Looking for a new password manager: Part 2: LastPass

In Part 1 of this series of posts, I told you what I was looking for in a password manager, and documented some of the failings of the first one I tested—1Password. I haven’t ruled out 1Password yet as it does have a Windows app, and that’s what I’m used to. I’m a bit wary of web-based apps only. That said, my next test, and the topic of this post was LastPass, which is a web-based app.

As for 1Password, I only downloaded/installed the free trial of LastPass and tested some of the functionality that I wanted. I didn’t download the Android app for it, but I did install the browser extension (it was required, so I couldn’t avoid that). My first tests were to see how easy the interface was to use, whether I could import my Passwords Plus (PP) data, what sort of template/categories it used, whether I could customise fields/field labels to suit my data etc. (As an aside, when I went to create an account, LastPass told me there was already one for my email address… it took several tries, but I finally jagged my ‘master’ password and was able to open the trial I had set up in 2011 with 70+ records and never touched since!! Because I already had this account, I wasn’t asked to enter payment credentials, though I’m not sure that’s the case for totally new users.)

Here are the results of my testing (no particular priority order):

• No separate Windows app. This might be a showstopper* for me, but we’ll see. The browser app (I use Chrome) was easy to use and navigate.
• The date field is MMM dd, YYYY, but you choose the months from a drop-down lists, so it’s easy enough for a dd/mmm/yyyy user to use.
• I could add a custom category, with the fields I wanted, and in setting up those fields, I could arrange them in the order I wanted on the form. NOTE: Once saved, you cannot edit this form, only delete it, so make sure you add everything you need when you set it up, PLUS a Notes field for all other info. I successfully set up one for Product Information. Records added using custom forms are listed under ‘Custom items’ in the left navigation pane. This was a big plus for me.
• Some records have the ability to add extra fields, but I couldn’t figure out which ones they were—all were listed under Notes, but not all Notes records had editable fields. I *think* only those records I’d imported that had URLs, usernames, passwords etc. might have this ability, but I need to test further. For those that I could add fields to, when you add them, you can’t rearrange them in the order you want, so you have to get them right first.
• Speaking of importing:
  • PP was NOT an import option type for LastPass, and the CSV file I’d exported from PP had NO records that LastPass recognised when I tried to import it.
  • However, in my testing for 1Password, I’d converted a PP CSV file to 1Password’s *.1PIF file and that imported fine into LastPass. That’s a massive timesaver!
  • NOTE: Almost all the imported records went in as Notes records (called Secure Notes in 1Password), with limited splitting out into fields. Each record was tagged with the category it had in PP, but I can’t see any way to add tags to LastPass, except manually in the Notes field. Such ‘tags’ are searchable as part of the full-text search capability in LastPass, but as they are entered manually, there’s no master list of tags to choose from as you start to enter one (1Password has tagging capability).
  • Some records just didn’t import at all. They likely got lost in the conversion from PP to 1Password, and so don’t appear in LastPass either. This means I have to manually double check every one of my ~500 records to make sure everything has been captured. (Update: The PP export had all my passwords, but only ~380 were imported into LastPass. I don’t know whether they got lost in the conversion to the 1Password format, or because they got lost when importing from that format into LastPass. There’s no direct PP to LastPass import option.)
• You cannot take an existing record (e.g. an imported Notes record) and apply a different category to it—as with 1Password, you have to copy/paste the record details from one record into the correct template. And being a browser-based application, this is difficult as when you click away from a popup window it closes!! Much copy/pasting is involved (likely with Notepad as an interim point), so it might be easier to start from scratch and do each PP record one at a time direct from the application, especially as some 100 records didn’t import at all and all have to be checked anyway. NOTE: I think this is going to be the same with ALL password managers I test—it certainly is the case with 1Password and LastPass. I might not be able to get away from the manual entry of everything into another password manager, so I’d better select the best one for my needs and way of working.
• Exporting data:
  • You can export to a CSV file, but you ONLY get minimal information exported—URLs, usernames, passwords, but NO notes or other information. Notes are where I store a LOT of information so this is a showstopper for me—I’d want an easy way to export ALL my data to change to another password manager, if I decided I didn’t like LastPass.
  • You can also export to an encrypted LastPass file, and they say this keep all your notes, but I didn’t test it. I couldn’t find anything much on the internet (I didn’t look for long) about converting an encrypted LastPass file to another password manager’s format. This is a potential showstopper for me as I don’t want to be locked forever into one system, or have to manually enter my ~500 records—again—into another system at a later date.
• Different vaults: You can set up separate vaults, but can only search within the active vault (user). I think I’d prefer to use folders and the full-text search across them all. Folders seem handy for organising your passwords and are fully customisable. 1Password’s equivalent seems to be Collections.
• Supposedly you can use the browser and mobile versions of LastPass if you are offline and don’t have a connection (e.g. on an international flight, in an area such as a hospital where you may not have access but still need to give personal details to someone). I didn’t test this.
• With the LastPass extension turned on in my browser, some websites seemed to take longer to load. This may or may not have been related to the extension and more testing would be needed to see if that was a causal correlation or not. It was a minor annoyance.

