| | | The "goodness of Last Pass" (or alternatives) ...
<< All this discussion about the goodness of Last Pass and I haven't seen a single mention of it recently being hacked >>
Perhaps you missed Gottfried's and Bicycle's June 16th posts to this board: Message 30109918 & Message 30110309
... or follow-ups by rel4490 and Gottfried: Message 30115995 & Message 30120350
... and yes I did change my very strong LastPass Master Password and stregthened some individual passwords after being advised by Lastpast of the June hack.
<< IMHO, any use of the cloud is dangerous, and the most dangerous of all is storage of your passwords there. >>
We all make usage of cloud storage and access.
Making a transaction at an ATM or at POS with a credit or debit card is potentially very dangerous.
Online computing is dangerous if You don't 'practice safe and secure computing' (and even if one does there is a hacker -- or many hackers -- lurking a step ahead.
Digital password managers are certainly many steps ahead of storing passwords in one's head or on paper.
Just using a digital password manager, in an of itself however, is insecure unless one takes steps to understand the capabilities of the application, and apply the best of them.
In my own (not so) humble (IM**HO) professional and personal opinion 'LastPass' is best of breed amongst secure password management applications although there are a few (but relatively few) good alternatives to choose from. I'm glad Josh introduced the subject here as it's an important one. I'll be interested to hear whether he chooses a cloud based our individual device based solution to his personal secure password storage and protection needs. I'm sure that whichever he chooses will be well thought out.
My personal computing usage (multiple DPE devices and many passwords) dictates my use of a cloud based solution capable of seamless and safe synchronization which LastPass excels at. LastPass servers are more secure than any of the 5 DPE they are used on despite steps I've taken to optimize their security. While I'm above average paranoid and skeptical of cloud computing the cloud can't be avoided and thanks to Microsoft, Google, our ISPs, and many others it is omnipresent and will rapidly become even more so. For those of us that are Microsoft Nutballs, Nadella will insure that.
I do happen to think that whether we store passwords only on our individual devices (properly secured) or with some of their elements on the devices (properly secured) AND on cloud servers is something we need to think through and make a decision on. Personal usage will dictate the most sensible decision unique to ourselves.
My own usage dictates a cloud based solution. I personally prune my password list for 5 devices every 3 to 6 months, but currently have 109 (many but all not necessarily unique) currently stored in and on LastPass and my soft copy backup files are in 'locked' folders on both my desktop devices with hard vaulted. Both of my daughters who live in different states have secure access to my Master LastPass password.
I do agree with you that "any use of the cloud is dangerous" but it's incumbent upon us as individuals to take steps to secure our DPE to minimize our risk and exposure. I personally do not agree that "the most dangerous of all is storage of your passwords there" and to the contrary.
Regards, - Eric L. - |
|
