Fluxoid

Welcome to Fluxoid. Wanting to join the rest of our members? Feel free to sign up today!

Has anyone ever used "LastPass"?

nodle

Cheesemonger
Administrator
Well I tried this out, loving it so far using the Firefox extension. It's sure is saving me alot of time. Plus my home and work passwords stay synced.
 

nodle

Cheesemonger
Administrator
Can a feller trust the security behind it?
Ya that was my first thought also, but everything is encrypted first before being sent to them. Also:

Do you use a salted hash for login purposes?
Yes, we first do a 'salt' of your LastPass password with your username on the client side (on your computer, LastPass never gets your password), then server side we pull a second 256 bit random hex-hash salt from the database, use that to make a salted hash which is compared to what's stored in the database. This is beyond overkill but we want to store nothing that can even theoretically be used to do a dictionary attack against password hashes if LastPass' servers were somehow compromised. We hope having nothing of value makes us less of a target, and that by taking every conceivable caution we can think of makes you more safe.
 

nodle

Cheesemonger
Administrator
I use these guys everyday, but might want to change your master password now.

Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.The Intermediate Guide to Mastering Passwords with LastPass

LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.

According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.
 

nodle

Cheesemonger
Administrator
Guess it's not as bad as people were making it out to be. I did change mine and set up 2 form authentication.
 

ryanator

Mathematical
Members
I would stay far away from this. You can NEVER trust any form of online security, especially putting your passwords in one or any website really. It's bad enough if an individual site gets hacked like eBay, Paypal, Google, etc..., but I was always leery of password saving sites, too big of a target. I don't care if they make it out to be not as bad, it's just too risky.
 

ndboarder

Bill Gates' Gimp
Members
I would stay far away from this. You can NEVER trust any form of online security, especially putting your passwords in one or any website really. It's bad enough if an individual site gets hacked like eBay, Paypal, Google, etc..., but I was always leery of password saving sites, too big of a target. I don't care if they make it out to be not as bad, it's just too risky.
Risky yes, but if they do their job right the risk is minimal. It's better than using a handful of base passwords with some variations across numerous sites, or having a unique password on every site and storing those passwords in plain text somewhere (a piece of paper in the house, a digital document, etc)

MOre power to you if you can manage to come up with extremely secure passwords, unique for every site you use and remember them all without some form of assistance
 

nodle

Cheesemonger
Administrator
I don't think it's all that risky. Even if they somehow got your password they are encrypted and salted. Good luck with that unless you used a "weak" mast password. Secondly you should be using a two form authentication. It's very easy to setup. Even if somehow they were able to decrypt it, they can't get pass the second part. I have spent most of the morning making unique passwords for my sites, because I have a bad habit of using the same. But with the built in password change tools it makes is so easy. I actually just paid for the premium to use o my phone this morning. It's really my only option with all the passwords I need to remember. I'm not worried one bit about it.
 

nodle

Cheesemonger
Administrator
One last thing I forgot to mention. They incorporated touch ID in their mobile app which is a life saver!
 

nodle

Cheesemonger
Administrator
My second choice would probably be 1password. There are others out there like keepass etc. One password is great and it looks alot cleaner that Lastpass. But it installs local and you the syncing options are limited.
 

nodle

Cheesemonger
Administrator
For those with security concerns, I just updated our forum software this morning and two-step verification has been added. You may find this feature under Personal Details> Settings > Two-Step Verification.
 

nodle

Cheesemonger
Administrator
Just thought I would mention that I deleted my account with Lastpass today. I finally moved everything over to 1password, and got away from Lastpass. Why did I switch? Well I just kinda prefer it better to be honest. Is there anything wrong with laspass? No it's a fine program but I don't need two password managers.
 

nodle

Cheesemonger
Administrator
Well it looks like I am moving back over to Lastpass again now that it's free.
 

ndboarder

Bill Gates' Gimp
Members
Yep, daily.  I think at this point there are maybe 2-3 sites that I actually know my password and can type when needed.  Most every password is a random generated thing from LastPass and filled in from the extension in Edge or app on my phone when needed.
 

nodle

Cheesemonger
Administrator
I don't know how many of you use a password manager, but originally I started with LastPass, then went to 1 Password, then switched back to LastPass. I haven't looked into 1 Password in awhile, but I see they have gone a totally different route with a subscription service. I know after reading online a bunch of people are pissed about this. I don't really like subscription services either. I like a one time fee.
 
Last edited by a moderator:

ndboarder

Bill Gates' Gimp
Members
They all try to monetize in some way.  I had LastPass premium for a  while.  $12 / year, no big deal, plus supports development of an app that's incredibly useful for me daily.  Plus it gave me some nice features - but now all those nice features are free and the ones behind the paywall are useless to me.  Thus, I no longer have a premium pass at the moment, but I'll probably re-up on it just to support continued development for that low fee.  If they ever increase it to much or go purely sub based though I would change all my passwords to something I could remember (less secure and like the old days before lastpass), delete all my content from them and be done with it.
 
Top