Helping people with computers... one answer at a time.
I recommend LastPass because of their transparency and security model: even LastPass cannot recover your login!
I recently installed LastPass on my desktop PC. However, through one of my other newsletters, or Googling, I caught an article regarding a suspected security breach on LastPass fairly recently and I started reconsider the whole cloud storage approach for specifically my password information. The alternative I'm considering is Roboform. Now, I know from past newsletters you've praised both software and I understand it's also personal preference, but what is your take on the breach and storing passwords away from your own system? I look forward to your response.
In this excerpt from Answercast #17, I look at the proactive nature of LastPass's security practices, including their high levels of encryption.
Well, I'll put it this way. I'm a heavy LastPass user.
So there are two things going one here:
1) If it's the security breach that I'm thinking of, it wasn't a breach at all.
The LastPass people saw what they considered 'suspicious activity' on their network. There was never any confirmation that any kind of a breach had actually happened. They took some proactive steps at that point to notify everybody to say basically, you know, this probably isn't a problem but you may want to change your password.
In other words, they were being abundantly over cautious which I really appreciate.
Now, the thing I like about LastPass is that your information is encrypted on their servers. In fact:
2) It's encrypted in a way that even they cannot recover: you lose your password, you lose your LastPass.
The only time that LastPass information is decrypted is when it's on your PC and you've specified the correct password to perform that decryption. It's one of the things that really draws me to LastPass because that's the level of security I really appreciate.
Now, you're thinking of replacing it with RoboForm. To be honest, it's kind of funny because RoboForm is a cloud solution, too.
RoboForm stores all of your information up in the cloud, so if it's the cloud that has you nervous, LastPass to RoboForm doesn't really change anything. RoboForm, like I said, is a cloud-based solution that is really similar to LastPass.
I do not know their encryption strategy. I'm sure it's good. I don't know, for example, if they were faced with a court order, "could" they decrypt stuff. I really don't know. I don't think LastPass can, I honestly don't know about RoboForm.
In terms of the features and the functionality of the two tools, I used RoboForm for many years. I switched to LastPass a couple of years ago because I really appreciate the openness of their security model and the security model itself.
I don't have a problem using either of them and, like I said, I'm not aware of a security breach, a true security breach, for LastPass that would have me concerned at all. So I'd use them both.
Keep using LastPass if you like it.
End of Answercast #17 Back to - Audio Segment
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.