Author

Topic: Is LastPass Good Enough (Read 1383 times)

member
Activity: 96
Merit: 10
April 24, 2013, 01:09:24 AM
#13
I recommend KeePass Password Safe.

keepass.info
legendary
Activity: 1288
Merit: 1227
Away on an extended break
April 24, 2013, 12:53:40 AM
#12
Remember to use 2FA with last pass.
legendary
Activity: 966
Merit: 1004
CryptoTalk.Org - Get Paid for every Post!
April 24, 2013, 12:49:50 AM
#11
^^ + 1 for Steve he an old school assembly guru! hehe Smiley 


Lass pass is great.. I trust it but its just a layer of many. Dont use the default generated passwords.. daisy chain a few so you have long 50-100 passwords.. There are plenty of ways to secure youre pc dont depend on one.
newbie
Activity: 18
Merit: 0
April 24, 2013, 12:36:49 AM
#10
Steve Gibson knows his crypto and explains how LastPass works on his podcast: Security Now.  The review is on episode 256.

A link to the podcast:
http://twit.tv/sn256

A link to the transcript:
http://www.grc.com/sn/sn-256.htm

Spoiler: Gibson has nothing but positive things to say about LastPass.
newbie
Activity: 20
Merit: 0
April 23, 2013, 11:04:00 PM
#9
Although I use lastpass, I do not use it for any financial transactions.

Having a totally centralized password database doesn't sit right with me.
newbie
Activity: 22
Merit: 0
April 09, 2013, 07:02:21 PM
#8
I like last pass, I trust it fairly well. The important rules are:

  • Use a STRONG master password.
  • Turn on the "Require password reprompt" feature for important/valuable sites.
  • Set the auto log off when idle feature.

A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use.

The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know).
Thanks for your info.

Why do you set the auto log off when idle? can someone access your pc and control it from their end? I understand about keyloggers and how a hacker can export files etc but can they do more?
newbie
Activity: 22
Merit: 0
April 09, 2013, 06:58:35 PM
#7
That's your first mistake right there.  I transfer all coins off of those wallets immediately as soon as I can.  

As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string.  The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.  

So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass.  I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.  

Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.

And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.

Thanks. I have a lot to think about. I like how you store half the passwords, very clever.

I know storing in online wallets is not so good. I do have a paper wallet with a % there but I like to have some in online wallets and trading accounts for quick access and don't want all in one trading account just in case. I suppose i just have to keep minimal in online wallets/trade accounts and get more serious as btc and even ltc is big bucks now.

I'm lazy and get used to the way I do things but yeh i really have to make some changes.

Thanks again!!!
newbie
Activity: 42
Merit: 0
April 08, 2013, 11:00:23 PM
#6
I like last pass, I trust it fairly well. The important rules are:

  • Use a STRONG master password.
  • Turn on the "Require password reprompt" feature for important/valuable sites.
  • Set the auto log off when idle feature.

A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use.

The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know).
newbie
Activity: 28
Merit: 0
April 08, 2013, 10:56:54 PM
#5
HELL NO!

LastPass has already been hacked.

I use it, but only for websites of little consequence.  Never for anything vital.

They found odd behavior and immediately took steps to correct it.  I'm not aware of anyone who reported any accounts compromised.
newbie
Activity: 28
Merit: 0
April 08, 2013, 10:55:57 PM
#4
That's your first mistake right there.  I transfer all coins off of those wallets immediately as soon as I can.  

As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string.  The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.  

So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass.  I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.  

Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.

And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.
hero member
Activity: 632
Merit: 500
April 08, 2013, 10:48:51 PM
#3
HELL NO!

LastPass has already been hacked.

I use it, but only for websites of little consequence.  Never for anything vital.
member
Activity: 182
Merit: 10
April 08, 2013, 10:44:12 PM
#2
I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.

My bitcoins are scattered over several online wallets and trading accounts.

LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.

KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.

Is this safe? Can my LastPass account be compromised.

If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.

Thanks

Short Answer:  If you trust LastPass, and your certain your PC won't be compromised in any other way, then your good.  A PC can always be compromised, and cookies/session can always be hijacked.  But both of those are inherent flaws of using any online wallet, LastPass or not.
newbie
Activity: 22
Merit: 0
April 08, 2013, 10:37:26 PM
#1
I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.

My bitcoins are scattered over several online wallets and trading accounts.

LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.

KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.

Is this safe? Can my LastPass account be compromised.

If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.

Thanks
Jump to: