sungo_enothereApr 21, 2017

"Lastpass is storing the 2FA secret seed under a URL that can be derived from your password. This literally beats the entire purpose of 2FA which, as mentioned above, is a layer of security to prevent attackers already in possession of the password from logging in"

http://www.martinvigo.com/design-flaws-lastpass-2fa-implementation/

Show threadShellkr
@sungo I use Pass (passwordstore.org) which kinda excellent for it's simplicity. It use GnuPG and Git. Which means it is pretty much the most portable password manager out there. Another + is that it doesn't use a database (Keepass) but decrypt only the password you need.
Apr 21, 2017 at 8:43pmWeb