Overall, LastPass is showing promise as a replacement, but if it can’t export ALL data to a format that can be converted and imported into another system that’s a concern for me. And the lack of a Windows app is still a concern too.

My next test will be of Dashlane and then mSecure, the one PP recommends as a good substitute.

* Note: ‘Showstopper’ is a common term in the software industry and refers to a bug that prevents the system from working, or a piece of functionality that doesn’t work as it should and prevents the user from going further, either because the function is broken or because it is deemed essential *for that user*.

Looking for a new password manager: Part 1: The search and initial testing

After some 15 years, the password manager I’ve been using every day (Passwords Plus [PP] from DataViz) is finally closing up shop (https://dataviz.com/passwords-plus-discontinued). They sent out an email last last week to say that support (which I’ve never used) will cease at the end of June, and the cloud storage will cease/be deleted at the end of December 2022. They decided NOT to go for a subscription model. It’s such a shame as this is software I use every day, it auto syncs with my Android tablet and phone, and I’d be happy to pay a subscription for it. DataViz has recommended another password manager (mSecure) and offered a special discount for it for the first year, but before I jump into signing up for that, I needed to do some research.

This will be a long series of posts as I’ll document what I did, what I’m looking for, etc. and what the showstoppers are for me (i.e. the things that I can’t accept and that will eliminate that software for me; Note: ‘Showstopper’ is a common term in the software industry and refers to a bug that prevents the system from working, or a piece of functionality that doesn’t work as it should and prevents the user from going further, either because the function is broken or because it is deemed essential *for that user*).

My first step was to find out a little more about the offer to switch to mSecure recommend by DataViz. DataViz says that mSecure can import all my PP data, which I’ve found out is a BIG deal for me—I have some 500 records in PP, though many aren’t passwords. Some of the non-password info I store in PP includes product information (manufacture, model and serial #, date and place purchased, warranty info, other notes about the purchase or sign-up details for registering the product, manufacturer’s URL, support email/phone etc.), software info (similar to the above, but with fields related to software such as version number, registration key etc.), identity info (e.g. passports, drivers licences, Medicare cards for me, my spouse, my parents), banking info for various accounts, computer and network info (IP addresses, MAC addresses, etc.), extensive notes for various things like Microsoft Partner Network (which changes URLs and passwords all the time), and so on. I use PP for much more than just managing logins on the web, so whatever password manager I choose HAS to have the facility to store (and preferably import) my existing data.

One of the things PP does really well is provide a big range of templates for filling in basic info related to that template, AND the ability to create your own templates. And once you’re in a record, you can add, delete or modify fields and field names too, and set field types (e.g. password, date field etc.). I didn’t realise how much this was important to me until I started looking at other password managers—many do not have this ability and I’ve realised that’s become a showstopper for me.

PP can also export your data into an unencrypted CSV file. This will become important later, but for now, know that I’m not at all keen to copy/paste all 500 or so records from one password manager to another (each record can have up to about 10 fields and extensive notes, so that could well be some 5000+ bits of information to copy/paste). So a password manager that can import my PP data, with minimal cleanup (yes, I expect some cleanup, but it must take less time than copy/pasting!), will gain extra points.

