Is LastPass safe?

Discussion in 'other software & services' started by aigle, Sep 15, 2010.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Any one using it? What u think? I wish they had an option forlocal storage instead of online storage. I wanted to use it with chromium.

    Thanks
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    The big advantage of LastPass is the fact that your passwords are available across multiple browsers and computers. Encryption makes the process safe enough IMHO, but if you don't need the flexibility you could use something like Keepass which stores your encrypted data locally.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I love it.
     
  4. ShaneR34

    ShaneR34 Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    107
    I've been using it for quite sometime now.

    It's the first addon I install and one of the few (maybe the only one) that I recommend to everyone.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Putting all my password on a website makes me a bit uncomfortable. Otherwise it seems nice.
     
  6. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    Steve Gibson (Shields Up, SpinRite etc) gives a very thorough run-down of LastPass in this episode of Security Now.
     
  7. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    917
    It looks seure on paper but... I wanna keep my safe files in my keepass period
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    ye, it all comes down to what ur comfortable with, i know lastpass is fantastic for me and works perfect, but some people just wont ever go for the idea behind it
     
  9. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    I know all the love is for Keepass, but I still love RoboForm PRO. Keepass can't touch it. As for Lastpass, I think the technology behind it is sound. In fact, Roboform has a cloud service as well. With all the encryption being done locally, on your own computer, I would feel safe with it. The implementation of Lastpass has won some rave reviews. I've thought of giving it a try with throwaway accounts or low-security stuff just to see what the fuss is about.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I think it's important to understand the innate vulnerabilities. Password managers like LastPass and Keepass require a master password and once it's entered the whole password database is exposed. Not only does the master password need to be strong you also need to be careful where you enter it. Because LastPass is web based there's the temptation to access it from computers which may be compromised. If a keylogger grabs your master password you're in much worse shape then if it grabs one password for a web site. I handle this by using passwords I can type for accounts (such as email) I may need to access from potentially compromised computers instead of logging into LastPass. Password managers that store the database locally are vulnerable in the same way, but the difference is you can make sure your own system is protected against keyloggers.

    Password managers solve one of the biggest problems with passwords, which is people using the same weak one everywhere because they can't keep track of multiple strong passwords.
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Good points, except Lastpass has that covered with OTP. They even have a screencast to address this issue:
    https://lastpass.com/support_screencasts.php?feature=onetimepasswords

    You can create several (as many as you need) OneTimePasswords before you leave on a trip or whatever. You can use each OTP....surprise....once! That's it. Keyloggers defeated. That screencast is good. It's only 2 1/2 minutes long and explains it well. These guys really are good.
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    dont forget u can also enable Grid Authentication which makes it that much harder for any keylogger or screenlogger to get into ur account since it asks for different grid values each time, so even if a screenlogger gets it the first time u log in, it wont work next time it tried to log in since it will ask for different grid values.

    its a highly secure service.
     
  13. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    I have been very, very hesitant to even consider a web based password manager approach. But I am going to do so in the coming days mainly due to the podcast The Seeker listed. While some don't care for Steve Gibson, I do. If he feels this strongly about something, I am willing to consider it...
     
  14. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Same.
    Seems they have thought through the problems and senarios.
     
  15. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.