LastPass changes
-
@Dashrender said:
I consider this more or less a non issue, since I'm not a free user.
I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements
Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.
-
@scottalanmiller said:
@Dashrender said:
I consider this more or less a non issue, since I'm not a free user.
I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements
Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.
I don't consider this situation on par with Lenovo. Did they tell us LMI would be free forever, then take it back? yeah. Does that rise to the level of Lenovo's breaking of the public trust, not in my mind.
-
El Reg just did a piece on the new changes:
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
I consider this more or less a non issue, since I'm not a free user.
I don't understand how that makes a difference. If you can't trust them, you can't trust them. It's about trusting that they stick to their agreements
Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc.
I don't consider this situation on par with Lenovo. Did they tell us LMI would be free forever, then take it back? yeah. Does that rise to the level of Lenovo's breaking of the public trust, not in my mind.
Why would it have to even approach the same level? Loss of trust is loss of trust. LMI, every day, decides to keep breaking the trust. Is it the same as having tried to steal data? Not at all. Can we trust them? Clearly not. No one suggested a similar level and I'm unclear why you feel it would need to be that bad before you would not hand over your passwords to someone that lies to you and treats you badly.
-
I switched over to Dashlane after LastPass' LMI acquisition and have been evaluating them since. I really like their interface and how easy it is to use, though having their program start with Windows took getting used to.
They provide easy ways to import data from other password managers - exporting my LastPass passwords was easy, and there's an option to import KeePass data as well which I have yet to try. They also have apps for iOS and Android so you can access your passwords on mobile if you'd like. Their browser plugins also seem to be a little more seamless than LastPass' IMO.
I ended up buying Dashlane Premium with no regrets so far. At this point I'm grateful for LMI's acquisition as it gave me the chance to evaluate other options
-
I've heard good things about Dashlane too.
-
I am still using keepass (for about 10 years). I use a master password and a key file. I have the encrypted DB file synced across all my systems and mobile devices using dropbox. Being that it is encrypted prior to being synced and stored "in the cloud", does this present a problem?
-
@WingCreative said:
I switched over to Dashlane after LastPass' LMI acquisition and have been evaluating them since. I really like their interface and how easy it is to use, though having their program start with Windows took getting used to.
They provide easy ways to import data from other password managers - exporting my LastPass passwords was easy, and there's an option to import KeePass data as well which I have yet to try. They also have apps for iOS and Android so you can access your passwords on mobile if you'd like. Their browser plugins also seem to be a little more seamless than LastPass' IMO.
I ended up buying Dashlane Premium with no regrets so far. At this point I'm grateful for LMI's acquisition as it gave me the chance to evaluate other options
Dashlane is more than 3 times the cost of LastPass though.
-
@wrx7m said:
I am still using keepass (for about 10 years). I use a master password and a key file. I have the encrypted DB file synced across all my systems and mobile devices using dropbox. Being that it is encrypted prior to being synced and stored "in the cloud", does this present a problem?
That is not any different than how Dashlan or LastPass work at a general level.
-
Right, but presumably, there is less risk associated with me having the control over decryption capability, would that be correct or am I missing something?
-
@wrx7m said:
Right, but presumably, there is less risk associated with me having the control over decryption capability, would that be correct or am I missing something?
Why do you think you have more control. Lastpass also does all encryption locally before sending any data to LP. Only an encrypted blob is sent to LP.
If you're on a computer that's never used LP before, the javascript that's in the page does local checking/verifying of your username/password before the blob is downloaded to you, and once it's there, it's decrypted only locally.
-
@Dashrender I thought it was managed on the back end on their site. Guess not. That's why I asked.
-
@wrx7m said:
@Dashrender I thought it was managed on the back end on their site. Guess not. That's why I asked.
Nah - only reason I trust it was because they, LP, never had/have access to your data.
-
@Dashrender I guess I got confused when everyone was crapping on them due to the acquisition by LMI.
-
@scottalanmiller did say
"Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."So it could be implied they could in the future.
-
@BRRABill said:
@scottalanmiller did say
"Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."So it could be implied they could in the future.
Yes - it could - but that seems very unlikely - Scott, myself and may other are pissed at LMI because they put a noticed that LMI free would be Free forever - and then they canceled the product less than a year later.
While this does suck, but that's not the same as them deciding that they are going to break security they have to weaken or defeat it. I think they would disappear quickly if they actually were found to be doing that.
-
@Dashrender said:
@BRRABill said:
@scottalanmiller did say
"Like their agreements not to decrypt your data, they agreement to take backups, their agreement to your privacy, etc."So it could be implied they could in the future.
Yes - it could - but that seems very unlikely - Scott, myself and may other are pissed at LMI because they put a noticed that LMI free would be Free forever - and then they canceled the product less than a year later.
While this does suck, but that's not the same as them deciding that they are going to break security they have to weaken or defeat it. I think they would disappear quickly if they actually were found to be doing that.
To YOU it is not the same, but I don't see why you think so. In both cases we are talking about a commitment that they go back on. In both cases it is about not being able to trust them. Why do you feel that lacking faith and trust in them is okay when it is your passwords but not okay when it is just a free service? The thing that sucks is the lack of trust and integrity, not that they don't offer the free service anymore. Talking about the lack of free distracts from the issue of trust.
-
If this was real life and you had a person in your town that was known for going back on their work and not being trustworthy. But then they offered to keep your data safe for you. Would you go "well they never lies about THIS issue" or "their general issues with integrity have never been around passwords before" and then trust them with your data?
Hell no. People you can't trust are people you can't trust. You don't get magical lines like this. Just because the data is critical and worth way more money doesn't mean that you can suddenly trust them when before you couldn't. It doesn't work that way.
-
Or let's try this conversation as an example...
CEO: "Who has access to our secure data?"
You: "Us and, of course, LMI."
CEO: "Ah yes, LMI, our security vendor. We can trust them with the keys to our company data?"
You: "Sure we can. I mean, they've been untrustworthy before and we have no reason to feel that they could be trusted now. They don't have a good track record or anything and they have general issues with integrity. But, you know, that was before we gave them our data so I'm sure we can trust them THIS TIME."
Suddenly it doesn't sound so unrelated, right?
-
The question begs to be asked... Whom do you now trust as an alternative to LMI for remote support for remote users?