KeePass vs. LastPass – Let the fight for your internet security begin
Comparing KeePass and LastPass is like comparing apples and apple juice. One is pure but has annoying skin that gets stuck between your teeth and the other is sweet and delicious but has a lot of added sugar. The analogy is terrible but true. Both of them are free and will store and enter your passwords on websites and can optionally work with some desktop applications with the use of add-on’s or a 2nd application.
KeePass is exceptional in its functionality but to get anything more than basic functionality will require about an hour of setup for the technically gifted user. For the less technically gifted it may require hours of trial and error to get up and running. LastPass on the other hand setups in minutes and then to integrate it into your favorite browser all it requires is for you to approve access to your browser. So if you’re not very technical then you really should consider going with LastPass.[/vc_column_text][dt_gap height=”40″][vc_column_text]
With KeePass your passwords are stored local database only. You will need to back it up manually or you can install plugins that will allow you to sync the encrypted database to your favorite cloud and backup server. You can enable dual factor authentication, use Windows certificates, RSA certificates and token based authentication via OATH HOTP (iPhone) and TOTP (Google) one-time passwords. You can even install plugins that allow you to automatically enter passwords for Putty, Remote Desktop, SmartFTP and Ubuntu Desktop. Each of these plugins will require extra setup. I can tell you from personal experience that some of these plugins do not come with very good documentation. KeePass is open source and we here at LiquidVPN like open source software. The obvious drawback is that documentation is usually hard to find.
When you are using the KeePass client you are presented with a traditional desktop application. Your passwords are held in a familiar file structure. You have complete control over the strength of generated passwords, notifications and custom fields to store any other type of data you can possibly imagine. KeePass has more features than 99% its users will ever use. Myself included.[/vc_column_text][dt_gap height=”20″][dt_gap height=”40″][vc_column_text]
LastPass is freemium software. Which means no one can actually look at the source code. That could be a strike against the software for some people. The advantage to this is there is much better documentation and the software remains consistent. When you click on the My LastPass Vault it brings you to a web interface. All of your passwords, credit card data, bank account information and spouses SSN numbers are stored in the cloud. LastPass says they can never see your data because it is encrypted with AES 256 bit encryption and is done locally and then sent to the cloud. I happen to believe they believe their claim but I am not an uber paranoid person to begin with. The thing I really like about LastPass is you can have it synced on all your desktop devices fairly easily. With KeePass you will first need to sync to a cloud to do this. Another neat feature is Offline Access which basically allows you to access your passwords without internet connectivity. With KeePass it’s not a problem but because LastPass is in the cloud it’s nice to know you can retrieve your data while offline.
As stated above the LastPass desktop shortcut actually brings you to a webpage to manage all of your settings. There are much fewer settings here. It is a very streamlined piece of software when compared to KeePass but it still has a lot of the great features KeePass has. The major drawback is you have to pay 12.00 per year to get the professional version. The Professional version allows multifactor authentication and installation on mobile devices. Another possible drawback is the fact that the desktop control panel brings you to a website and performs its spooky action at a distance aka in the cloud. You really have to ask yourself are you ready to keep all of your sensitive data in the cloud using proprietary software that has never been vetted by the security community? Hackers have targeted LastPass’s 256bit AES encryption before but LastPass quickly disclosed all their information and overreacted to the threat. This speaks well for LastPass. Getting hacked is the risk you take when using any cloud based service. Don’t go all anti cloud just yet. It’s not the clouds fault it’s the executives fault. For example Neiman Marcus’s executive VP Michael Kingston actually told congress that its anti-virus software was virtually useless. It didn’t detect when its credit card systems were being hacked. As a result, the company did not learn of the intrusion until the beginning of January, even though the attacks occurred between July and October. With executives relying on their antivirus solution to provide network security you can be sure that hackers will continue to target the same honey holes they are currently targeting. You can read more about that executive and the Targets hack here if you like. Overall LastPass has stood the test of time and has a good track record of being up front about their data policies.[/vc_column_text][dt_gap height=”20″][vc_video link="https://www.youtube.com/watch?v=9rZkAZWjvmI"][dt_gap height=”40″][vc_column_text]
So is LastPass as safe as KeePass if both are setup properly? No it’s not even close KeePass is the winner hands down. That does not mean LastPass does not have a stellar product and is not a completely viable solution for your password and data management. I would highly recommend going pro for 2 factor authentication to further secure your master passwords and for its support on smartphones and laptops. I purchased LastPass and set it up for my mom. I have also recommended it to some friends that do not have the technical knowledge to implement KeePass effectively. If you are ready to finally secure your passwords and the thought of entering API codes and changing some settings in XML files is new jargon to you then LastPass Pro with 2 factor authentication is the tool for you. Otherwise go with KeePass.[/vc_column_text]