gauss
Thinks s/he gets paid by the post
- Joined
- Aug 17, 2011
- Messages
- 3,615
+3
Midpack, the biggest flaw with your method is that the passwords are unencrypted, which as you say, could mean that if your computer is compromised that all your passwords are, too. LastPass keeps only encrypted data, so even if they wanted to, no one at the company could read them*. And I use these settings for added protection:
* "Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass." ref. https://www.lastpass.com/how-lastpass-works
- two-factor authentication
- automatically logs me out when I close the browser, or after 5 minutes of inactivity
- only allows access from US locations
- email verification required for new logins
- when I log in on one device, all other devices are logged out
- sensitive passwords require the master password to be re-entered every time
Note this all assumes that lastpass continues to operate normally as described. What happens if they have a rogue programmer who modifies the javascript code that runs on your client and uploads/stores your password to somewhere he controls. A hypothetical, but possible situation. Do they have defenses against it? Probably some. Are they infallible? We will see as time unfolds.
I say this as a person who has started using Lastpass several years ago - but only on the laptop and not with the automatic plugin -- I have to lookup and copy/paste the password each time.
The advantage of having them all stored in one place and up to date, so that I could rapidly change them all if I needed started to outweigh the risk of having them there. Well unless the hacker that got access to my pwds, also deleted all the accounts in Lastpass to extend his time to have access. Dooh...
-gauss
p.s. I posted in the other thread regarding unauthorized Fidelity hacks, about a strategy I am considering to protect my financial assets and why I am starting to think this way
Last edited: