Should I trust in Lastpass ?

SifhX

Level 4
Thread author
Verified
Jan 26, 2014
188
Hi,

I seen a lot of time people using lastpass, so I decided to try it out, I installed it but it ask me to register ..

- Why should I register for something personnal and confidential ?
- My passwords will be sent somewhere ?
If yes : if they are hacked what will happens ?
If no : do I have total control over it ?
- Should I trust in lastpass and in these kind of software ?



Thanks in advance :)
 
  • Like
Reactions: Cats-4_Owners-2

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Yes
You need an account to create and your data/passwords will be stored online, encrypted on LastPass servers. On any browser which have LastPass you will be able to access your data. When you enter your username and password your data is decrypted.
Used it for years. Have 0 problems. Love it :)
 

viktik

Level 25
Verified
Well-known
Sep 17, 2013
1,492
Lastpass is very reliable.

lastpass don't store your password. they only store encrypted password vault. if you use strong master password then only you can open and see whats in the password vault. this also means if you lose the master password then you lose all the password in the vault. Lastpass won't be able to recover it.

Encryption and decryption is done in your computer. so you should make sure that no keyloggers are working in your computer.

lastpass keeps multiple backups of password vault in various locations. so there is very little chance that they lose all the backed up password. That has not happened till now.

I don't know about others but you can trust lastpass.

lastpass store my 100 characters long passwords for gmail. So this makes it impossible for someone to guess or crack these online accounts. Even all the computers of this world cannot break 100 character strong password.
 
I

illumination

Here is a little tid bit about Lastpass form none other then Steve Gibson. It is a podcast, Episode 421. Around 25 minutes into the podcast he talks about Lastpass...

http://twit.tv/show/security-now/421

For those that do not know Steve Gibson, check this site out.

https://www.grc.com/intro.htm



This is taken from lastpass site regarding privacy.

Your privacy is critically important to us. LastPass has a few guiding principles:

  • We don’t allow you to send LastPass critically important information
    like your usernames, passwords, account notes, and LastPass master
    password; instead your LastPass master password is used locally to
    encrypt the important data that’s sent to us so that no one, including
    LastPass employees ever can access it.
  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
  • We don’t store personal information on our servers unless required
    for the on-going operation of one of our services. (For example: If you
    choose to store login history, we keep login history, if you choose not
    to, we don’t)

LastPass operates several websites including LastPass.com. It is
LastPass’ policy to respect your privacy regarding any information we
may collect while operating our websites.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Others have already covered most of the important facts, I would like to add it is very user-friendly, easy to use and integrates within most browsers without any problems unlike similar password managers. In my opinion, it is the best free password manager available.
Most other free password managers limit how many accounts and log on info you can store or don't integrate within your browser easily.

Thanks. :D
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Yes, SifhX, you should trust in Lastpass. The concerns expressed over registering o_Owere very point blank, :oops:and similar to my own thoughts, ..but that was before. Suspicion is the sign of one whom is not careless.:cool: In fact, at the time Lastpass was added the download progress of the extension stopped when it reached 85%. Then I was prompted to download a binary file '..for increased security'. I went ahead and <clicked> "OK" (before I'd thought about it) although I felt quite suspicious. It then installed the password vault onto the computer which I later un-installed. This, I would learn later, was something harmless though not needed, & thus-ly I chose not to allow downloading the vault for either of our 2 other laptop computers. Like e-mail that's made more secure with better passwords, the Lastpass vault is easily (but more important it's safely) accessible through all browsers with Lastpass. That said, I have since learned what every single member here has commented upon the virtues of using Lastpass!:) I have used it every day since it was first recommended (Thanks to both Exterminator20 & Littlebits!) and it's security is real. The only part of Lastpass that equals the added encryption security it provides is the convenience you'll experience.:cool: That, and the peace of mind which everyone here feels and believes in even as it's wonderfully & amazingly free!:rolleyes: Take everyone's word for it, you'll thank us later.:D
 
Last edited:
  • Like
Reactions: SifhX and Venustus

Jcwisgod

Level 2
Verified
Dec 4, 2013
169
Hi,

I seen a lot of time people using lastpass, so I decided to try it out, I installed it but it ask me to register ..

