Originally Posted by Finkface

Thanks for the explanation of complexity vs entropy. But doesn't lastpass just generate a random password for each site you give it, logging into it for you via the app or the browser extension? That satisfies entropy/complexity for sure, but if on a public machine or wifi connection (assuming not using the master password for lastpass and just using a one-off as described by antichef) there is really nothing to protect you from being hacked on whatever site you are using, is there? We all need to use public wifi at times so I guess the theory is that the hacker is only going to get that one, random password? They can drain your UA account but they won't get anything else, is that it? In which case, if I toughen up my system a bit to add in symbols etc, am I really at that much more risk than using Lastpass? If they are only going to get that one password, is there that much chance of them breaking my system?

I'm not being deliberately obtuse here, and not trying to argue the point, I am truly trying to learn. 99% of my internet use is on my home wifi. Am I not as secure as I could be using lastpass for those times I am using public wifi/friend machines? If they are going to get my UA password anyway, does it matter if it is a random one (lastpass) or a seemingly random one (mine) as both are used only for the UA site and they don't know that I have some type of a system by that one password?