LastPass makes it easy to steal Passwords

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

LastPass makes it easy to steal Passwords

Postby dj942001990 » Sat Mar 28, 2015 10:54 pm

Ok so I know the title is kind of click-bait...ish but I just started using lastpass today and when installing it, it asks you if you want to import your passwords from that computer from your browsers, on the application you can click "view passwords" or something like that and it shows every password for every site you're a member of. This could be used on someone elses pc to see all their passwords which is a major hole in the security aspect (I know saved net passwords werent that secure in the first place, why make it easier?). Before you say, well anyone who lets you on their pc, its their fault, etc., something of that nature. I can use OPHcrack (time consuming, kinda) or Konboot (takes as long as it takes to boot a pc to get in) and grab every single password on the pc if I happen to have Lastpass on my flashdrive or even download it on the spot with internet connections available. I mean I may be wrong but another one of my friends (who knows nothing about pc I might add) asked about this when he first installed it(I wasnt paying attention then) and mentioned it today as I was installing while I was thinking the same thing. So if he can figure it out then chances are many others can. Please get back to me on this.
dj942001990
 
Posts: 2
Joined: Sat Mar 28, 2015 10:44 pm

Re: LastPass makes it easy to steal Passwords

Postby Lars » Sat Mar 28, 2015 11:49 pm

If anyone can get to your PC, they can find password stored in the browser.. as easy as scratching your behind.
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: LastPass makes it easy to steal Passwords

Postby jpenny84 » Sun Mar 29, 2015 12:17 am

What you are describing is a downfall or storing your passwords in Windows and/or the browsers. If LastPass can capture the data, other utilities can. That is why you're importing them into a secure password manager like LastPass, and changing them all to randomly generated passwords, if possible.
jpenny84
 
Posts: 8099
Joined: Tue Mar 06, 2012 9:10 pm

Re: LastPass makes it easy to steal Passwords

Postby dj942001990 » Sun Mar 29, 2015 9:52 am

jpenny84 Wrote:What you are describing is a downfall or storing your passwords in Windows and/or the browsers. If LastPass can capture the data, other utilities can. That is why you're importing them into a secure password manager like LastPass, and changing them all to randomly generated passwords, if possible.

it may be why I do that or why you guys do that but that doesn't mean everyone is going to use this program to protect themselves, as a matter of fact most people don't. This program will give someone the ability to easily with only this tool know every password that person uses and then save them for a later date in case that person wanted to break into other accounts and know how that person thinks and see if that person uses the same pass over and over. So while you're saying, "yea I mean you could anyways" why go and make it easier for them?
dj942001990
 
Posts: 2
Joined: Sat Mar 28, 2015 10:44 pm

Re: LastPass makes it easy to steal Passwords

Postby brantgurga » Tue Apr 07, 2015 10:05 am

It seems like you are misunderstanding where the security boundary is. That boundary is the user account regardless of operating system. This is not a Windows-only thing. That someone let you log onto their account is where the problem occurred. Had you logged into your own account on that system, you would only get your passwords that you already know. There is therefore no security compromise from Lastpass. You are in a situation where someone already let you through their locked door (you're in their account) or you are through your own locked door (you're in your own account). Lastpass is not facilitating breaking through a locked door. Were it doing so, that would be a problem. Rather, it is facilitating pulling items off a bookshelf once you are already through the locked door of the house.
brantgurga
 
Posts: 417
Joined: Wed Nov 04, 2009 10:37 am
Location: Indianapolis, IN

Re: LastPass makes it easy to steal Passwords

Postby davy49 » Wed Apr 08, 2015 7:43 am

Hi,
So are all of you stating that you feel that lastpass isn't very secure..hmmmm.
David :shock:
davy49
 
Posts: 101
Joined: Mon May 04, 2009 11:53 am
Location: USA-Texas

Re: LastPass makes it easy to steal Passwords

Postby Lars » Thu Apr 09, 2015 1:02 am

davy49 Wrote:So are all of you stating that you feel that lastpass isn't very secure..hmmmm.

If that is your take on our replies, you need to re-read them and if needed, ask for clarification. :idea:
Lars
 
Posts: 2580
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: LastPass makes it easy to steal Passwords

Postby Texan » Fri Apr 10, 2015 2:11 pm

I just started using LastPass and have the following questions:
While on a desktop and using the internet, is being logged in to LastPass while while connected to the internet puts your passwords up for grabs for hackers that may infiltrate your computer or other phishing attempts? Am i supposed to log in to LastPass long enough to enter secured sites then log out from LastPass for the remainder of the time while I am on the internet? I guess I am concerned that once logged in to LasPass anyone or phishing software may be able to retrieve my passwords while I'm logged in to LastPass. Am I being paranoid or is this reasonable concern?
Texan
 
Posts: 1
Joined: Fri Apr 10, 2015 1:15 pm

Re: LastPass makes it easy to steal Passwords

Postby jpenny84 » Sat Apr 11, 2015 10:53 am

Texan Wrote:I just started using LastPass and have the following questions:
While on a desktop and using the internet, is being logged in to LastPass while while connected to the internet puts your passwords up for grabs for hackers that may infiltrate your computer or other phishing attempts? Am i supposed to log in to LastPass long enough to enter secured sites then log out from LastPass for the remainder of the time while I am on the internet? I guess I am concerned that once logged in to LasPass anyone or phishing software may be able to retrieve my passwords while I'm logged in to LastPass. Am I being paranoid or is this reasonable concern?


As long as you are keeping your computer and antivirus updated, you shouldn't have to keep LastPass open for a minimal amount of time. In terms of phishing, LastPass has protection built in to prevent your password information from being transmitted to other sites.
jpenny84
 
Posts: 8099
Joined: Tue Mar 06, 2012 9:10 pm

Re: LastPass makes it easy to steal Passwords

Postby magaretanicholsxsi177 » Fri Oct 23, 2015 5:42 am

The chance is low and i have never experienced that before. Besides, It seems like you are misunderstanding where the security boundary is. That boundary is the user account regardless of operating system. This is not a Windows-only thing. That someone let you log onto their account is where the problem occurred. Had you logged into your own account on that system, you would only get your passwords that you already know.
magaretanicholsxsi177
 
Posts: 6
Joined: Thu Oct 22, 2015 2:38 am

Next

Return to Off Topic

Who is online

Users browsing this forum: No registered users and 8 guests