Associate
- Joined
- 21 Feb 2010
- Posts
- 196
- Location
- UK
Hi guys,
I've been reading about password managers and after searching on this forum I decided to get lastpass,
My knowledge is limited and that's why I would like clarification please,
As I understand it lastpass creates a encrypted file like say a rar file with a password on it and the lastpass interfaces are used to decrypted this file, so when you have premium membership(I've purchased already,) all it does is pass this file around and in theory if lastpass was to get hacked the hacker would just get a bunch of encrypted files.
So it's very secure but I forgot my password and didn't have 2 step enabled so I did email reset, and bang master password changed,
So forgive me for the long narrative. my question is if you can do a password reset that means there is a backdoor enabled into the encryption right? And even though lastpass might not use it there's nothing to say a hacker or any other organisation might use it, so isn't this a flaw even though I've used it
BTW not knocking the service and I understand it's better to only have on point of failure than several just was wondering that's all.
I've been reading about password managers and after searching on this forum I decided to get lastpass,
My knowledge is limited and that's why I would like clarification please,
As I understand it lastpass creates a encrypted file like say a rar file with a password on it and the lastpass interfaces are used to decrypted this file, so when you have premium membership(I've purchased already,) all it does is pass this file around and in theory if lastpass was to get hacked the hacker would just get a bunch of encrypted files.
So it's very secure but I forgot my password and didn't have 2 step enabled so I did email reset, and bang master password changed,
So forgive me for the long narrative. my question is if you can do a password reset that means there is a backdoor enabled into the encryption right? And even though lastpass might not use it there's nothing to say a hacker or any other organisation might use it, so isn't this a flaw even though I've used it
BTW not knocking the service and I understand it's better to only have on point of failure than several just was wondering that's all.
