Master password resetting

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Master password resetting

Postby iliko » Thu May 21, 2009 5:07 pm

Hello,

I was shocked when came across with this. It is not possible t reset my master password with current LastPass.
I will tell you story what happened. When I registred with lastpass I used another form filler which i was using for several years, so my password reminder did not fully coinside with password which my form filler specified. So I did not remeber my pasword. The reminder did not help me. Luckely I had my LastPass installed and save pasword checkbox was ticked on my office comp, otherwise I would loose everything.

Please do not tell me that resetting password is not possible due to security and encryption you have on them. Ther are many similar systems also applying encryption. I liked the system that is why I care.

Thanks a lot in advance.

Regards, Iliko.
iliko
 
Posts: 7
Joined: Thu May 21, 2009 4:58 pm

Re: Master password resetting

Postby JoeSiegrist » Thu May 21, 2009 10:35 pm

iliko Wrote:Please do not tell me that resetting password is not possible due to security and encryption you have on them. Ther are many similar systems also applying encryption. I liked the system that is why I care.


This is the case -- we REALLY don't actually have your password/encryption key -- we can't reset your password -- there is no similar system out there that is safe and can do this. We've been giving this a lot of thought and we can safely do something that's saved on your local computer combined with some data on our side to allow a reset but it's a large technical challenge to run this service with zero knowledge of your sensitive data.
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: Master password resetting

Postby iliko » Fri May 22, 2009 4:28 am

JoeSiegrist Wrote:
iliko Wrote:Please do not tell me that resetting password is not possible due to security and encryption you have on them. Ther are many similar systems also applying encryption. I liked the system that is why I care.


This is the case -- we REALLY don't actually have your password/encryption key -- we can't reset your password -- there is no similar system out there that is safe and can do this. We've been giving this a lot of thought and we can safely do something that's saved on your local computer combined with some data on our side to allow a reset but it's a large technical challenge to run this service with zero knowledge of your sensitive data.


Thanks for reply. You can use same technology as Fmarks does. See the quote from thier statement:


Encryption and Security

To encrypt your passwords, Xmarks uses the current state of the art AES 256-bit encryption algorithm. AES is a United States government standard and is recommended by National Security Adminstration (NSA) for encrypting classified information. See the AES Wikipedia entry for more details.

AES works by taking data that needs to be encrypted along with a secret PIN of your choosing, and then produces an encrypted result. It is strong enough to virtually guarantee that your encrypted data cannot be decrypted by a third-party, not even Xmarks. The biggest point of weakness is in the strength of the secret PIN that you choose. Xmarks recommends that you choose a PIN that is difficult to guess and contains a wide variety of different characters and numbers.

It works similar to public/private key principle. I can not beliwve it can not be done. All online shops, most online banks, free email systems who are also using encryption have ability to reset your password but you do not. At lest you should make stronger password reminder. It should reveal send me a link to reset (not to see as it is not possible)password ONLY if I succesfully answered several reminder questions.

Anyway it is just a feature request which would be nice to have.

Regards, Ilkin
iliko
 
Posts: 7
Joined: Thu May 21, 2009 4:58 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 23 guests