Something I haven't seen the answer to:
Does lastpass do any verification before it lets you pull as user's database?
If everything is local they really have no idea whether I'm pulling my own blob or someone else's.
I can enter your email address and download your blob.
I realize its as safe as your master password is strong but if there's no verification at all it just doesn't sit right with me.
I've used lastpass on and off but I've never really seen the answer to that question.
You won't get any data back from the server unless you get the correct email/password combo. You send the server your email over HTTPS and then your password hash. If they match, they send you the data blob.
I personally have a problem with a password keeper that won't work when I am offline. I prefer to be able to look up my passwords where ever I am incase I need to use someone else's computer etc. I am not sure how LastPass handles these situations but I have fallen even more in love with 1Password after all of these security issues came up. It syncs secure between my phone, multiple computers, and my ipad.
It is so simple to use that I have turned on most of my friends and family on to it.
http://agilebits.com/products/1PasswordThe fact that it also makes filling out online forms and storing entering credit card information more secure is the added bonus that I have trouble living without.
Whatever password keeper you use it will improve your security. The most secure password really is the one that is too difficult to memorize. Without a program like this there is no way you could choose secure different passwords for all your logins and remember them.
You can use LastPass offline. As I said, your local computer(s) hold the data. There's also a LastPass app for Android/Apple.
Awesome! A browser plugin? Does it include Bonzai Buddy and MyWebSearch? How about Weatherbug?
Just post all of your passwords on this forum, and if you forget, you can just look them up here.
What an asinine comment. You're telling me you run your browser with no addons/extensions whatsoever? This isn't an annoying toolbar or OS program. It runs similar to Ad Block Plus for Chrome/FireFox. There are no ads, no popups, no annoyances. When it detects a form that it knows, it drops down a little bar under the bookmark bar and the user can select to auto-fill or auto-login. This isn't 1995 where computers have very few resources and applications are horribly coded.
Furthermore, there's quite a bit of difference between using a service like LastPass and posting your passwords on a public forum. Please, don't spread FUD and misinformation on topics you clearly know nothing about. Take your childish antics elsewhere.
