Is LastPass safe?

Discussion in 'other software & services' started by aigle, Sep 15, 2010.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Any one using it? What u think? I wish they had an option forlocal storage instead of online storage. I wanted to use it with chromium.

  2. Victek

    Victek Registered Member

    The big advantage of LastPass is the fact that your passwords are available across multiple browsers and computers. Encryption makes the process safe enough IMHO, but if you don't need the flexibility you could use something like Keepass which stores your encrypted data locally.
  3. MrBrian

    MrBrian Registered Member

    I love it.
  4. ShaneR34

    ShaneR34 Registered Member

    I've been using it for quite sometime now.

    It's the first addon I install and one of the few (maybe the only one) that I recommend to everyone.
  5. aigle

    aigle Registered Member

    Putting all my password on a website makes me a bit uncomfortable. Otherwise it seems nice.
  6. The Seeker

    The Seeker Registered Member

    Steve Gibson (Shields Up, SpinRite etc) gives a very thorough run-down of LastPass in this episode of Security Now.
  7. korben

    korben Registered Member

    It looks seure on paper but... I wanna keep my safe files in my keepass period
  8. firzen771

    firzen771 Registered Member

    ye, it all comes down to what ur comfortable with, i know lastpass is fantastic for me and works perfect, but some people just wont ever go for the idea behind it
  9. LockBox

    LockBox Registered Member

    I know all the love is for Keepass, but I still love RoboForm PRO. Keepass can't touch it. As for Lastpass, I think the technology behind it is sound. In fact, Roboform has a cloud service as well. With all the encryption being done locally, on your own computer, I would feel safe with it. The implementation of Lastpass has won some rave reviews. I've thought of giving it a try with throwaway accounts or low-security stuff just to see what the fuss is about.
  10. Victek

    Victek Registered Member

    I think it's important to understand the innate vulnerabilities. Password managers like LastPass and Keepass require a master password and once it's entered the whole password database is exposed. Not only does the master password need to be strong you also need to be careful where you enter it. Because LastPass is web based there's the temptation to access it from computers which may be compromised. If a keylogger grabs your master password you're in much worse shape then if it grabs one password for a web site. I handle this by using passwords I can type for accounts (such as email) I may need to access from potentially compromised computers instead of logging into LastPass. Password managers that store the database locally are vulnerable in the same way, but the difference is you can make sure your own system is protected against keyloggers.

    Password managers solve one of the biggest problems with passwords, which is people using the same weak one everywhere because they can't keep track of multiple strong passwords.
  11. LockBox

    LockBox Registered Member

    Good points, except Lastpass has that covered with OTP. They even have a screencast to address this issue:

    You can create several (as many as you need) OneTimePasswords before you leave on a trip or whatever. You can use each OTP....surprise....once! That's it. Keyloggers defeated. That screencast is good. It's only 2 1/2 minutes long and explains it well. These guys really are good.
  12. firzen771

    firzen771 Registered Member

    dont forget u can also enable Grid Authentication which makes it that much harder for any keylogger or screenlogger to get into ur account since it asks for different grid values each time, so even if a screenlogger gets it the first time u log in, it wont work next time it tried to log in since it will ask for different grid values.

    its a highly secure service.
  13. HAN

    HAN Registered Member

    I have been very, very hesitant to even consider a web based password manager approach. But I am going to do so in the coming days mainly due to the podcast The Seeker listed. While some don't care for Steve Gibson, I do. If he feels this strongly about something, I am willing to consider it...
  14. Meriadoc

    Meriadoc Registered Member

    Seems they have thought through the problems and senarios.
  15. acuariano

    acuariano Registered Member

Thread Status:
Not open for further replies.