I posted on Facebook that I was looking for a new password manager and my techy friends came good with some suggestions of programs they use, which narrowed down my options. The main ones they mentioned were (in no particular order): Dashlane, 1Password, LastPass, and BitWarden. I’ve spent the last two days reading review articles on each, watching YouTube videos, checking product pages, lists of features, forums, comparisons etc. All seem to do the basics of managing website logins and personal data, but the lack of detail about creating custom categories/templates, custom fields, importing data from other systems (particularly PP) was telling. And none seemed to offer templates/categories for things like product information. The sample CSV import templates were minimal at best, just including URLs, usernames, email addresses and passwords. I have MUCH more data than that I’d want to import. Interestingly, the password managers recommended by my friends all appeared in the top 5 or 10 lists of password managers.

A note on prices: Price was NOT one of my main criteria. Most password managers cost less than US$60 per year, with many costing less than US$40 per year. I also didn’t need a ‘family’ plan, so my cost would be for a single user with multiple devices. It’s a product I use every day, so a price point below $100 is fine by me.

mSecure

I’m going to test mSecure last. Why? Because it barely cracks a mention on the internet, and is not listed in the top 5, top 10 or even top 20 lists of password managers compiled by various reputable computer and other geeky websites. I’ll also leave it until last as it’s the one that offers the closest match to PP and I want to test others that are in the ‘top’ lists first to see if one of those will suit me. And the most recent videos about mSecure on YouTube are 8-10 years old—this doesn’t augur well…

1Password

I started with this one as it had a couple of features that looked promising, specifically its travel vaults for use when travelling overseas and it has a Windows app that’s separate from (but synchs with) the website interface and your devices (a Windows app is my preference). To date, I’ve only tested the Windows app and the website interface via the 1Password website (https://my.1password.com). I have not installed the Chrome extension, nor have I tested it on my Android devices as yet. My first tests were to see how easy the interface was to use, whether I could import my PP data, what sort of template/categories it used, whether I could customise fields/field labels to suit my data etc. While it seems easy to use and the synching works seamlessly, I encountered some issues with it that may be showstoppers for me. Specifically:

• The free 14-day trial isn’t exactly ‘free’. You have to enter your details, including a credit card, before you can download the software/start your trail. They say you won’t be billed in the 14 days and that you can cancel (not yet tested).
• The Windows app uses the mm/dd/yyyy format for any date field and there’s no option to change it. It displays as MMM dd, YYYY in the 1Password website, so this isn’t a complete showstopper for me, but it is an annoyance as I have to remember to convert my dd/mm/yyyy dates to mm/dd/yyyy.
• I can’t add custom categories at all, nor change a category for a record once it’s been filled in. The templates/categories they have is all you get. You can work around this by setting up a Secure Notes record with as many fields as you like and you can change the names of the fields from say ‘text’ to ‘Model #’ to suit how you want to display your data. But it’s cumbersome and incredibly time consuming. I did find a forum hint that suggested you set up a Secure Note record as a template (e.g. Product Information Template) with the fields and field labels required and with dummy data (such as xxxx for each field), then save that. When you need to add a new product, duplicate that record and populate it with the new information. That’s a reasonable workaround, but could be avoided if you could set up your own categories/templates with your own fields, as has been able to be done in in PP for the past 15 years. Below is the list of available categories in 1Password—for many people, things like API, crypto wallet, outdoor license, server are just not relevant, but you can’t add more or delete those you’ll never use. And the wording? You can’t change that either—so things like Social Security Number just don’t match for other countries, though you can add/modify/delete the fields. I foolishly added a record for a piece of hardware (a network hub’s details) under ‘Wireless Router’ as it seemed the closest, but it’s now stored forever under the Wireless Router category and I can’t change that without deleting the entire record and creating it anew under secure Notes, which seems to be the only really customisable area, but which has an unintuitive name. Not a showstopper for me, but a major inconvenience.
  
