LastPass seems to have vulnerabilities discovered [every few years](https://en.wikipedia.org/wiki/LastPass), is currently [buggy on Android](https://play.google.com/store/apps/details?id=com.lastpass.lpandroid&hl=en), and is subject to [Five/Nine/Fourteen Eyes](https://en.wikipedia.org/wiki/Five_Eyes) surveillance.
It seems like an encrypted password text file on Dropbox would give similar security without being a continual high-value attack target, but nobody seems to recommend this method.
Presuming passwords of equal security, which method is more secure? Please ELI5!
In: Technology
Probably LastPass. LastPass servers are designed with sensitive data in mind, while Dropbox’s are not (presumably). However, “encrypted password text file” is extremely vague. There is a motto in cryptography communities, “never do your own crypto”. It’s such an incredibly complicated subject, and there’s a million different attacks that you haven’t heard of that you’re almost always better off using code that’s been reviewed and stress tested hundreds of times already. If you’re concerned about LastPass’s security, you may be interested in other password managers. BitWarden is open source and therefore had it’s code reviewed by thousands of contributors. There are also other alternatives, but any of them will likely have been better built than whatever system you throw together with Dropbox.
Latest Answers