It is a sad story. Keeping it in legendary meme status is the best way to remember it IMO.
- 0 Posts
- 11 Comments
Joined 1 year ago
Cake day: July 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Temple OS
For standard notes, its got an auto-export plaintext file option on desktop. Were you wanting two-way editing of plaintext? (e.g. Auto export and import)
It avoids the need for cloud storage.
If I’m out somewhere, with no device on me, I can still generate my passwords
The abbreviation method LessPass uses works pretty well. Its usually only a problem with a re-branding, like how wefwef changed to voyager. When that happens it’s not too big of a deal, I just change it to the new thing.
What is a big problem with the URL though is login portals. Like when it’s some conglomerated system that involves a million redirects, and/or a “login with XYZ”. They can get some really weird URLs that have nothing to do with the actual site and those are a real pain.
#3 isn’t true. There’s a username field, so you just put in the username of the alt accounts.
Your point about the master password and two factor is a good one though.
In practice password restrictions are rare (like 1% of sites), but they are problematic when they happen because there’s so many different ways to restrict passwords and trying all combinations is impractical. Needing the counter is exceedingly rare. Remembering the username isn’t a problem, but if you don’t have a consistent policy of always-using-a-username or always-using-the-email (as the lesspass username) it can be difficult to remember that. Similar situation with the URL, if it’s not abbreviated consistently, then it’s a problem.
That said, I still use LessPass for everything and just deal with the edgecase problems.
Despite what others are saying, I’ve been using it for a couple years and it can work great if you’re okay with the trade-offs.
Of the three (Integrity, Confidentiality, Availability) it has better availability than cloud storage which is what I care about. Even when the LessPass site is down, there’s an IPFS version, mirrors, local cache, etc so it’s basically always possible to derive any password.
At a user level, it’s very impractical (and a slight risk) to always retype the master password at every single login screen. However, letting the local autofill save the password doesn’t defeat the point of LessPass. Why? because, if you only use local storage, and you’re traveling and your phone breaks, you’re now locked out of every account. With LessPass, you’re fine as soon as you get an internet connection.
There are a few caveats.
- There’s no global 2factor. Loosing the master password means every site that doesn’t have its own 2factor is instantly fully exposed.
- I do agree there are a few sites where the default options don’t work because of the character restrictions. It’s about 1.2% of websites in my experience, but they are painful exceptions. Basically you have to rely on memory to be able to pick those same settings again. I recently wish there was a unified dataset of which websites had password requirements, and then LessPass would auto check the necessary boxes when the website URL was pasted in. Maybe one day.
- Changing your master password requires changing every single website. If you don’t, then it’s impractical to remember what password was used for what site.
sd or nothing. I’m never dealing with sed’s slow and out of date regex ever again
Fair, I did miss that requirement