password safety

[jonat]

I believe you state this as a fact, which most certainly it is not.

We agree to disagree. Granted this is more a philosophical approach to the problem but with respect to open source and transparency in general, many believe it brings over time, a better solution. There are more people interested in getting a bullet proof solution to security than there are those who want to break it. It's my belief that the more the details of security are hidden behind a curtain the more people are interested in looking behind it. There have been multiple papers written that bolster this approach

If the strongest element of a security solution is secrecy, it's in trouble.

I understand your perspective but you misrepresent mine. Secrecy has nothing to do with it; the notion that "open source is better because lots of people are looking at the code" has been proven false time after time. A lot of the open source software that is used in critical applications is written or maintained by a very small number of part-time developers, with changes made by often unknown coders over time.

There have also been many instances of miscreants surreptitiously modifying repositories of popular open-source software, inserting backdoors and other malware. Nobody is checking this once it gets out there.

But my main point is that you don't know that the application you installed is actually derived from the open source code that you could look at (if you were motivated to do so.) You simply trust that whoever packaged it did so using the published source code and, furthermore, did so using uncompromised tools. And if you trust them, why not trust the closed-source developer as well?

I use a lot of open-source software - most of it is very good. But I am under no delusions that it is better just because it is "open source".

 

[MichaelB]

Just to be clear, are you talking about updating the LastPass software itself?

I have been under the assumption that the actual "user content" ie passwords etc. stored in LastPass were stored "in the cloud "and would be automatically available between devices on the free version. If I am mistaken about this, this would be very good to know.

I mainly use Lastpass on my laptop but expect to be able to access it via phone (web access) or whatever if I am on the road in a pinch.

Thanks!

Sorry, I created some confusion by not using the proper terminology (CDS - coffee deprivation syndrome).

The premium version automatically syncs the passcode entries across all devices and browser windows. I have 2 on the desktop (Chrome & Mozilla), 2 iPhones (old and new) and 1 iPad and use them all regularly, so the auto-sync is a valuable feature.