LastPass

thanksajdotcom

@scottalanmiller said:

@thanksaj said:

Also, I should add, that when HeartBleed came out, and sites like Facebook and Google were compromised, LastPass was unaffected because they were on a newer version. Just something to think about.

And they payload is encrypted, not the tunnel. LastPass isn't SSL.

True.

scottalanmiller

@Dashrender said:

@thanksaj said:

And they payload is encrypted, not the tunnel. LastPass isn't SSL.

Actually LastPass is both.

@thanksaj said:

Also, I should add, that when HeartBleed came out, and sites like Facebook and Google were compromised, LastPass was unaffected because they were on a newer version. Just something to think about.

And I'm pretty sure they were affected, but it didn't matter since they use their own encryption on the endpoint before sending to the cloud.

LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug.
http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

Their website was affected, but not the application, AFAIK, which I think uses AES256.

thanksajdotcom

@scottalanmiller said:

@Dashrender said:

@thanksaj said:

And they payload is encrypted, not the tunnel. LastPass isn't SSL.

Actually LastPass is both.

@thanksaj said:

Also, I should add, that when HeartBleed came out, and sites like Facebook and Google were compromised, LastPass was unaffected because they were on a newer version. Just something to think about.

And I'm pretty sure they were affected, but it didn't matter since they use their own encryption on the endpoint before sending to the cloud.

LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug.
http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

Their website was affected, but not the application, AFAIK, which I think uses AES256.

That's what I believe to be the case.

JaredBusch

I have used LastPass since December 2008 and I have been a Premium subscriber since December 2009 when I first got an iPhone.

The service absolutely rocks and security is completely serious. Everything is encrypted locally prior to transmit so even on a insecure line you have security around your password.

I personally know 3 passwords. LastPass master password, my gmail password for my main account, and my bank account password. All three of those passwords are more than 16 characters long and more than jsut letters and numbers.

For the rest, they are random and were generated by LastPass.

technobabble

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Carnival Boy

I didn't get on with LastPass. I'm a KeePass man. The main issue being the lack of an official iOS app for KeePass - I'm reluctant to trust 3rd party apps.

scottalanmiller

KeePass is nice because it is free! It is really great as well.

thanksajdotcom

@Carnival-Boy said:

I didn't get on with LastPass. I'm a KeePass man. The main issue being the lack of an official iOS app for KeePass - I'm reluctant to trust 3rd party apps.

Just cause you're paranoid doesn't mean they aren't out to get you...:P

thanksajdotcom

@scottalanmiller said:

KeePass is nice because it is free! It is really great as well.

KeePass is good. I just like the cloud factor to LastPass.

thanksajdotcom

@thanksaj said:

@scottalanmiller said:

KeePass is nice because it is free! It is really great as well.

KeePass is good. I just like the cloud factor to LastPass.

I know some people keep their KeePass in their Dropbox or that, but I actually originally signed up for LastPass because they had a Windows 8 Phone app, which most don't.

Carnival Boy

I keep my KeePass databases in OneDrive.

thanksajdotcom

@Carnival-Boy said:

I keep my KeePass databases in OneDrive.

Same difference. You keep it in a cloud storage app of one kind or another.

Carnival Boy

I know. I was just saying what I do.

thanksajdotcom

@Carnival-Boy said:

I know. I was just saying what I do.

Yup. We're good.

Dashrender

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

thanksajdotcom

@Dashrender said:

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

I've seen with some sites, usually proprietary stuff, where LastPass doesn't interface well. It might fill in the password but not the username, or things like that. Annoying but they are few and far between enough that I just deal with it.

coliver

@Dashrender said:

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

I've had that issue on a few sites. The best way to get around it that I've seen is to disable autofill on all accounts of the site in question.

thanksajdotcom

@coliver said:

@Dashrender said:

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

I've had that issue on a few sites. The best way to get around it that I've seen is to disable autofill on all accounts of the site in question.

Yup. And auto-login if you had it on.

Dashrender

@thanksaj said:

@coliver said:

@Dashrender said:

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

I've had that issue on a few sites. The best way to get around it that I've seen is to disable autofill on all accounts of the site in question.

Yup. And auto-login if you had it on.

Yeah I avoid auto-login, but I like the autofill - so I'm keeping that one.

thanksajdotcom

@Dashrender said:

@thanksaj said:

@coliver said:

@Dashrender said:

@technobabble said:

Thanks everyone, I will be able to explain why LastPass is safe. I personally plan to upgrade so I can have it on my phone. I have a problem with one site, my hosted WHMCS billing platform. LastPass tries to override every user pass area on the program with my login to the program.

Yeah I've run into this problem with a few different sites. When I create a new user in our EHR it always enters my password, so I have to delete it, etc, etc.

Also, when our EHR times out, for some reason the entered information by lastpass never works - I always have to fully log out of the page, and log back in, yeah it takes about 3 extra seconds, I just live with it.

I've had that issue on a few sites. The best way to get around it that I've seen is to disable autofill on all accounts of the site in question.

Yup. And auto-login if you had it on.

Yeah I avoid auto-login, but I like the autofill - so I'm keeping that one.

I have auto-login for a few things but most are just auto-fill.