Results 1 to 12 of 12
  1. #1
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154

    Question Has anyone used LastPass?

    Is anyone using LastPass? http://lastpass.com/

    Looks like a great application that syncs with multiple browsers and even multiple smartphone platforms. Android, BlackBerry, iPhone and Chrome/Firefox.

    Only thing that concerns me is that are the passwords stored on their database to sync?

    All of your data is encrypted locally on your PC - only YOU can unlock it.
    How does it sync if it's stored locally? Another downside is that it's a monthly subscription not a one-time fee.

    Any feedback on this?

  2. #2
    Join Date
    Dec 2008
    Location
    Florida
    Posts
    1,052
    $1.00 a month that bills at $12/Year isn't really all that bad.

    I've never heard of it although I did just read a few good reviews about it.
    Not sure what to put here :-P

  3. #3
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,901
    I think SWR recommended it to me some time ago... I use it... love it!

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  4. #4
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,150
    I use it with Firefox in all my PCs, it also supports like all browsers. I have free version. and yea, I LOVE IT too
    █ Diego Rodríguez B. - https://diegorbaquero.com
    █ Software Engineer @ Protocol Labs | Filecoin Saturn

  5. #5
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    How can you store your master password to access your logins on their server? That's nuts. I use 1Password, across my laptop, iPad and iPhone. If I change or add a new login, it syncs up on all devices.
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up

  6. #6
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    How can you store your master password to access your logins on their server? That's nuts.
    According to them it stores it locally but how does it sync then?

  7. #7
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,150
    Taken from their website:

    LastPass is an evolved Host Proof hosted solution, which avoids the stated weakness of vulnerability to XSS as long as you're using the add-on. LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data. We've taken every step we can think of to ensure your security and privacy.

    LastPass uses SSL exclusively for data transfer even though the vast majority of data you're sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic -- the amount of data is trivial so the extra encryption doesn't hurt. Our policy of never receiving private data that you haven't already locked down with your LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone got in. If LastPass can't access it, hackers can't either.
    █ Diego Rodríguez B. - https://diegorbaquero.com
    █ Software Engineer @ Protocol Labs | Filecoin Saturn

  8. #8
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    According to http://www.pcmag.com/article2/0,2817,2343565,00.asp

    The encrypted files are stored on their servers online. And the only way to ever decrypt them would be with your master password, even they can't access your data without the master password so if you lose that you're pretty much going to have to start over.

    But how secure does that make you feel?

  9. #9
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,150
    I've never forgot my master password, I doubt someone would.

    Try packet sniffing all you want, and try to get your own data. Good luck
    █ Diego Rodríguez B. - https://diegorbaquero.com
    █ Software Engineer @ Protocol Labs | Filecoin Saturn

  10. #10
    Quote Originally Posted by WireNine View Post
    ... so if you lose that you're pretty much going to have to start over.
    This is no longer the case, LastPass came up with a way to allow account recovery while maintaining our security stance of never having access to your data at LastPass: Account Recovery via a disable locally stored one time password. I can't link the URL to it since I'm new here.

  11. #11
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    Nice to see a lastpass representative come here to respond to our questions

  12. #12
    Quote Originally Posted by WireNine View Post
    Nice to see a lastpass representative come here to respond to our questions
    We do our best.

    P.S. Steve Gibson is going to be covering LastPass live in a few minutes: Deep & thorough analysis of the ultimate secure password manager "LastPass" LIVE on TWiT live dot twit dot tv

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •