sunshine_and_rain Wrote:I do like LastPass, but my only grumble is that I would prefer that I could set it up and use it without any interaction with LastPass servers. In short give the user/paying customer absolute control over how they want their passwords and account details handled.
We still may do this -- but the reason we haven't and aren't rushing into it is for 3 reasons:
- It removes one of our best features: painless synchronization
- The time frames to attack what we keep server side is so beyond over the top (AES-256) that the end of the universe is thrown around with conceivable technology advances. Even if there's major advances in every area needed to mount an attack the writing will be on the wall and we'll upgrade before that happens. Also we've have over a half million accounts before the end of the quarter -- no one cares about your impossible to recover data, that can nearly instantly be made useless just by changing your passwords.
- The number of people who care is low. Given that what we are doing is secure, why should they? This is probably the most important aspect because if there's not a payback it won't make sense for us to do.sunshine_and_rain Wrote:Encrypted E-Mail Company Hushmail Spills to Feds
http://rinf.com/alt-news/sicence-techno ... s-to-feds/
This is a great example, because it's exactly what LastPass has refused to do: offer ANY solutions that involve the encryption/decryption keys on our servers. We don't want this problem or this liability.sunshine_and_rain Wrote:As LastPass is in a US company and post 9-11, we have to assume we can place trust in a society that deploys warrantless wiretapping (http://www.eff.org/issues/nsa-spying) on a wholesale basis and legislation which has no protections for anyone deemed not be be a US citizen, or who is but outside it's borders, therefore allowing all forms of phone/internet wiretapping to be conducted with impunity.
The way we've setup the system we don't have the ability to do anything with data going over the wire.sunshine_and_rain Wrote:On yes, it might be worth noting that it you have a copy of a users backup file and assume it can only be accessed with 1) an account email address, 2) password and if enabled 3) a multi authenticate grid, remember that the the grid is not needed if you use PocketPass to access the backup file. Also, why does LassPass make it so difficult to keep a local copy/backup of passwords.... Does it like a design that created dependency on it's online services?
cawas Wrote:But it still doesn't do automatic backup, which would be ideal, since manual backups like the way this works are doomed to be outdated. This is only good if you're going offline before hand knowing it and remembering to export it prior to the event. Not a good backup solution, but so darn close to being one.
JoeSiegrist Wrote:cawas Wrote:But it still doesn't do automatic backup, which would be ideal, since manual backups like the way this works are doomed to be outdated. This is only good if you're going offline before hand knowing it and remembering to export it prior to the event. Not a good backup solution, but so darn close to being one.
I don't understand -- every time you login or use LastPass you're storing a copy of your encrypted data locally, acting as a perfectly up-to-date backup.
Cato2 Wrote:In the plugin, you can use Tools | Export To - this makes a local backup, either encrypted or unencrypted. If that's what you meant.
Users browsing this forum: No registered users and 7 guests