a few things...

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

a few things...

Postby benneh » Wed Aug 27, 2008 7:51 pm

Hi, this looks like a nice program which could potentially replace my use of RoboForm, however first some questions:

1) Is this always going to be free? This question seems to have been avoided and I would have thought would qualify for your FAQ? Whilst this looks equivalent/possible better than roboform in some ways, if it's going to cost people money there is no compelling advantage.

2) You need to have an option for offline use where my passwords, encrypted or not, never get uploaded to you. All your arguments about strong crypto so it doesn't matter may be true today, but strong encryption today may not be so strong tomorrow. There is still issues with these passwords being hosted by you, even if that's not apparent for many years. Not having this option will limit many (of your more paranoid) users.

3) Oh yeah, and for makers of and promoters of security and passwords, you should really do something about your forums not allowing strong passwords. I tried to use a 32 character password and was told it was too long, this doesn't look good. Now there is nothing particularly secret here, but why use forums software which limits this?
benneh
 
Posts: 1
Joined: Wed Aug 27, 2008 7:44 pm

Re: a few things...

Postby JoeSiegrist » Wed Aug 27, 2008 10:49 pm

benneh Wrote:Hi, this looks like a nice program which could potentially replace my use of RoboForm, however first some questions:

1) Is this always going to be free? This question seems to have been avoided and I would have thought would qualify for your FAQ? Whilst this looks equivalent/possible better than roboform in some ways, if it's going to cost people money there is no compelling advantage.


We think we're bringing innovative ideas to the table that surpass roboform significantly e.g. password sharing, online access, Mac and Linux support, etc, etc.

That being said our focus is getting a quality product and a large user base, by treating users well. None of our plans involves charging you. We like the enterprise space, and potentially non obtrusive ads on LastPass.com, or easy sign-ups on LastPass.com, but nothing that would hurt our reputation or brand. We can commit that we're not going to pull the rug out on our existing userbase.

benneh Wrote:2) You need to have an option for offline use where my passwords, encrypted or not, never get uploaded to you. All your arguments about strong crypto so it doesn't matter may be true today, but strong encryption today may not be so strong tomorrow. There is still issues with these passwords being hosted by you, even if that's not apparent for many years. Not having this option will limit many (of your more paranoid) users.


Most of the compelling reasons to use LastPass is due to the online access. AES-256 is strong today, and tomorrow when a new encryption algorithm comes out that's had a few years for researchers to vet it we'll be offering to also encrypt your data with that. To quote NIST http://www.nist.gov/public_affairs/releases/aesq&a.htm they think AES has strong potential for 20 years, before it's feasible to mount an attack, and this is different than encrypting something incriminating -- you'll likely change your password by the time it's feasible to mount an attack, and then we'll have moved to something better than passwords as they stand today.

benneh Wrote:3) Oh yeah, and for makers of and promoters of security and passwords, you should really do something about your forums not allowing strong passwords. I tried to use a 32 character password and was told it was too long, this doesn't look good. Now there is nothing particularly secret here, but why use forums software which limits this?


Yeah we were a bit shocked at the dearth of good options from a security perspective in existing forum software.
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: a few things...

Postby radmoose » Sat Sep 20, 2008 10:00 pm

JoeSiegrist Wrote:None of our plans involves charging you.

Wow.. ya know, as he mention, you could put that in the FAQ. =) I searched around for almost 15 minutes to see what the plans were as I didn't want to invest my resources and then find out that I was going to be paying an antler and a hoof. "'o.-'"

benneh Wrote:You need to have an option for offline use where my passwords, encrypted or not, never get uploaded to you.

JoeSiegrist Wrote:Most of the compelling reasons to use LastPass is due to the online access.

Well, how about the OPTION of not sending you the info? While it is very compelling of a feature to sync and store, I can see his point.

JoeSiegrist Wrote:Yeah we were a bit shocked at the dearth of good options from a security perspective in existing forum software.

I was surprised that you went with phpBB instead of something like vBulletin.

OK.. now off to download lastpass =)
radmoose
 
Posts: 13
Joined: Sat Sep 20, 2008 9:47 pm

Re: a few things...

Postby skenliv » Sun Sep 21, 2008 9:22 am

I just registered to agree on what radmoose said about having this in the FAQ.

"None of our plans involves charging you. We like the enterprise space, and potentially non obtrusive ads on LastPass.com, or easy sign-ups on LastPass.com, but nothing that would hurt our reputation or brand. We can commit that we're not going to pull the rug out on our existing userbase"

It is important for MANY users and especially companies like mine, not to become locked in on a specific software.

Now im going to try out this software :)
skenliv
 
Posts: 8
Joined: Sun Sep 21, 2008 9:20 am

Re: a few things...

Postby JoeSiegrist » Mon Sep 22, 2008 9:39 am

skenliv Wrote:I just registered to agree on what radmoose said about having this in the FAQ.

"None of our plans involves charging you. We like the enterprise space, and potentially non obtrusive ads on LastPass.com, or easy sign-ups on LastPass.com, but nothing that would hurt our reputation or brand. We can commit that we're not going to pull the rug out on our existing userbase"

It is important for MANY users and especially companies like mine, not to become locked in on a specific software.

Now im going to try out this software :)


Added it to the FAQ, thanks.

Joe
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am


Return to Feedback

Who is online

Users browsing this forum: Bing [Bot], chuckbyram265, grizzly and 11 guests