LastPass ~ Password generator, encryption, manager

[sonic2041]

I use that service. I have never had a problem, which doesn't mean I think they are un hackable, but I would think that they would keep things up to date, seeing as what happened to sony when they got hacked and no money was stolen.

Memorizing hundreds of passwords is a ridiculous expectation. Even if you keep a copy locally its a pain in the ass to look things up every time you log on. I know most sites can't do damage if hacked, but I think using the same password on more than 1 site is stupid, in case yahoo gets hacked (which seems to happen a lot).

I do have a few passwords memorized, like the ones for my bank and truecrypt volume, and my Microsoft and blizzard accounts. and they are all totally random with no significance to anything, some being over 20 digits long. But I just use if for the rest for convenience.

[Valkyrie-Favor]

The best way to keep computers from taking your passwords is to write them down physically, and be wary of social engineering scams. Humans can read them, though...

[SamuraiMegas]

A computer that's full of passwords is tempting just like a bank full of money.

You can't buy lap dances with passwords.

you can when you have the password for someone's bank account.

[Mozgus]

A computer that's full of passwords is tempting just like a bank full of money.

You can't buy lap dances with passwords.

Another point worth making. Those of us using a service like this aren't using it as a means of corporate level security. It's not that serious. We just don't want our nerdy lifestyle being invaded by an intruder. I mean, my Steam account is the only thing of value I have. It says I've given them just over a grand since 2004. Not entirely a big deal, especially since games can be pirated. My bank account has a $300 limit per day without my say so. My life wouldnt be destroyed if someone still managed to hack my shit. It's just not worth investing hundreds of hours of my time for the rest of my electronic life, safeguarding all my passwords to the maximum extent.

Nice to see a couple sane people enter the thread.

[MrPopo]

A computer that's full of passwords is tempting just like a bank full of money.

You can't buy lap dances with passwords.

Another point worth making. Those of us using a service like this aren't using it as a means of corporate level security. It's not that serious. We just don't want our nerdy lifestyle being invaded by an intruder. I mean, my Steam account is the only thing of value I have. It says I've given them just over a grand since 2004. Not entirely a big deal, especially since games can be pirated. My bank account has a $300 limit per day without my say so. My life wouldnt be destroyed if someone still managed to hack my shit. It's just not worth investing hundreds of hours of my time for the rest of my electronic life, safeguarding all my passwords to the maximum extent.

Nice to see a couple sane people enter the thread.

You missed the point. You're going through more effort than you once did for no upgrade in security.

[Mozgus]

You missed the point. You're going through more effort than you once did for no upgrade in security.

I have explained how it is an upgrade in security over using same passwords on multiple sites. If you choose not to read, then that's you actually, who's missing the point.

[MrPopo]

You missed the point. You're going through more effort than you once did for no upgrade in security.

I have explained how it is an upgrade in security over using same passwords on multiple sites. If you choose not to read, then that's you actually, who's missing the point.

Except your explanation is faulty. If I hack in to the database for Steam and get your password I still don't know what other sites you belong to. Centralizing all your login info creates a site->password mapping, so having your centralized password compromised means now everything is known.

[Mozgus]

We've gone over all this already.

[skate323k137]

Using a password manager, and not re-using passwords, is pretty much a necessity at this point. You never know what site you belong to (or ordered from) in the past that's going to have their database compromised, and your PW hash and user information leaked. Last year I disclosed a vulnerability to racketboy (and subsequently patched it for him) which would have allowed me to steal the registration information for and password hashes of every user of this forum.

That being said, no way in hell I'd use a password manager that has anything to do with "the cloud."

I work for a web hosting company, and I analyze compromised systems and hacked websites daily. I assure you that next to e-commerce sites, a password manager site is going to be a prime target for hackers.

As far as re-using passwords: not knowing what other sites a user belongs to is irrelevant. Hackers aren't stting around trying these logins manually. I guarantee they have scripts that will try your (leaked) username and password at every e-mail provider and bank imaginable. The vast majority of hacking attempts are done en masse by automated processes.

[Mozgus]

Anywho, I just confirmed how easy it is to export LastPass and import the database into KeePass, should I see any reason why LastPass isn't safe. The convenience it offered in changing passwords on 98 accounts can't be ignored, though. Saved a lot of time. And LastPass lets you delete your account right here.