LessPass: An excellent Open Source password manager

Luigys Toro

4 minutes

In a world where we are forced to register on hundreds of sites with a username and password, in addition, where computer security experts recommend: «use different passwords for each site we register for«It is essential, the use of a password manager, safe, open and stable.

There are many trustworthy password managers, some proprietary and others open source, this time, we will talk about LessPass, excellent Open Source password manager, with extensions for browsers Firefox y Chrome.

What is LessPass?

It is a tool that allows us to manage our passwords, easily, quickly and safely, without the need for synchronization with any server. LessPass genera contraseñas únicas para sitios web, cuentas de correo electrónico, o cualquier otra cosa sobre la base de una contraseña maestra y la información que usted sabe.

LessPass es diferente a otros gestores de contraseñas que puedes encontrar en Internet porque:

  • No guarda sus contraseñas en una base de datos;
  • No necesita sincronizar sus dispositivos;
  • Es código abierto (el código fuente puede ser auditado).

The most remarkable thing about this tool is that computa las contraseñas, en lugar de generar y almacenar contraseñas aleatorias. 

La forma más sencilla de probarlo es utilizar su sitio web oficial para escribir el sitio a donde desea acceder, login y la contraseña maestra. La contraseña va a ser generada inmediatamente, por lo que sólo tiene que copiar (utilizando el botón o el teclado).

Pruébelo en su teléfono, en otra computadora, incluso fuera de línea, tanto como sea necesario, dará el mismo resultado. No hay necesidad de sincronizar.

Lesspass Password Manager

Lesspass Password Manager

LessPass features

  • It is a web application that works on all devices (computer, smartphone, tablet and smartTV).
  • Regenerate your passwords when you need them. No cloud storage required.
  • Robust and practical password generation algorithm.
  • It is open source. Therefore, your security can be audited.
  • It's free and it will always be that way.
  • Manage your passwords directly from your browserYou only need a site, a login and a master password to generate a unique password. There is no need to sync the password vault across all browsers and devices.
  • It allows the creation of complex passwords, including those that are necessary for Banks and other very secure websites.
  • You can change your passwords, without having to change the master password.
  • Puede alojar su propia base de datos LessPass si no desea utilizar la base oficial. In an easy and simple way.
  • Extensions for Firefox and Chrome.
  • It can be used directly from the console.
  • It does not use cookies or analysis tools (no Google Analytics, or links to external services). less pass

How to install LessPass

Hosting LessPass

Puede alojar su propia base de datos LessPass si no desea utilizar la base oficial. You only need to meet the requirements and ejecutar el comando de instalación, luego escriba su nombre de dominio y la herramienta hace el resto:

Requirements

  • docker
  • docker-compose

Installation

Run the following command

bash <(curl -s https://raw.githubusercontent.com/lesspass/lesspass/master/lesspass.sh)

Install the LessPass Cli

We canrear contraseñas LessPass directamente en la línea de comandos con nodejs. Para ello debemos:

Install lesspass-cli

$ npm install --global lesspass-cli

Use lesspass-cli

$ lesspass --help

  crea contraseñas LessPass directamente desde la línea de comandos

  Uso
    $ lesspass <site> <login> <claveMaestra>

  Opciones
      --lowercase, -l    true or false (default true)        
      --uppercase, -u    true or false (default true)    
      --symbols, -s      true or false (default true)    
      --numbers, -n      true or false (default true)
      --length, -L       int (default 12)
      --counter, -c      int (default 1)

  Ejemplo
    $ lesspass lesspass.com contact@lesspass.com 'mi claveMaestra' --length=14 -s=false
    onAV7eqIM1arOZ
lesspass-cli

lesspass-cli

Install LessPass in Firefox

We can access the official extension for Firefox from here.. Just install the application and start enjoying.

Install LessPass on Chrome

We can access the official extension for Chrome from here.. Just install the application and start enjoying.

Conclusions about LessPass

Without any doubt, LessPass is a different password manager, with a very innovative approach when generating, managing and "backing up" our passwords. The analysis of password generation algorithm, tells us that they tend to be too complex to be violated.

What I like the most about this excellent tool is its transparencyIt does not need our data to be synchronized in the cloud, it does not use cookies or send our information to third parties, it is widely auditable and above all it is easy to use.

Finally, I invite all readers to evaluate this tool and to leave us comments about it. I hope this article has been helpful to you and that you are starting to enjoy excellent password management as much as I do.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   erathor said
    ago 7 years

    https://youtu.be/sdlGy3kg2lM

    An analysis of the tool. It seemed too good to me. It encrypts so many variables and returns them only with 3 fields?

    What do you think?

    Reply to Erathor
    1.    Luigys toro said
      ago 7 years

      And this is one of the best things that open source has, the possibility of getting bug quickly and above all the capacity for improvement that we have every day, makes this the right path for these tools.

      Obviously this is a setback for this application, but it is also a step forward for the rest of the community who will now have new improvements in the security of their passwords.

      The creator of this application in the following link https://github.com/lesspass/lesspass/issues/88 he is giving his explanation of the mistakes made, but he is also broadly proposing an acceptable solution to solve the problem.

      He quoted the author: "We think no one gets it right at first, and thanks to community scrutiny and critical code studies, this type of tool becomes more robust the longer you live."

      We will use the full alphabet in the next version by default. We will probably increase the default length of the generated passwords.

      So in the future, we will describe (with pictures) the algorithm and its implementation. We will simplify the code to help everyone understand how it works. And we hope you continue to check for bugs and remain critical of your code. "

      Similarly, there is already a work for the v2 version of the lesspass algorithm that is being discussed and that can be tested here https://github.com/lesspass/lesspass/issues/89

      For my part, I believe that it is still an excellent tool, which I must continue to follow and as a user take the necessary precautions, so that my information is not compromised. I hope the new version will be updated shortly. And I will be attentive to communicate.

      Reply to Luigys Toro
  2.   erathor said
    ago 7 years

    Excellent! Thanks for the info ... I'm really interested in the tool and I'm glad that the errors are detected and in the process of being repaired.

    Thank you.

    Reply to Erathor