Hey there
@JayneG thanks for your message.
Im still surprised how much traction this post created and I that it's not an upfront topic brought to the forefront by LP. It does seem a little avoided..and its a BIG one IMO.
If i'm honest it brought up a LOT and I explored tonnes of options.
I disagree with
@GlennD comment:
"If that happens, as long as you know your Master Password you will be able to sign into your LastPass account from another device and access your data."
This assumes you have authorised another device. I know at the bottom of your thread you say "you advise" but this can easily be taken as not necessary, because its only ADVISED.
From my testing and all these chats if you do not have another approved device then you cant access LP without an email confirmation which if you dont know your email pass (because its in LP) then you are sc**wed. There is no one red magic pill though as GlennD and others said and LP final response was for me to remember my MP and my email PW.
Where did I end up?
Well I now run TWO managers, LP and MyKi.
Why? I choose MyKi because...
1. There is no cloud, which is a concern for me. I do trust LP and their vault, but I always have concerns with anything that is cloud based. Esp for the level of importance I place on my PW's.
2. They have BUILT IN 2FA, this is SOOOOOOOOO good. I mean its super slick and was a massive sell feature for me.
3. I can manage multiple clients, all giving them difference "companies" so I dont see 50 logins for one site. LP has identites, but switching between this is a faff. So for me, the use case of MyKi just really served.
PROBLEMS...
1. MyKi store a LOCAL encrypted 256 file on my computer. So everday it backs up. To restore a backup, a bad actor would need to gain access to the file, a dedicated mobile number I use, they need to receive a text code sent to it and then restore it in MyKi software and then a pin to unlock it. So i feel confident that its safe.
...BUT...i 100% need to look after that file. Which brings a whole host of different problems.
However, dealing with those problems, is actually much easier than my LP problems (for me).
2. I still run LP. So I have both on the go. And my iphone can only allow ONE password manager. So I cant run LP and MyKi on my mobile. But im ok with this ATM. I have not moved over cause im still new to MyKI where as I have like 7 years with LP and right now I trust LP in general, more than MyKi (but only due to experience and the fact that i have less exp in managing the backup and what to do in the event of a problem with MyKi).
NEXT STEPS
I will run some scenario's see how MyKi responds, what I would do, etc etc.
There is no magic red pill.
It is a layer approach.
If you do not consider yourself very techie, MyKi might not be for you.
The responsibility of managing a backup file is a lot.
Personally, for ease, my suggestions to others i've spoken to is...
1. If you are securing your LP with 2FA, then save a backup code somewhere you can gain access. Or use a system that is not LP Authenticator so you can restore something. Many use AUTHY, as it backups. But remember every backup to a cloud poses a risk. I suggest a physical copy of a backup code with someone you trust or hide it deep in an email structure and/or phone contact so you could find it (using your memory to locate it on your device only! - this assume your email has not 2FA)
2. Keep hold of your LP MP and email PW. From what I know, a VERY long password only made up of words/numbers (like a big sentence) is more secure than an 8 character PW that is random generated with symbols. Confirm this, but my point is you can have security for PW's without complexity. This was you can access your email if you don't have a browser or computer already authorised to access your LP account
3. Authorise as many trusted devices as you can. So that you dont NEED your email PW.
All of this is my personal opinion.
I do like and trust LP, very much.
using MyKi has made me see how date LP is in some ways, but that doesnt mean new and shiny is better.
I hope this was helpful.
Kind regards
For a greater world for us all.
x
