How safe is LastPass?

Is it safe to trust LastPass to have all your passwords, emails, banking, etc?

Please share your findings.

 

My friend does. I don't use it but I do use Chrome to store passwords.

 

Last Pass is diff. than browser save passwords

you are actually uploading your passwords to a site


how safe is it?

anyone else care to comment?

 

What are their guarantees if they have a security breach and all of your passwords get leaked? Will they fix your credit? Will they fix your facebook, will they spend the months/years it will take to rebuild your reputation?

If they don't do anything more than say 'oops, we'll try harder', then don't bother.

Look at everything in the 'cloud'. Most (all?) of their guarantees are along those lines.

 

Everything with lastpass is encrypted, they were hacked into just some months ago but not only did the attackers get nothing out of it, some users who decided to change their passwords out of fear couldn't get back into their accounts because LASTPASS WILL NEVER BE ABLE TO RECOVER YOUR MASTER PASSWORD IF YOU FORGET OR LOSE IT. Keep that in mind if you want to use it, or if you can't trust their encryption, you can use a password software you install on your own machine like keepass.

 

I really don't care about what they say about their tech.

What are their guarantees and what will they do for you when/if their so-called encryption fails?

 

That is a very logical method of approaching the situation and I agree with what you're getting at. I do not use Lastpass for my banking or billing information as a more insured solution where you will be compensated fully for any damage that occurs because of their password software would be safer. For regular website and email passwords though I trust Lastpass as the encryption and decryption is done locally, and I have options for migration in case I become dissatisfied with the service.

 

Same here, except I use it for IE 64 bit browser, passwords for email, web sites , ect., nothing financial.

Cheers
3Fees

 

About as safe as trusting another person with all your passwords.

 

Chrome uploads it to a site too since it syncs.

 

This.

I've been a LastPass user for about 2 years now. Also use XMarks since LastPass acquired them and the combination of the two means I can log in from any machine anywhere from any browser with only 1 password. LastPass also has an Android (or iPhone) app as well.

They have an option of backing up your passwords to a locally stored file too in case you ever decide to wipe your LastPass data and cancel your account.

Since becoming a husband, father, and homeowner the amount of sites I now have accounts with has increased exponentially. LastPass makes dealing with it all as easy as pie.

 

You can always use 1Password to local store login credentials and other important information in an encrypted format. With Live Mesh used for online syncing between computers, I use 1Password on both of my computers for just that purpose.

 

Not very safe, they just had a security breech this year
LastPass CEO reveals details on security breach | Security - CNET News

 

Umm, that was posted just like half dozen posts ago: http://forum.notebookreview.com/windows-os-software/609318-how-safe-lastpass.html#post7889676

And again, users' fault if they didn't use a strong password. Any site can be hacked. Your own network can be hacked. But if it's encrypted and uses a strong master password, good luck. They'll try but quit and move on to something easier to hack.

The hackers will probably slam the data they have with dictionary passwords and a handful of l33t variations of it, but if it doesn't clear then move on. I can't believe how many people use lame passwords like "password", seriously, and are shocked when their account gets hacked.

 

I would assume it is pretty safe. If you look online they don't have complaints regarding any security issues. Although I still like password managers based on usb, such as MyLok. somehow feel more secure when all my pass codes in my pocket and not online. May be I'm just an old school and worry too much

 

Until you lose your USB drive...

 

Download truecrypt, format an old sturdy HDD on a legacy system, and leave your passwords in a text file there labeled for their respective sites. If, worst case scenario, someone steals your stuff, they wouldn't even be able to see that there is an encrypted part of the HDD on the system.

 

it's safer then having it in your browser. Your friend can use your computer at home, coworker at work and your laptop can get stolen. And if you had your passwords in your browser they can login to anywhere now. No browsers except IE protect your passwords at all. In FF and chrome you can open the whole database of your passwords in a nice window and copy it all in a second, actually. That why I trust lastpass. When I go at work I just login one time in the morning and close my browser in the evening.

 

Too bad they don't store your passwords. Nor do they store a hash of your password. They store a hash of a hash of a hash of your password. Have fun with that. . .

 

You can store as many hashes of hashes of hashes of whatever you want, but if knowledge of how those hashes were generated and how to decrypt them is obtained by who obtains those hashes, then those hashes will do nothing to prevent someone getting that information. Now, if LastPass stores all that decrypt information is different undisclosed locations, then it makes obtaining those passwords almost impossible. Of course, this doesn't prevent people from using stupidly simple passwords.