Originally Posted by
nmenaker
Sure, I didn't mean to infer that lastpass was totally comprimised, just that THINGS are getting hacked, companies with credit cards, companies with emails and their associated passwords, etc. It would appear for the time being at least that if one wants to have essentially absolute security for documents, information, privacy, etc., it is best NOT to put it IN THE CLOUD as the cloud (which is just another word for INTERNET IMHO) has been shown to be vulnerable in many different ways. Direct access to servers, collocation breaches and hacking, third party CDN and application provider networks, etc.
Sure, everything is hackable. And local files are arguably no less so. Plus, with local files, what do you do when your hard drive crashes, or if you're using a different computer that doesn't have the file on it? My point is that an online service like LastPass, which from everything I can tell uses well-implemented procedures and standards, is as secure as your master password.
If you want absolute privacy, keep everything in your head and don't write anything down...but what will you do when they send you to Guantanamo?
to the point above about keepass and other locally stored master files, I have seen where people will LOCALLY ENCRYPT that file, which requires a constant direct LOCAL authentication when it requires access, but if the laptop or local file is compromised then it cannot be used by a third party. This can be done with services as well like the dropbox master file, the dropbox master storage location, etc., which means that even if it is compromised or they choose to turn it over to an authority organization via subpoena that it cannot be recovered or read.
Sure, fair enough. But nobody can use my LastPass info, since LastPass doesn't have my password. All the encryption/decryption happens on my computer. So it's the convenience of anywhere-access, and the security benefits you ascribe to local-only files. Seems like a win-win to me!
Tell you (or anyone) what: anyone who wants to try getting into my LastPass account is welcome to try. PM me for my email address logon. I'll tell you that it's a 9 character password with upper- and lowercase letters and at least one number.