Hello, I used to use KeePass Password Safe until my database was stolen and several accounts were breached. Now I commit passwords to memory. Regards, Nathan
I looked into LastPass and decided against it because it was a browser extension, and I didn't want my passwords in the cloud. I read this too, and it gave me cause for pause. I have forgotten all that I learned about it, Extreme, but I do remember that there is a lot to like with LastPass.
Whilst I understand your concerns over storing such information "in the cloud", isn't the point in LastPass' case that all details are encrypted locally before transit so if anyone did break in to their servers, the data is meaningless to them. They make a point that none of their staff can read your data even if they wanted to because of this encryption. I believe there was a breach earlier this year, which to LastPass' credit, was resolved fairly quickly with various steps taken to hopefully prevent similar occurrences. @EGBR: I noticed you're using NIS 2012 as mentioned in another thread. You do know that NIS has password storage "in the cloud" in that product also?
You're probably right, TonyW, about encryption being adequate. I trust the cloud in other ways, so it's not a great big factor for me. I guess it boils down to "transit", and with KeePass, there is none... it stays on my HD.
No, I would never use any online service to store sensitive data, especially passwords, and Lastpass was hacked at least 2 times as far as I can remember. I prefer Keepass as well, a password manager is a necessity for me, since I find it hard to remember dozens of passwords with ~50 characters and symbols. Was your computer hacked with admin rights or did you use a browser extension?
Altough I dont like the fact that my passwords are stored in the cloud I still use Lastpass as I need all my passwords synced with my mobilephone (android). I could use firefox sync but i guess LastPass is more secure. From what I read passwords get encrypted before they get uploaded to the cloud.. so even if they get hacked no one should be able to get your passwords.. but who knows how secure they really are :/ I wished there was some way to setup things like LastPass and Dropbox but using my own webserver instead of theirs :S
Started using it not too long ago, very comfortable, but your comments here started to make me wonder if I can really trust storing my passwords in cloud or not
LastPass says that all passwords get encrypted before uploading to the cloud...not sure if we should trust them about that or not. and I think there never have been any passwords stolen from LastPass?
I'm obviously biased but to clear up some misconceptions -- putting your encrypted data into Dropbox is putting it into the cloud, in a similar manner to how LastPass works, except LastPass has never allowed anyone in the Internet to login to your account without a password, and LastPass encrypts your data locally with your master password so something like this can't happen with LastPass: http://www.eweek.com/c/a/Security/D...Off-Passwords-on-File-Storage-Service-655206/ It's certainly worth having 3rd parties look into how things are done at LastPass, here's one: http://twit.tv/sn256 If I can answer any questions let me know.
I've not heard anything of that nature, but then if passwords are encrypted on your machine before reaching their servers, the info which may be obtained by whatever means is of no use to anyone unless you have a weak master password. That is where problems may arise I think. For more details of the breach that took place in May, read here. I believe programs like KeePass also encrypt the data locally; the only difference is that the info stored stays on your machine. You have to remember to do backups of that data in the event of hard drive failure or malware attack on the system.
I know about that attack on LastPass a few months ago. You can't compare Keepass with Lastpass? Lastpass will allow you to have your encrypted data/passwords from every computer.. whereever you are. As well as mobile phones are supported. Checkout LastPass on Android (i use the addon for the dolphinHD browser).. i know nothing comparable.
Yes, so I started this topic, that is if I stop using NIS, I have an alternative, but did not like the LastPass. My passwords are generated by KeePass, so I have no idea how they are. So I need an autofill program and wanted to hear opinions on the LastPass. Norton Identity Safe works incredibly well, fills the passwords of all my sites, etc.. Really very safe, also almost everything I type on my machine is encrypted by KeyScrambler Professional. I've been getting paranoid.
You, like many others, fail to mention that only users with weak passwords are truly affected. They basically got the encrypted database. Personally, I use it for all non-important websites.
