Slashdot Mirror
LastPass Makes Password Management Free Across All Of Your PCs, Tablets and Smartphones (cnet.com)
LastPass on Wednesday announced that its popular password manager will now be free for all to use. LastPass previously charged a fee of $12 per year to sync passwords across multiple devices, such as a computer, tablet or phone. From a report on CNET: To entice newcomers, the service allowed you to access select features for free on either the web or on a mobile device, but syncing between the two required a premium membership. Not anymore -- that service is now free. LastPass is one of the best known and most trusted password managers. Its main purpose is to store all of your passwords in an encrypted vault in the cloud. The vault can only be opened using a master password that only you know. LastPass doesn't store the master password or have access to it, which means even if its servers were to be breached, your precious passwords would remain encrypted and protected.
...that only you transmit up to 'the cloud' anytime you want to use any of your passwords, anywhere.
I know it isn't quite that simple or risky, but it's rather close.
Password Managers, by design, serve the function of reducing your security.
That's not how it works.
from How It Works:
Local-Only Encryption
User data is encrypted and decrypted at the device level. Data stored in the vault is kept secret, even from LastPass.
Now, you don't have to believe that if you don't want to, but unless you have evidence I'm gonna say you appear to be mistaken in your understanding of how it works.
I don't use LastPass, but they make it abundantly clear that all encryption and decryption is local-only, done on-device, not in the cloud, so that they never have access to the information in your vault. From what I can gather, their cloud is little more than a sync engine between devices, rather than the place from which you access your data.
There are still features exclusive to premium and enterprise users: https://lastpass.com/features/
"Their servers only store an encrypted blob that they (the company) can't decrypt". You don't know that. Unless you can see the source you don't know anything about it.
Technically true. But let's look at the equivalent Keepass steps:
1. Download source code for desktop version
2. Audit it
3. Compile it locally
4. Optional: encrypt the binary and store it somewhere in (say) dropbox if you want to avoid steps 1-3 each time in future
5. Download source code for iOS version (say)
6. Audit it
7. Purchase $100/year Apple developer license
8. Compile it locally
9. Deploy the binary to your iOS device
Unless you've gone through steps 1-9 yourself, then the difference between "trusting Keepass" and "trusting Lastpass" are immaterial.
Oh look at that, a shill posting a boilerplate explanation from his company's own website.
Unless you have "evidence" to the contrary, I'm gonna say that your opinion is irrelevant because it isn't your own, your corporate pimps handed it down to you and you sucked it up like the good little whore you are.
This is where we thank the wonders of open-source, so you can freely read the code and see for yourself how it works.
Not that I suspect, of course, that you ever have done that, ever wanted to do that, or ever will do that. At least I'm the honest whore.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
each site has a unique, computer-generated password. which is stored in encrypted form and only decrypted by you when you need to retrieve that single password. if one of the 20 sites doesn't store their password properly in their database, only that password will be compromised and the other 19 are safe. This is much better than using a single super-secure-nobody-could-possibly-guess-it password for all sites.
It is pitch dark. You are likely to be eaten by a grue.