LastPass Is The Password Manager That Hackers Hate

You can export ALL your data stored in your LastPass vault, which can be accessed OFFLINE as well. It's stored in encrypted format by the way, in case you wondered..

Meowbay

That's why you should really setup multifactor authentication, use the on-screen-keyboard provided by lastpass and tweak the security settings for your needs. For example you can make your lastpass vault accessible only from one specific country (just don't forget to turn turn that off if you go on a vacation or better yet leave it on and use a secure VPN that way you don't have to worry about public WiFi's either since all of your data is sent encrypted).

FilmereX

i keep my master password on in encrypted thumbdrive locked in a biometric safe that's buried five feet underground 50 miles away from me.

Vouax

Personally I prefer to store my passwords encrypted and locally rather than in the cloud. Keepass and KeepassX do the job for me and both cost nothing. You can store your encrypted passwords on your computer/flash drive or in the cloud, e.g., dropbox, and access them after encrypting them with a master password and/or some file, e.g., picture, you nominate which makes hacking your password file impossible.

PriapicPan

great video and the production quality is awesome!

iopixels

Someone pointed out that back in 2011 Last-pass found unaccounted for bits but not any proof of data breach.   However, they proactively communicated the potential of a breach to allow users to change their master password.   Compared with Home Depot or Target who knew about their breaches for a month or more before going public.   Last-Pass is free for basic use, but if you want to use certain features there is a fee.  ($12 a year, but they also monitor your account emails to see if any are involved in data breaches with any of the companies you have passwords with.  If those sites are compromised with things such as heart-bleed they let you know when their servers are patched so you know when to change your password for their site.)    The rogue element does hate it, their bashing coms are the sign.

Some want everything for nothing which makes me laugh when their free things have security flaws the size of Brazil that go months unchecked because the orgs don't have staff or monies to hire programmers to fix the flaws.  Thus it goes much longer as a vulnerable piece of software, but hey it's free dude.

recycletreerpcondo

I've used lastpass a couple of years now and it works great, all of my pc's use ff and chrome, last pass works with both, so I have all my passwords at my fingertips regardless which pc I am using. I have 2 desktops running both win 7 and Ubuntu 14.04 with ff and chrome on both, my laptop has Ubuntu 14.04 with ff and chrome also, no worries here. I also have 2 other desktops that have windows and some form of linux running on them using lastpass also.

claymanx

Any password application that does not store data on the device or computer only should not be used. Servers (the cloud) no matter how secure they are claimed to be can be hacked as been proven many times now. People will say I have never had a problem storing data in the cloud maybe so that is true until it is too late.

seanmcnally

Terrific videos. Thanks for all the useful information.

WalterDonnelly

Does that create passwords that are XKCD936 compliant?  The example certainly wasn't.

MichaelBirks

Could A.I. figure out a way of un-encrypting the passwords?

monkeyseemonkeydo

Something more to remember:
1. Make sure your lastpass password is STRONG (like this: \}xp, 2M:\)&~nXLQuET9M!)
2. Use One time password when logging in from a computer you don't know that might be infected with a virus for example
3. Use multifactor authentication!! This way even if someone somehow gets access to your master password they still won't be able to login.

FilmereX

Soo... If I get the username and password to a person's LastPass accound, I can get ALL their passwords?
If someone gets my current password, they can only log in to a FEW amount of places.

LeviG

does it work for facebook and other social networking sites as well?

Rohil

Egh, this feels like an advert than advice.

NanoTechnicianHQ

There are several methods, including free grid-based challenge/response authentication available.

jeepien

Yes, because they are encrypted on that server, and not even the server-keepers can decrypt them. All encryption and decryption are done locally. The encrypted blob is sent over the Internet and stored.

JohnPaquette

Why keep this through a website, it is more secure if it could kept locally.

gdZyper

RoboForm - ten years and much more than passwords - safe notes, bookmarks, auto fill forms (name address, etc) and it is free unless you aere a heavy user.

HowardS

you should also tell people to create a password that is at least 11 characters long. even better 20 characters.

rzrblde