LastPass Password Manager 4.17.1

[Karamjit]

LastPass is an online password manager that automatically fills in saved logins and forms with the click of a button. This handy little Web freeware and browser plug-in also syncs your data to any computer you use regularly. With LastPass you won't need to remember passwords anymore. You can easily log into your websites with a single click of your mouse. You can set up multiple 'profiles' and automatically fill your personal information into web forms accurately and safely. It protects against identity theft by keeping sensitive data encrypted on your PC. Your LastPass vault isn't limited to only securely storing usernames and passwords, any confidential text data can be placed in your vault for safe keeping.

Thanks to Astron for the update.

Download

[Soze]

Lastpass was compromised two years ago. 

 

https://www.hackread.com/lastpass-hacked-this-time-for-good/

 

I would never use something like this, bad idea. 

[Guest maut]

58 minutes ago, Soze said:

Lastpass was compromised two years ago. 

 

https://www.hackread.com/lastpass-hacked-this-time-for-good/

 

I would never use something like this, bad idea. 

 

It is as safe as your Master Password. Since you only use one password to log in to LastPass it better be complex, lengthy, and unique to just your lastpass account.

 

There is no point to worry about security if you're just going to use the same password in multiple places. For example I keep my master password on multiple safe, offline locations and only use it on my LastPass account.

 

LastPass has no knowledge of your master password so if you lose it, you are screwed.

 

This is where the security comes in. They only have the salted hash response to your password vault.

 

Since AES-256 salted with SHA-256 would take thousands of years for a farm of super computers to crack, there is no risk of being hacked in the traditional sense.

 

The only way a LastPass account or vault could be compromised is from a user falling for social engineering. If you are still paranoid beyond that, just switch to using Keepass but I think you will find it to be too much of a pain to maintain and access. Lastpass seems to be the best balance in password management.

[Soze]

I love keepass and use it for everything, and they have never been hacked. In my view far superior but it's just my opinion.

[T3rM1nat0Rr3]

31 minutes ago, Soze said:

I love keepass and use it for everything, and they have never been hacked.

 

What do you mean "they have never been hacked"?

Keepass is an offline password manager.

[Soze]

Exactly what I said they've never been hacked. There's several methods of hacking it offline. You could replace the update with a malicious one. Do you CRC every update?

[kingviking]

doing a good job for me @Lastpaas

[EM7]

On 9/6/2018 at 5:08 PM, maut said:

 

It is as safe as your Master Password. Since you only use one password to log in to LastPass [...].

[...]

Since AES-256 salted with SHA-256 would take thousands of years for a farm of super computers to crack, there is no risk of being hacked in the traditional sense.

 

The only way a LastPass account or vault could be compromised is from a user falling for social engineering. If you are still paranoid beyond that, just switch to using Keepass but I think you will find it to be too much of a pain to maintain and access. Lastpass seems to be the best balance in password management.

 

 

Good to know people still lack basic cyber security skills.

Maut, good one, bruh! Clueless, but good one!

 

The biggest flaw of LastPass is availability of database location. Since it's stored in a known cloud space an attacker would have a field day by trying several weak points. One of them is getting access to chrome webstore's account for lastpass and uploading a malicious version of their extension, just like the recent MEGA hack. Fortunately that hack targeted something else than MEGA accounts, but the idea still stands, is doable and poses a severe risk for anyone using these types of cloud based (supposedly) security apps.

 

While it may be convenient, the reason it's dependent on so many 3rd party parts is also why it's a hazard to use, regardless how easy it is to access and maintain compared to others. Encryption alone won't help, the hacks will always find ways around them... and no, Maut, not by brute forcing passwords.

[Soze]

On 9/8/2018 at 7:20 AM, EM7 said:

 

 

Good to know people still lack basic cyber security skills.

Maut, good one, bruh! Clueless, but good one!

 

The biggest flaw of LastPass is availability of database location. Since it's stored in a known cloud space an attacker would have a field day by trying several weak points. One of them is getting access to chrome webstore's account for lastpass and uploading a malicious version of their extension, just like the recent MEGA hack. Fortunately that hack targeted something else than MEGA accounts, but the idea still stands, is doable and poses a severe risk for anyone using these types of cloud based (supposedly) security apps.

 

While it may be convenient, the reason it's dependent on so many 3rd party parts is also why it's a hazard to use, regardless how easy it is to access and maintain compared to others. Encryption alone won't help, the hacks will always find ways around them... and no, Maut, not by brute forcing passwords.

 

 

Great post, so many complacent fools using lastpass, telegram, protonmail, and other sas for security that is full holes. 

 

I don't have the patience to spoonfeed people too willfully ignorant to look this info up on their own, great post!