PRISM and LastPass

Discussion in 'privacy problems' started by guest, Jun 13, 2013.

Thread Status:
Not open for further replies.
  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    I use and love LastPass. So comfortable and simple. But now you guys are scaring me :(...........
     
  2. Gitmo East

    Gitmo East Registered Member

    Joined:
    Jul 28, 2013
    Posts:
    106
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    It's more than secure enough for everyday websites, plus very convenient and efficient. In fact, all that scary stuff is theoretical so far. The real important passwords, like your bank account, should be kept in your head regardless.
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    @J L
    Ah! All my really important passwords are in my head. I'm okay then.:D Thanks a lot for the assurance.:):thumb:
     
  5. tlu

    tlu Guest

  6. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    Except firefox users are still stuck on 2.5.0
    WTF lastpass, get your crap together and update the addon for firefox.
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Couldn't agree more with @Stifflersmom:thumb:
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I still do not know why people would trust a cloud based password system. It is a single point of failure. If you have a local password system and turn off your computer when not using it no one can even try to crack your password. with a cloud based system people can try to crack it as much as they want.
     
  9. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    In all fairness, that's like saying:

    "There's no point in imprisoning people who have committed a crime. If you just kill them, there's no way they could do it again. With a prison-based system, people can try to escape as much as they want."
     
  10. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45

    The reason I use lastpass is because I use a Mac and linux. When I had windows, I used keepass and loved it. With mac, I have to use keepassx and it's not like keepass. It doesn't run as well and hasn't been updated in years. In fact, I don't trust keepassx like I trust keepass. So I use lastpass instead. To me, software must be actively maintained in order to be trusted. I'm willing to accept the risk of using a web-based password with client-side encryption and a very strong password.
    If I used windows, I would use keepass. But, the bottom line for me is that windows is a much bigger security risk than using lastpass.
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    not really. The way i see it is local password system is storing the keys in your house. cloud password system is giving a third party your keys to look after.
    I feel much safer looking after my owns keys. the third party could lose your keys. pus if you are using a cloud based password system because you forget your passwords you will most likely use an easy to guess password to access them. How is a cloud password system any better than using the same password on every site? if someone gets in to lastpass the game is over someone can login to all your accounts.
     
  12. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    You obviously have no idea how Lastpass works.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    You never give LastPass your keys. Analogies always suck, because they're never perfect, and we're talking about minute details here.

    There is a danger using LastPass. They could potentially send a malicious update. You are trusting them. But they do a lot so that you don't have to trust a ton.
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    you can go to the lastpass website and type in your username and password and access all your username and passwords. if someone knows your password someone else can as well.
    what do you think I am missing?

    so lastpass creates randomly generated secure passwords but if someone uses an easy to guess password as their lastpass master password then people can get access to all passwords for that user.
     
  15. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45

    That's the case with ANY software. If the user can't be bothered to create a strong master password to guard (potentially dozens or hundreds of) other passwords, then the user chooses to accept that risk. Lastpass is responsible for producing software that works the way they advertise -- they are NOT responsible for ensuring users are not foolishly using weak, dictionary-based passwords.
     
  16. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    You are missing the whole concept. Lastpass encrypts the data using a key that they never receive, the decryption is done in the browser.

    You might want to follow the threads:

    https://lastpass.com/safety.php

    https://forums.lastpass.com/viewtopic.php?f=6&t=89095

    https://forums.lastpass.com/viewtopic.php?f=6&t=85533

    https://lastpass.com/whylastpass_technology.php

    http://blog.lastpass.com/2013/09/lastpass-and-nsa-controversy.html
     
  17. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I am aware of how lastpass works But at the end of the day you are still storing an encrypted version of your passwords on someone else's server.
    if some hacked lastpass and managed to grab the encrypted files how long would it takes hackers to crack those files locally?

    For that kinda of system it seems to be the best designed but I still do not like that kind of system.
     
  18. tlu

    tlu Guest

    That depends on the strength of your master password and the number of PBKDF2 rounds you're using.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.