jpenny84 Wrote:It's single sign on. You log into LastPass, and the session authenticates you with the forum. There is no separate password. Your master password is not stored in a forum database.
Then it needs to be changed quick-smart!
. In that past you had a separate login/password. Now you're telling me that (probably) the same information that allows me to access my LP Vault in a web browser is being sent to software written by phpBB
. So by hacking and replicating this someone could gain access to my vault via a browser??
Sounds like an incredibly bad idea to me. My LP master password, and any session/authentication keys should be between LP and me - not some BB software full of holes.
I hope someone can tell me this is not the case.