- Why should I register for something personnal and confidential ?
- My passwords will be sent somewhere ?
If yes : if they are hacked what will happens ?
If no : do I have total control over it ?
- Should I trust in lastpass and in these kind of software ?



Thanks in advance :)
Here's some ways to make LastPass even more secure http://www.howtogeek.com/121267/11-ways-to-make-your-lastpass-account-even-more-secure/
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Also, LastPass has one great option - Security Check.
It scans all your passwords stored and finds duplicate passwords or weak passwords, warns you that you should change them.
Just remember your master password for LastPass, and that is your last password that you need to remember :)
I recommend you create master password with combination of upper letters, numbers and special characters like
MalwareT1P5=Secur1t1 and It would take a desktop PC about 425 quintillion years to crack your password :cool:
Capture.JPG
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
I use sticky password, its great with a good looking gui as well.
Thanks for sharing. This is the first I've heard of "Sticky Password".:) Does it work well with all browsers, & do you feel it would provide a similar level of security,:cool: or perhaps more, than Lastpass?
 

jim lin

Level 8
Aug 6, 2012
505
if using Lastpass on Firefox this should be interesting to you

Why is LastPass not being updated on Mozilla Add-ons?
http://www.ghacks.net/2014/03/02/lastpass-updated-mozilla-add-ons/
By Martin Brinkmann on March 2, 2014 in Firefox

LastPass is a popular online password manager that is available for various web browsers. Well, it is actually more than a password manager as it ships with other features of interest, including different profiles for fast form filling, options to store files in the protected vault, and an option to create secure notes.

Firefox users can download the password manager extension for their browser from Mozilla's Add-on repository, or directly from the LastPass website.

One would assume that the versions are identical, but when you compare the versions, you will find out that this is not the case.

The latest version of LastPass that is offered on Mozilla AMO is LastPass Password Manager 2.0.20. The version was updated on March 13, 2013 and nothing has happened ever since.

When you turn your attention to the LastPass website, you will notice that version 3.1.0 is available there for the Firefox browser. This version was released on February 14th, 2014.

if you check the release log on the official website, you will find out that a total of four updates have been released for the extension since the Mozilla AMO version got last updated.

So what is the issue here? First of all, there is no automatic update. If you install the password manager from Mozilla Add-ons, you may be totally unaware that newer versions are available because you are not informed about that.

The only way to find out about it is to visit the LastPass website and check the latest version there manually.

Second, you miss out on new features and fixes. The version 2.0.26 update for Firefox for example resolves several Firefox specific issues that came up in new versions of the browser.

Why has not LastPass been updated on Mozilla Add-ons then? New versions are available, so that cannot be the issue.

The review process may delay the availability of new versions, but one year, that cannot be it either.

There is no satisfying explanation at this point in time.

It is interesting to note that a new version of LastPass, version 3.1.1, was uploaded to Mozilla AMO on February 26. It is not listed yet on the main extension page,likely because it is still going through the review process.

You can however download it by clicking on Version Information at the bottom of the LastPass page, and then on "see complete version history" afterwards.

Here you find the new version listed that you can add to the browser to update the old version.

It seems that a new version of LastPass will be released to Mozilla AMO in the coming days or weeks. If you are a LastPass user, you may want to check the version installed in Firefox and the version listed on the official site regularly to make sure you are always running the latest version.

:)

James
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
James' posted article brings to light an update many of us will feel better about knowing.:) Coincidentally, and right before logging back on today, I was doing just THAT at Lastpass' site, and updated just as was suggested! Thanks Jim.:D

Update: It took me a little while to remember exactly why I'd first felt puzzled even prior to when the latest update version becoming available, when adding the LastPass Extensions to our browsers. On XP, the ext. stopped loading when it had reached 85%, after which I was advised downloading a binary file (vault placed on your computer system) would provide enhanced security. On our other computers I opted not to do this. When Exterminator20 addressed my concerns, I was assured their web based vault with added security encryption was secure. I had considered the download then, to be a o_OPUP, and immediately deleted it from our XP. Now, with the vault installed on our Windows 7 64 Bit system, I've grown less skeptical, but would prefer continuing to use the web based vault online. I may remove the system "vault", and download it instead onto a "portable" external memory stick if I can. That would be best!:D
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top