Sudden & Serious Concern(s)

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, anatoly_LP, chantieLP, Israel, JoeSiegrist, robyn

Sudden & Serious Concern(s)

Postby TennZenn » Sat Jul 21, 2018 7:38 pm

Greetings, all:

After happily (and proudly) having utilized LP for a decade (or more?), I just now happened upon this article, and am now terribly concerned about my banking/account information (my $$$!!!!).

Can someone PLEASE help assuage my sudden fear(s) ... sions.html

Thanks in advance,
Posts: 2
Joined: Sat Jul 21, 2018 7:30 pm

Re: Sudden & Serious Concern(s)

Postby jpenny84 » Sun Jul 22, 2018 1:01 am

Form fills are user initiated and there is an additional confirmation before LastPass will fill a form into a site. Websites cannot simply scrape payment information contained in those profiles without your authorization. Simply exercise good practices to prevent phishing attacks and you'll be fine.
Posts: 8290
Joined: Tue Mar 06, 2012 9:10 pm

Re: Sudden & Serious Concern(s)

Postby FlyingHawk » Sun Jul 22, 2018 2:21 am

There were indeed two serious bugs in LastPass found by Tavis Ormandy last year, but both were fixed quickly.

No software can be free of bugs. The important thing is to see how much public scrutiny they face, and how positive and quick their responses are. LastPass has shown to be rather good on both metrics.

Another point in your linked article is that any browser based password manager cannot be trusted. This is a position held by a limited number of people in the infosec circle. The basis of this position is that browser extensions have a larger attack surface than a pure desktop application. While this basis is true, it doesn't make browser based password managers fundamentally insecure. It only means that there may be a higher chance of an exploitable bug in browser based password managers. This risk can be mitigated by public scrutiny, good development practice, and good browsing habits.

On the other hand, browser-based password managers are fundamentally more convenient. A convenient password manager that people actually consistently use is still better than an inconvenient (though theoretically lower risk) password manager that people don't use.
Posts: 708
Joined: Wed Mar 18, 2015 12:04 pm

Return to General Support & Troubleshooting

Who is online

Users browsing this forum: AdsBot [Google], Google Feedfetcher and 65 guests