  
• Once you add fields to a record, you can’t rearrange the order of them to display more like you’d want. For example, if you add a new text field for Serial #, then another for Model #, you can’t later go back and move Model # to display before Serial # in the record—you have to delete both entries and start again. Actually, if you’ve added say 6 fields and you want to change the order of the top 2, you have to start again from scratch because any additions you make get added to the bottom of the list. This certainly isn’t very usable. not a showstopper, but a major inconvenience.
• Changing master password: I was able to change my master password in the app. But when I went to see if that had synched with the website interface, the system was down for maintenance. I tested later once it was up and had to enter my old password in the website interface even though the new password was in the app. At some point, the website interface changed to match the app, then I couldn’t get into the app with the new password and had to use the old one. I’m still not sure if they are synched. NOTE: I eventually had to change my master password via the website interface under my profile, not my login settings. The app logged me out straight away and got me to use my new master password. So it worked but it certainly wasn’t intuitive.
• Exporting data: One thing I found out is that you can ONLY export basic website login details to a CSV file. NONE of your notes or other fields will get exported. I believe the export to their own proprietary format does keep everything, but that’s not of much use if you need to change to another password manager, though it may be useful if you want to keep a local backup of you data. This is a showstopper for me.
• Importing is limited to a very basic CSV containing logins and that’s about it. I did find a forum where someone has gone to a lot of trouble to make a converter for PP data (and data from other password managers) for importing into 1Password (https://1password.community/discussion/30286/mrcs-convert-to-1password-utility-mrc-converter-suite). The instructions in the Readme file are pretty geeky as you have to download some particular Perl software, install it, then do some command line stuff as an admin to do the conversion. But after about 20 mins I had a 1Password-formatted file of some 500 records to import. And then I found there was NO import function in the Windows app, and the only import type on the website interface was for a basic CSV file. A bit more searching and I found that the current Windows app (v8) DOES NOT allow the import of *.1pif files! Only v7 of the app allows that (see https://1password.community/discussion/125389/how-do-i-import-a-1pif-backup-into-1password-8). This is a showstopper for me.

I’ve now given up on testing 1Password any further and will test LastPass and Dashlane next, followed by mSecure. The results of that testing will be in other parts of this series of posts. I won’t cancel 1Password just yet—I’ll see how the others suit my needs first.

Update 4 May 2022: I’ve now deleted my 1Password account. Why? Well, it came second after LastPass for me (still to test mSecure) AND because it has a key combination that opens the app on Windows every time I use that set of keys. And what key combination is that? Ctrl+Shift+space, which is a STANDARD key combination to add a non-breaking space in Word for Windows that I use EVERY day and often many times in a day in my editing work. To have the app open instead of adding a non-breaking space was just horrible.

18 million hits

Another million views milestone was passed yesterday morning

 

External HDD disables mouse when plugged into USB hub

I upgraded a powered external desktop hard disk drive (HDD) from a 1 TB, USB 2.0 connection to a 2 TB one with a USB 3.0 connection (these weren’t new external desktop HDDs—I was just changing how I used my various HDDs).

But each time I plugged in the 2 TB drive, I’d lose my mouse (and likely the other devices plugged into a 7-port USB 3.0 [unpowered] hub). It would just disappear from the screen. I could press Ctrl to identify where it was supposed to be, but the icon was gone and moving the mouse and clicking buttons didn’t get it back. Removing the USB cable and reseating it didn’t work, nor did a restart, only a full shutdown and reboot. I had to do this a couple of times over a couple of days, so I decided to find out what could be the possible cause, because I didn’t want to have to do this every time I wanted to use that 2 TB HDD.

Basically, it relates to power. From what I read online, an unpowered USB hub (i.e. gets its power from the computer, not a wall outlet) has limited power capacity for the devices attached to it, so small devices that draw very little power, such as a wireless mouse, keyboard, USB webcam, and the like are no problem. But if you plug in an external HDD, the power draw is too much and something has to give. One solution I found was to purchase a powered USB hub (i.e. plugs into a wall outlet and draws its power from there, not the computer), and I started to investigate getting one of those.

