Last Pass Password Manager
January 14, 2017 at 5:06 PM #5257
After years of constant nagging by the Sound Bytes Crew ( thanx, I needed that! ), I’ve finally broken down and installed a password manager. I chose LastPass. I could have gone with the PW manager that came with my paid-for antivirus program, but I didn’t want to be tied to that AV program for eternity for fear of losing my passwords!
So, now I have very long and very complex passwords that are unique among my various accounts. Its analyzer says I’m very secure now.
Last pass is easy to install from the Chrome extension store, and works very smoothly & well in Chrome on a Win 10 PC. I also installed it for IE 11 on the same PC. It works, but is very quirky in IE.
LastPass claim that the passwords are encrypted, and stored only on my PC. After storing my passwords, I turned off that home PC. The next day, at work, I installed the LastPass Chrome extension, and put in my same LastPass password. Bingo! all of my super secret passwords were available from that second PC – completely sync’ed.
Yes, I did have to enter my same LastPass username and password to get into them, but it’s a little creepy that it was so easy to sync with a computer that I knew to be turned OFF!January 14, 2017 at 5:34 PM #5258
I think it’s because you’re using LastPass’ feature of sync’ing with LastPass’ servers. It may even be enabled by default. I don’t use LastPass (I use KeePass instead), so I don’t know if it’s an option to turn that feature off. If you’re entrusting your passwords to their program, I guess by extension you trust that they store your passwords encrypted (even if it is on their servers), and can ONLY be decrypted by the information you supply. It’s listed on their site as a free feature, so I’m not sure why you’d want to turn it off, except with the extraordinary requirement of having the encrypted contents only locally (some presumption that all crypto is breakable given enough resources I guess, so needing ultimate sole custody of the data).January 15, 2017 at 12:41 AM #5261
LastPass claim that the passwords are encrypted, and stored only on my PC.
Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass.
They mean the unencrypted passwords along with the master password are never sent to their servers so they have no way of discovering your passwords. The major advantage of LastPass over something like KeePass is the syncing of passwords between devices so they need to have the encrypted passwords for that to work. LastPass’s other big convenience is the auto filling in of passwords but that’s also the biggest security risk as you can see from its Wikipedia page.
If you’d like more info, LastPass was covered in this episode of Security Now.
You must be logged in to reply to this topic.