LessPass: A Password Manager That Doesn’t Know Your Passwords

I have recently started using LessPass for all my important accounts. What is LessPass? It’s a password manager, but unlike other password managers, it doesn’t actually know any of the passwords you have stored in it.

Okay, that doesn’t make any sense. How does it actually work? It securely hashes the settings you define, including the site name, username, “master” password, and some other things such as the number of characters in the password, and allowed character groups in order to generate a secure password. It does all this within your browser and without contacting a remote server. This is where things get interesting. Instead of saving the password, you just enter the same information again, and it regenerates the same password. You can set up an account with the LessPass Database which will let you store the settings for many sites and quickly recall them. It still does not remember your master password, and therefore has no way of actually getting the final passwords that it spits out. Of course, if you still don’t trust it, the database account is completely optional, and you can host your own pretty easily too. I really like LessPass, it allows me to never use the same password for any two sites like I am always told, have a nice password manager, and still not have any of my passwords stored in any databases. I think this is a far more secure system than LastPass or any other password manager on the market.

If that sounds cool to you and you want to give it a shot, you can try it out over at https://lesspass.com/. There is an applet you can use in real time right on the site, and you can also install it as an extension on Chromium and Firefox based browsers. There is an Android app for it too so you can always have your password manager with you. Of course, it’s also all open source and on GitHub (both the applet and the database) so you can host your own or make any changes you like.

An Exploit

Regrettably, some sort of exploit has allowed some of the posts here to be edited by an unauthorized party. For now all posts have been made private, and I will restore them all once I have everything worked out. The security of the site was compromised, and I must take responsibility. It seems the flaw existed somewhere within WordPress itself, and luckily, it has recorded all of the changes. I probably should have been keeping on top of updates more, but I didn’t, and now I have some serious work ahead of me. I will be restoring all posts to their original state as soon as possible. I apologize for any inconvenience and will be taking further steps to make sure it never happens again.

The only content affected was the body of some of the posts. Pages and other content was unaffected. We currently have no reason to believe that any private information including user data or any other information was leaked or vulnerable at any point in time.

Update: I have gotten all posts back to February 2016 repaired and re-published. It appears that no post older than February 2016 was affected, however I will still keep them quarantined until I can confirm that no other posts were affected.

Update 2: I have now confirmed that posts between February 2016 and October 2015 were not affected and restored them. Back to the grind.

Update The Third: As I feared, a few more posts that have been modified have popped up. Now all posts dating back to August 2013 have been repaired and re-published. That includes this post, which is great. 🙂

The Fourth And Final Update: A small handful of other posts were altered, which have now been repaired, and all posts have successfully been restored. Once again, sorry for the inconvenience.

Hard Reset: A Post About Personal Bullshit That You Should Under No Circumstances Read

Hi, it’s been a while, hasn’t it.

This post is just me talking a little bit about the past and future of this blog and posting some random retrospectives and personal bullshit about my life. I realize that nobody fucking cares about this, but I feel it’s important to post it for the reasons described in the post itself.

Continue reading “Hard Reset: A Post About Personal Bullshit That You Should Under No Circumstances Read”

Princess Kitty Cupcakes

princesskittycupcakes_nobg

Hello. My good friend, who goes by the screen name of Princess Kitty Cupcakes, has recently started live streaming games on Twitch. I of course want to support my friends, plus I find his streams pretty entertaining, so if you like live streams, you should totally check it out.

The stream is embedded below for your convenience, but your browser needs HLS support for it to work. 😉

Continue reading “Princess Kitty Cupcakes”