Do You Trust LAST PASS

Discussion in 'other software & services' started by Rainwalker, Oct 20, 2014.

  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I know it has been around awhile. Would you trust it?
     
  2. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Steve Gibson gives a thorough review here. I use it and trust it.
     
  3. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,126
    I would
     
  4. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK....Thanks....sold :)
     
  5. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    or rather 'do you trust the concept of putting all your eggs in one basket?'
     
  6. luxi

    luxi Registered Member

    Joined:
    Aug 31, 2013
    Posts:
    66
    I do, because I use it, but whether I should is another matter. The case has been made by the LastPass folks and other security professionals for the measures it uses to secure and encrypt your data. I would never worry about a hacking attempt or anything like that on the LastPass data servers, and given that I am the only one who will ever have the key to decrypt my data, I wouldn't worry about it (my database) falling into the wrong hands (court order, or by some nefarious actor). I think there's a better chance my PC would be physically compromised before my LastPass account is. They also have good data redundancy.
     
    Last edited: Oct 21, 2014
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    a key has to be stored somewhere. seeing as how stronger military systems have been compromised, its a case of 'when' not 'if'. i hope it does not happen in your lifetime
     
  8. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I use it and trust it.
     
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    On second thought...........
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I've been using it for years now. I trust it more than a lot of other software I use, including the OS I use it on.
     
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Do I trust Lastpass? Sort of.. Do I trust other solutions more? Without a doubt.

    However usability of Lastpass is one of the best, and for that reason I use it. There are more secure options, such as Keepass w/local storage, or Keepass w/encrypted zero-knowledge cloud. But for raw usability, and convenience, nothing seems to be beat Lastpass these days. Also, Lastpass has become quite profitable, and any breach would likely destroy them as a company. So knowing this, I think they will do whatever they can to protect their customers, and customer data. It would be corporate suicide if they were ever exposed being complacent, or involved with any NSA snooping. It would be instant suicide if they were ever breached. Few companies related to this type of thing ever fully recover if they are breached, or have lapses in security.

    So given all of that, Lastpass is a good option.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    What do you mean by trust? Do you mean can the company be trusted, or the software?

    Password managers dramatically improve security IMHO. LastPass enables me to have a different password for every site logon without the burden of remembering them all or writing them down, etc. The potential weakness is the master password; to protect it I use two factor authentication. It is very hard to keep passwords unique and organized without this kind of system. Most people just keep reusing the same password or if they change them they later forget and have to go through a password recovery process. Which option sounds more secure to you? :)
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I don't trust the idea of passwords being stored online. I prefer to store them on my computer and backup them on external HDD.
     
  14. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    100% agreement! The level of security these offer for the normal user is fantastic. The alternatives are much less secured. If everyone used some sort of password manager we'd have far less compromises namely because in the case of the recent Dropbox leak, people often use the same password at multiple locations allowing one breach to escalate into dozens, sometimes hundreds. A password manager effectively eliminates cascading breaches. A password manager also allows you to use stronger recovery methods, for example you can use long strings for security questions rather than 'the last job I had' or 'my dogs name' which can be ascertained through social engineering.

    Those are just a few things, but many more benefits are evident.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Yes, but by whom? Cyber warfare between nation states is a little different than hackers trying to steal credit card numbers from online retailers. It's more important to look at how systems are compromised. For instance the latest hacking round of retailers, such as Target, brought to light how antiquated the card payment system is in the U.S. This has been known for years, but it took a big theft to force the industry to begin upgrading to the more secure "chip and pin" system (definitely not perfect yet far better than current magnetic strip technology). Using LastPass combined with two factor authentication on all sites that support it (and to protect the LastPass master password) is very secure in comparison.
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    But again, one of the best protections from this is to prevent harvesting of data.

    Each breach yields millions more breaches. Why? People without password managers tend to use 'similar' passwords, or variations of the same password. So that 7 million Dropbox leak is a treasure trove of information leading into countless Gmail, Facebook, and other accounts. Then once into Gmail they can access further accounts by engineering the account, and then using recovery methods. People seem to have no idea how this happens, and how suddenly 'everything' is compromised that they use. The value of a PW manager cannot be overstated IMO.

    Even a lousy PW manager is better than no PW manager.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I couldn't agree more. I think the social engineering aspect is even less understood than the same/similar password problem. Online password reset mechanisms are essentially back doors for hackers. The "security question" model is ridiculously flawed. How many people understand this and answer the "questions" with unrelated, complex "answers" that can't be found via Google or Facebook search and store them in a password manager? My guess is not many.
     
    Last edited: Oct 21, 2014
  18. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    My security question answers generally look something like this; jEXCwhfvn7TpnD8XhacR
     
  19. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    no need for nations to get involved, i guess you missed the story about this guy.

    just being the devils advocate here, i don't feel comfortable and i go back to the analogy (putting all your eggs in one basket)

    i personally think having an algorithm stored in your brain is more convenient and ultimately safer than storing it in bits and bytes where the potential for a breach is infinitely greater than having your memories hacked. i just use the first 3 letters of the domain to finish the algorithm (the algorithm is the only thing i need to remember). outcome of password is different for every service. you can make the algorithm as complicated or as simple as you like.

    edit- i genuinely hope i don't get to say 'i told you so' in the near or distant future
     
    Last edited: Oct 21, 2014
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I agree, I also don't like it. I've checked out the Opera extension to see what all the fuzz is about, but I got turned off when I had to sign in.
     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    WAY too much work.

    I store 1,600 passwords. Having them all in my head may work for a few, and be an annoyance at times. But it's sheer lunacy for 1,600.
     
  22. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    at no point did i say you need to remember multiple passwords, you only need to remember the algorithm (singular).

    you don't need to remember the area of every circle, you just need to remember what Pi is. similar concept

    however if using a password manager is more convenient than remembering a single algorithm (and for 1600 passwords i can see why) then more power to you
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I use an algorithm for my passwords also. This way I can "remember" many passwords and don't have to use the same password for multiple logins. I use offline password manager only for storing purposes.
     
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    That's fine if you have a good system in place. For instance do you have redundancy? - if you have a power surge/lightening strike and the computer and external disk become toast do you have an off-site backup? Are your password backups encrypted, and if so how/where do you store a copy of the password to decrypt them? A service like LastPass handles all of this.
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    External disk is not connected to computer. I connect it only when I make backup. I have additional encrypted backup on another location, just in case of fire... Password are encrypted by KeePass and Truecrypt. Both password for decryption are stored only in my head. I understand that online service can be convenient but with passwords I prefer safety over convenience.
     
Loading...