Comments on: LastPass Possibly Hacked, Users Forced to Change Master Passwords

By: George

George — Mon, 09 May 2011 15:43:32 +0000

I never trusted that program even after all the good reviews of it. Storing stuff on some server somewhere forever just isn’t cool anymore at all. These guys need to understand that and change it up completely. I as a business or a person could never risk customer information like that, not to mention it is an all in one file, geez. Keep that shit off network or something.

By: Philip

Philip — Fri, 06 May 2011 16:37:09 +0000

I just started using KeePass and to sync between computers, I’ve used Pogoplug sharing an external HD (not the cloud based one). I also use the iPhone app. It’s not the best, but functional.

By: Simon Mackie

Simon Mackie — Fri, 06 May 2011 08:26:39 +0000

It’s not possible to remember very strong unique passwords for every service you use. Sure you could use some kind of phrase based mnemonic based on the domain/name of the site, but solutions like LastPass are certainly more convenient

By: DougS

DougS — Fri, 06 May 2011 04:49:17 +0000

Simon – I hope you do a follow up on this story. I have a secure master password, but I was going to change it just to be extra sure, but I still can’t log on to their server to do that. Seems like they are overwhelmed. I guess people are freaking out on a situation though I am not sure it warrants that, but maybe a follow up piece could provide insight into how they are dealing with the situation.

By: LastPass for better security?

LastPass for better security? — Thu, 05 May 2011 22:38:16 +0000

I dont know about you, but using a strong, unique, DIFFERENT, long arsed password for every site, well there’s no way I can remember those passwords. So what good does storing them only on my desktop do? What good is it if I have to install an app on every other desktop to open a safe online? I cant do that. Nothing else worked as well as Lastpass’s solution.

I do use unique passwords for everything I care about. I do use a strong master password. I use the lastpass phone app on my BB as well. I still think that it’s the best option if you want password convenience, high security, AND the ability to use truly strong unique passwords on every account.

That said, there’s no way I’d ever get my parents to use that level of security sucessfully. It was a bit difficult for me to get used to at first too (setting everything unique). But as long as I don’t do something stupid like store my master password on the computer somewhere, I think the Lastpass solution is the best way to go.

By: surereef

surereef — Thu, 05 May 2011 16:45:40 +0000

Hey guys, remember me? Your brain…I know computers are cool and all, but I’m just wondering what’s up?!?

Sincerely,

“The Organ that remembers stuff”

By: Simon Mackie

Simon Mackie — Thu, 05 May 2011 16:40:58 +0000

that’s good to know, Judi — 1Password shouldn’t be exposed to this sort of risk.

(Good to see you back here, btw!)

By: Simon Mackie

Simon Mackie — Thu, 05 May 2011 16:39:16 +0000

As long as the passwords were encrypted on Dropbox using a master password (as I believe they would be if you used Keepass), it should be reasonably secure. I certainly wouldn’t store them unencrypted on Dropbox though.

Doug- as long as your master password is not an easily guessed word or phrase, it sounds like you should be OK with LastPass, even with this (potential) breach.

By: DougS

DougS — Thu, 05 May 2011 15:34:19 +0000

Wouldn’t storing your passwords on something like Dropbox be more risky? I don’t know, I am just asking.

I am currently using LastPass.The way I understand how it works, the master password is never passed to the server, so it seems quite secure. I guess I am about to find out.

By: Dan Russell

Dan Russell — Thu, 05 May 2011 13:53:25 +0000

With the help of Dropbox, KeePass can be both local AND in the cloud.