And then I remembered what my sequence was when plugging in the old 1 TB HDD with the USB 2.0 connection—I always plugged the USB cable into the hub first, then plugged the HDD’s power cord into the wall. That’s what I did from habit with the 2 TB, USB 3.0 HDD too. Once I figured it was related to power, I wondered what would happen if I plugged the 2 TB HDD into the wall socket FIRST and then into the USB hub. That way the HDD was already on power and didn’t need to draw any power from the hub. And it worked! I think the old 1 TB drive with its USB 2.0 connection just didn’t draw as much power and so the hub was OK with it. But the bigger drive (also a different brand) with its USB 3.0 connection likely drew too much from the hub. And that would explain why a reboot allowed both to co-exist too—the HDD was already plugged into the wall socket when I rebooted, so plugging in the USB cable after bootup worked fine and didn’t disable the mouse.

I seemed to have solved it without having to purchase anymore crud to go onto my desk—that’s always a win!

I just have to remember to plug the power in first and then the USB cable each time.

Time on my VOIP phone keeps changing

We recently replaced our previous ‘landline’ NBN-compatible Panasonic handset with a new one—a Telstra Call Guardian, which aims to screen calls and thus minimise the amount of robocalls, scam calls, ring-and-then-hang-up-when-you-answer calls etc. you get. So far, it seems to be working great, and the coloured screen and lit buttons are easier to read too. When I got the phone, I set the settings that I could figure out without the manual, including the time and date.

But no matter how many times I set the time, after a few minutes it would revert to Australian Eastern Time. There was NO setting for time zone in the phone that I could find, so I couldn’t set it for Australian Western Time. I must’ve reset the time a dozen times before realising that what I was doing was futile. I was going to call Telstra to find out what the secret was, but then went Googling, where I eventually found an obscure forum thread on Whirlpool (an Australian tech forum) about another brand of handset that kept resetting to GMT! And way down in that thread was the information that seems to have fixed my issue.

Because these phones are NBN-compatible and plug into the router, NOT the phone line at the wall, some brands of phone will take some settings from the router, including the time zone. Perhaps that was it? I logged into my router and eventually found the time zone setting (if you’re using an iinet router, look under Gateway). And the router was set for Sydney time! Before I changed it, I emailed iinet support to find out if changing that setting would change anything else (e.g. times on the server or the PCs), and they said it wouldn’t, but that it could affect any times I might have set on the router to restrict a child’s use after certain hours. Well, that didn’t apply to me, so I went ahead and changed the time zone on the router (I didn’t need to reboot). I then changed the time (again) on my phone.

And 30 mins later, the time is holding! It looks like I’ve solved it.

(You might wonder why I even bothered. Well, sometimes you need an audit trail of when you made or answered a call, or to check when a missed call came in. If the time is 2 hours out [3 in daylight saving time], then that audit trail is totally wrong.)

Finding devices and IP addresses on your network

This YouTube video shows different ways to see and identify the devices on your network: https://www.youtube.com/watch?v=hW6F2tflfNk and is a good starting point.

However, the video’s net view step didn’t work for me, but the remainder of the information before the promotion of various software apps sis work. Here’s what I did:

1. On the Start button type cmd, then right-click that option in the list and select Run as Administrator.
2. At the command prompt, type arp -a to list all the IP addresses currently active on your network. (Note: Devices that are turned off will NOT be listed.)
3. Optional: If you want to keep this list for the next steps, press Ctrl+a to select the text in the Command window, then Ctrl+c to copy it to the clipboard, then open Notepad or similar and press Ctrl+v to paste it in a document.
4. Once you have the list of IP and MAC addresses, you can ping each one to see what device it represents.
5. Type ping -a [IP address], for example, ping -a 192.168.0.12
6. If you want to check each one, press F3 at the next command prompt to repeat the line entered at Step 5, and change the IP address number to the next one in the list.
7. Assuming the device is found and has a name, it will be listed. You can then match up IP addresses with the devices you have.

You can also look up MAC addresses to find the manufacturer of the device at: https://maclookup.app/

NOTE: There may be an easier way to do this all in one step (add to the comments below if there is), but these steps worked for me.