When I tried to figure out why a stalker (see: www.onision.de) still can access my accounts and passwords after I reset the master password of Sticky Passwords, I came across a few quite peculiar identities.
Sticky Passwords is a security nightmare
Fun fact: Sticky Password deleted my paid lifetime account under my clicks. That likely means a stalker (Onision) either owns the company, or has hacked them. It comes out to the same, really.
- Even if you pick "Cloud sync", Sticky Passwords stores a local copy of your password file daily
- A reset of your master passwords doesn't remove access, if someone has your old master password and a copy of your password files. They can continue using it, even though the application has online access
- The company doesn't appear to be trustworthy. For that alone, you should consider if you want to trust them with all of your passwords, and keeping them secure.
- After my laptop and 2FA device have been “lost” at the same time, I found the security breach. First off, I nearly couldn't regain access to my account. Secondly, then I could without the use of my 2FA device.
Conclusion
A system (for instance, something you can remember, plus something specific per site/password) might be more secure.
