Rethinking LastPass: A Second Look

Sign in to add a comment.
Daniel Smedegaard Buus 13:23, 03/26/2014
Well, you fail to mention that the Lastpass database exists on the remote server in encrypted form, only unlockable by your passphrase. The Lastpass team does not have access to this database. The communication that takes place between your browser (or app) and the Lastpass server is akin to versioning, only of encrypted chunks of data. So even though your entire pool of passwords are stored remotely on a third-party server, this does not per se make them more vulnerable in this case. It does, however, make them part of a very large "honey pot" of passwords, attracting attackers in a completely different degree compared to having the passwords stored locally on your own computer.
© Copyright 2005-2018 R-Tools Technology Inc.