33
Review of LessPass? (lemmy.world)
submitted 10 months ago* (last edited 10 months ago) by MigratingtoLemmy@lemmy.world to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments

Hi everyone,

I just came across this project called LessPass, which doesn't require a database as a back-end and can compute passwords on the fly instead of storing them. The idea really intrigued me, and I wanted to know from the community about the experience of using it - did you run into any troubles with it? How does it compare to more traditional password managers (which would need me to think of a back-up strategy)?

Is it possible to back up your passwords from LessPass? Can you use your own passwords when you prefer to? How are the client programs?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[-] jeffhykin@lemm.ee -1 points 10 months ago* (last edited 9 months ago)

Despite what others are saying, I've been using it for a couple years and it can work great if you're okay with the trade-offs.

Of the three (Integrity, Confidentiality, Availability) it has better availability than cloud storage which is what I care about. Even when the LessPass site is down, there's an IPFS version, mirrors, local cache, etc so it's basically always possible to derive any password.

At a user level, it's very impractical (and a slight risk) to always retype the master password at every single login screen. However, letting the local autofill save the password doesn't defeat the point of LessPass. Why? because, if you only use local storage, and you're traveling and your phone breaks, you're now locked out of every account. With LessPass, you're fine as soon as you get an internet connection.

There are a few caveats.

  • There's no global 2factor. Loosing the master password means every site that doesn't have its own 2factor is instantly fully exposed.
  • I do agree there are a few sites where the default options don't work because of the character restrictions. It's about 1.2% of websites in my experience, but they are painful exceptions. Basically you have to rely on memory to be able to pick those same settings again. I recently wish there was a unified dataset of which websites had password requirements, and then LessPass would auto check the necessary boxes when the website URL was pasted in. Maybe one day.
  • Changing your master password requires changing every single website. If you don't, then it's impractical to remember what password was used for what site.
[-] MigratingtoLemmy@lemmy.world 1 points 9 months ago

I don't understand. Why would I save my passwords in the browser of I'm using a password manager?

[-] jeffhykin@lemm.ee 2 points 9 months ago* (last edited 9 months ago)

It avoids the need for cloud storage.

If I'm out somewhere, with no device on me, I can still generate my passwords

this post was submitted on 25 Nov 2023
33 points (88.4% liked)

Selfhosted

39258 readers
183 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz