lastpass Password manager

CaptainCrash · 19 Oct 2013 at 08:35

Anon-e-mouse said:
Seriously don't do this, the passwords stored in the Firefox password list are easily to extract, and can be read be anyone with access to your PC even with a Master Password

http://securityxploded.com/firepassword.php

I've only skim-read that article, but the things that jumped out at me are:

It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords.

If you have protected Firefox with master password then you have to specify it using -m option like 'FirePassword.exe -m mypassword' to recover the passwords successfully.

FirePassword is not a hacking tool as it can recover only your stored passwords. It cannot recover the passwords for other users unless you have right credentials.

What am I missing?

Stoner81 · 20 Oct 2013 at 00:42

Anon-e-mouse said:
Another glowing reason not to use cloud services. Once you put data into the cloud, it's completely out of your hands as to what happens to it.

I suggest looking into Keepass instead. http://www.keepass.info

Incorrect.

Lastpass stores all your data locally which you access with your master password and email address. Whenever changes are made to it the data is updated locally first, then it is encrypted using AES-256 encryption and then uploaded to Lastpass's servers in its encrypted form. Lastpass have no way of knowing your details and they have designed it that way on purpose because even if they are ordered to hand over details they can't because they don't have them.

Lastpass is simply awesome imho and not once in 5 years have I had a single reason to doubt their integrity.

Stoner81.

Raumarik · 21 Oct 2013 at 10:47

+1 for Lastpass being fairly secure.

I like Keepass but it relies heavily on end users having a glue about protecting their local data set and frankly most users are clueless.

jeffa123 · 21 Oct 2013 at 11:29

I may be intruding here but I use Norton which allows you to store in the cloud and on your PC. The good thing about it is that I can install the security suite on another PC and have my passwords already to go. I have never had any issues this way unless you have some keylogger running in the background somewhere which is behaving like a Trojan. I have had this recently with Windows 8 and found it to be an IE handler which was installed with some bogus search engine and the same on Windows 7 as well I had to remove them all manually.

KIA · 21 Oct 2013 at 12:55

I wouldn't give sensitive information to Norton.

jeffa123 · 21 Oct 2013 at 13:09

KIA said:
I wouldn't give sensitive information to Norton.

Norton don't even know what is stored and how it is stored. You can store it offline and not even upload it. You tell me a company whom you would trust with your life.
It is very much a Digital locker that your keydata only has access to. Many peole get these free uttlities that store their data and don't realise until many years later that money has been syphoned off untill many many years later. A lot of people buy their security software directly from Mcafee,Kaspersky and Norton yet don't realise they are paying over the top. Yet they all offer the same service and password protection is one of them.
Why is Norton any different than anyone else. Typing here presents a risk and on any Social network site like Twitter and Facebook which offer a much larger security risk than Norton.

KIA · 21 Oct 2013 at 15:14

jeffa123 said:
Norton don't even know what is stored and how it is stored.

Allegedly. It isn't opensource and I'm betting you haven't seen the documentation. It's impossible to trust US companies these days.

I'll continue to roll my own solution.

Raumarik · 21 Oct 2013 at 15:26

Jeffa, I had the "pleasure" of setting up Norton 360 on my Dads new (And not the one I told him to get) garbage laptop at the weekend, it's actually a lot better than I remember other Norton products, especially the backup solution.

Personally though I wouldn't trust Norton with this sort of information, they are not specialists in the field like Lastpass and Keepass and have a history of half supported products.

Also "Patriot Act", I'm just saying, anything punted over there is no longer yours and no longer private.

soundesciple · 21 Oct 2013 at 20:20

+1 for lastpass, also used it for years and never let me down yet.

R3X · 22 Oct 2013 at 01:13

Been using lastpass for this year and never had such an issue, its a life saver addon for firefox.

I think however I will export a list via lastpass vault and also my favorites and keep them safe also.

I too hate the idea of cloud storage but if you password protect your files and then upload then at least your much more safer... provided its a hard and long password!

Raumarik · 22 Oct 2013 at 13:18

smoove said:
I wouldn't trust last pass - they've had a few securities breaches.

Over two years ago, before I even started using it was a suspected breach but they've never been able to identify any harm that's come from it and have become rather paranoid since - which frankly is a good thing for new customers.

It's companies who don't come out publicly when these things happen who learn nothing from them and continue to be a risk.