered [every few years](https://en.wikipedia.org/wiki/LastPass), is currently [buggy on Android](https://play.google.com/store/apps/details?id=com.lastpass.lpandroid&hl=en), and is subject to [Five/Nine/Fourteen Eyes](https://en.wikipedia.org/wiki/Five_Eyes) surveillance.
It seems like an encrypted password text file on Dropbox would give similar security without being a continual high-value attack target, but nobody seems to recommend this method.
Presuming passwords of equal security, which method is more secure? Please ELI5!
In: Technology
That’s an ELI5 question?
Most important: encryption has to be under your control. Additional encryption layers by replication or cloud services are good, but insufficient. I use Keepass2 with password and keyfile.
I work at an msp and i recommend lastpass to our clients. Its actually designed with security in mind and has a lot of security features that DB doesn’t. I would never recommend our clients store password in a text file.
Probably LastPass. LastPass servers are designed with sensitive data in mind, while Dropbox’s are not (presumably). However, “encrypted password text file” is extremely vague. There is a motto in cryptography communities, “never do your own crypto”. It’s such an incredibly complicated subject, and there’s a million different attacks that you haven’t heard of that you’re almost always better off using code that’s been reviewed and stress tested hundreds of times already. If you’re concerned about LastPass’s security, you may be interested in other password managers. BitWarden is open source and therefore had it’s code reviewed by thousands of contributors. There are also other alternatives, but any of them will likely have been better built than whatever system you throw together with Dropbox.
You’re safer turning on 2FA on everything, assuming you haven’t done so, regardless how you store your passwords. So at least have that turned in wherever possible
Latest Answers