📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Lastpass.

Options
2

Comments

  • cgk1
    cgk1 Posts: 1,300 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    edited 10 May 2011 at 11:13AM
    Who going to go through hundreds of photographs looking for one containing an image of text?

    Don't need to, OCR would pick up any files with text without the need to manually search each image* - it could be found in seconds.



    * Which incidentally is why evernote is so ace (because it works on this principle), I see something I want to keep a record of, I take a picture of it and it's then instantly searchable and findable.
  • cgk1
    cgk1 Posts: 1,300 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    edited 10 May 2011 at 11:18AM
    closed wrote: »
    if your house gets burgled, you know about it straight away, if a 3rd party server/service gets hacked/compromised you don't. paper with your own personal encoding system is fine

    Because of how lastpass works (it doesn't actually store passwords and lasspass have no access to your encryption key), as long as they inform a user (and that user has a strong masterpass word) within three or four decades the risk to them is pretty low - far lower than a paper based system.

    The personal risk to me is actually lower because I'm a premium user and use it in conjunction with yubikey.

    Even if people don't want to use something like lasspass, they would be better off with something like keepass than a paper-based system.
  • clinteestwood
    clinteestwood Posts: 96 Forumite
    cgk1 wrote: »
    ludicrous scaremongering - the only way a normal person can remember all of the passwords they might use is to either write them down (insecure) or to use weak alpha-numerical passwords that they re-use from site to site - both are more more insecure than the risk posed by a service like last-pass set up correctly (even without two factor authentication).

    Nonsense. A semi-smart individual can formulate a logical pattern for creating different passwords for each of the sites that they use. Its not scaremongering at all, its the simple logic of the matter. In 2 weeks Sony was hacked TWICE, thats nearly 100 million user names and passwords that have may have been taken... thats not scaremongering, thats just life. You can argue that it was because they were using out dated apache servers etc and that dedicated password sites would employ stricter security mechanisms, but they are also subject to attacks and breaches leaving yourself open for massive exposure.

    If you keep all your keys to all your doors in one remote location you are asking for trouble. People can use their brains and try and remember a few passwords.... and they dont have to be alpha numeric, they can be as complex as you want, just apply some intelligence and logic.
    I'm not normally a religious man, but... if you're up there, save me, Superman!
  • cgk1
    cgk1 Posts: 1,300 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    that dedicated password sites would employ stricter security mechanisms, but they are also subject to attacks and breaches leaving yourself open for massive exposure.

    But lastpass doesn't store any of that data, it doesn't even store your encryption key - so as long as you are using a strong password, the risk is next to zero when compared to a paper based system or something dreamed up in your head. So if you are using a strong ten digit password, then it's 2^59.4 = 7.6 X 10^17 possible combinations of passwords. Which is why the risk is from them brute-forcing it before you change it and the change of them being able to do it you change it is next to nothing.
  • clinteestwood
    clinteestwood Posts: 96 Forumite
    Excellent point!

    What about issues using the extensions?
    I'm not normally a religious man, but... if you're up there, save me, Superman!
  • 23n1th
    23n1th Posts: 1,523 Forumite
    I'd never use an online service for my passwords. I used to keep a list of hints about the password and site and use nursery rhymes. I now use Keepass/Keepassx/KeePassDroid (opensource IMO is much more secure than propriety) along a keyfile/password compbo and dropbox. Much safer than a service like lastpass. IMO.
  • cgk1
    cgk1 Posts: 1,300 Forumite
    Tenth Anniversary 1,000 Posts Combo Breaker
    dropbox

    I use dropbox but not for anything secure - the nature of the service means that it's possible for people to spoof being you and access your files, it's a known problem.
    Excellent point!

    What about issues using the extensions?

    That is a point of weakness, which is why they should be set to log-off automatically and also your lastpass (or whatever service you pick or use) should be subject to two factor authentication. I use yubikey, so unless I plug it into a machine, you can't log-on. A yubikey is about £15 and can be used with a range of services. However if you pay $12 a year for the premium service, you can download an authentication program from lastpass call seaseme which works in the same way on a usb stick.

    The big issue for me is using machines away from home that you have no control over - that's why for any service that allows it, two factor is a must for me (BTW anyone reading who has a goofle account/gmail user, you can do two factor there - google "google authenticator".
  • 23n1th
    23n1th Posts: 1,523 Forumite
    cgk1 wrote: »
    I use dropbox but not for anything secure - the nature of the service means that it's possible for people to spoof being you and access your files, it's a known problem.

    Hence the key file, doesn't matter if they guess the password its useless without the keyfile which I never put in dropbox. Not to mention the database file is only in dropbox if I've updated it with another entry and deleted once its transferred to every computer.
  • clinteestwood
    clinteestwood Posts: 96 Forumite
    cgk1 wrote: »
    (BTW anyone reading who has a goofle account/gmail user, you can do two factor there - google "google authenticator".

    The Google two factor is a new addition, right? i think i read about that a few weeks ago. Its interesting that this is how lastpass works, i wont lie, i was ignorant about their method of 'encryption' and its actually very clever, although limited.

    I STILL believe that the best way is to simply use your own logical password system. It requires a bit of creativity. Its not often that people hack individuals, and unless they are incredibly good at social engineering then they wont get your method. When using other machines i always carry linux on the fly using a USB, especially handy when travelling and having to use a net cafe computer.
    I'm not normally a religious man, but... if you're up there, save me, Superman!
  • 23n1th
    23n1th Posts: 1,523 Forumite
    clinteestwood wrote: »
    ... I STILL believe that the best way is to simply use your own logical password system. It requires a bit of creativity. Its not often that people hack individuals, and unless they are incredibly good at social engineering then they wont get your method. When using other machines i always carry linux on the fly using a USB, especially handy when travelling and having to use a net cafe computer.

    I have to agree, I still think my old method is the most secure, but I've got too many passwords now.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture