LastPass Finally Showing Its Revenue Plans? Credit Monitoring? Bah...

[J-Mac]

Here we go. I've been a "Premium" subscriber to LastPass almost from the start but it looks like I will now be hunting for another password manager very soon. After I opened Firefox this morning a page opened announcing that LastPass had been updated and was now also offering..... credit monitoring?! WTF!

First of all, IMO credit monitoring is a huge fraud itself. It doesn’t really protect people at all; it just funnels even more money to the organizations that cause a lot of the credit fraud in the first place: the credit reporting companies. Credit monitoring alerts you AFTER someone has fraudulently opened an account in your name. What it does not do is prevent it in the first place. And in many cases the fraud perpetrator used information garnered from that same credit reporting company you're paying for the monitoring service. What a racket! These are the same companies that sell you a peek at your credit report for $10 - $12 but sell that same report to corporations for about $0.20! Yeah, I trust them almost as much as that Nigerian guy who has $11,438,00 waiting for me as soon as I send him my bank account number.

Why the hell does LastPass think I would want them to push credit monitoring on me? This is apparently part of their plan to extract some more of my money from me. Makes me wonder what's next... a "free" coupon printer from Coupons.com?

I wish Keepass had a viable password filler function. OK, so who wants to start recommending good password managers to me? Oh no... does this mean I will shortly be crawling back to Siber Systems? I think I am going to throw up... 

Jim

[40hz]

Suggestion: Use Keypass and save a synced copy of your encrypted database to a Dropbox account if it needs to be completely accessible from anywhere on any machine. (Can't imagine why since that introduces its own security risks, but there are people who insist that's important to them.) Or, alternatively, store it exclusively there. Put it in a Truecrypt container under Dropbox if you're exceptionally paranoid.
 

[J-Mac]

Thanks 40hz.

Not exceptionally paranoid yet - but it feels like I'm working on it!

BTW, I've considered that but I do have some trepidation about Dropbox - they really do seem more geared toward sharing and not so much on privacy/security. Also. I'd have to go to copy/paste I think; Keepass doesn’t do form-filling well. At least it didn't the last time I tried it. Maybe they've gotten better.

One more thing I need to do - get all the logins I have added recently to LP and get them into Keepass. I initially made sure they were identical but adding stuff on the fly to LP was easy; replicating that same info to Keepass not as easy. I know there's stuff that never made it into KP.  Whatever I do I think it will be a lot of manual entry.   

Thanks again!

Jim

[40hz]

Thanks 40hz.

Not exceptionally paranoid yet - but it feels like I'm working on it!

BTW, I've considered that but I do have some trepidation about Dropbox - they really do seem more geared toward sharing and not so much on privacy/security. Also. I'd have to go to copy/paste I think; Keepass doesn’t do form-filling well. At least it didn't the last time I tried it. Maybe they've gotten better.

One more thing I need to do - get all the logins I have added recently to LP and get them into Keepass. I initially made sure they were identical but adding stuff on the fly to LP was easy; replicating that same info to Keepass not as easy. I know there's stuff that never made it into KP.  Whatever I do I think it will be a lot of manual entry.   

Thanks again!

Jim

-J-Mac (June 19, 2012, 12:30 PM)

It's a hassle. But I eventually bit the bullet and did it. More out of simple cussedness than necessity perhaps, but I admit I have (possibly unjustified) trust issues with online password stores.

Form fill is a buggy experience with KeyPass to be sure. I've mostly given up on using it, but that's the price I pay for refusing to deal with something like LastPass. So be it.

Dropbox doesn't share if you don't tell it to. They're even dropping the default supplied Public folder for a much more restrictive and formal file sharing process for all new accounts.

FWIW, I only sync my heavily encrypted pwl-database to Dropbox. I run it off a USB key in portable mode for day  to day use. This is my security key so it also uses Truecrypt to keep everything well hid should I ever lose it. I debated installing some sort of autodestruct mechanism on it but decided it was more effort than it was worth since I commit any of my really important passwords (bank account, Amex, etc.) to memory anyway. Not hard if you follow this suggestion courtesy of "Randall" over at xkcd - and which has been previously posted in different threads here at DoCo:

LastPass Finally Showing Its Revenue Plans? Credit Monitoring? Bah...

Luck!

[wraith808]

I use 1Password and have been very happy with it.

[Deozaan]

Yeah, I trust them almost as much as that Nigerian guy who has $11,438,00 waiting for me as soon as I send him my bank account number.

-J-Mac (June 19, 2012, 11:38 AM)

Oh man, you should get in touch with the Nigerian barrister who contacted me! He told me there was a lot more money than that waiting for me. Maybe I'll just do you a favor and send your details to him.

[Stoic Joker]

First of all, IMO credit monitoring is a huge fraud itself. It doesn’t really protect people at all; it just funnels even more money to the organizations that cause a lot of the credit fraud in the first place: the credit reporting companies. Credit monitoring alerts you AFTER someone has fraudulently opened an account in your name. What it does not do is prevent it in the first place. And in many cases the fraud perpetrator used information garnered from that same credit reporting company you're paying for the monitoring service. What a racket! These are the same companies that sell you a peek at your credit report for $10 - $12 but sell that same report to corporations for about $0.20! Yeah, I trust them almost as much as that Nigerian guy who has $11,438,00 waiting for me as soon as I send him my bank account number.

-J-Mac (June 19, 2012, 11:38 AM)

  Much the same goes through my head everytime I see one of those &$%#^$ Commercials on TV.

[J-Mac]

I use 1Password and have been very happy with it.

-wraith808 (June 19, 2012, 01:20 PM)

Thanks wraith. I remember looking at that back when I dropped Roboform but for some stupid reason I went with LastPass. I'll go take another look.

Jim

[J-Mac]

Yeah, I trust them almost as much as that Nigerian guy who has $11,438,00 waiting for me as soon as I send him my bank account number.

-J-Mac (June 19, 2012, 11:38 AM)

Oh man, you should get in touch with the Nigerian barrister who contacted me! He told me there was a lot more money than that waiting for me. Maybe I'll just do you a favor and send your details to him.

-Deozaan (June 19, 2012, 01:57 PM)

 

I have to say, my all-time favorite is the FBI agent - whose writing style seemed eerily similar to the Nigerian official! Him was coming to arrest me unless I sent...  well, you get it.   

Jim

BTW, here's the text of my FBI Warning Email: (Notice that near the end it warns me "...not to try any thing funny because you are been watched."    I love that email!

From:  FEDERAL BUREAU OF INVESTIGATION (FBI)
AGENT RONALD T. HOSKO. <[email protected]>
To:  undisclosed-recipients:

THIS IS THE (F.B.I)
FBI HEADQUARTERS IN WASHINGTON, D.C.
FEDERAL BUREAU OF INVESTIGATION
J. EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE,
NW WASHINGTON, D.C. 20535-0001
E=MAIL: ( [email protected])
FEDERAL BUREAU OF INVESTIGATION (FBI)

ATTENTION DEAR THIS IS THE FINAL WARNING YOU ARE GOING TO RECIEVE FROM ME DO YOU GET ME????
I HOPE YOURE UNDERSTAND HOW MANY TIMES THIS MESSAGE HAS BEEN SENT TO YOU?.

WE HAVE WARNED YOU SO MANY TIME AND YOU HAVE DECIDED TO IGNORE OUR E-MAILS OR BECAUSE YOU BELIEVE WE HAVE NOT BEEN INSTRUCTED TO GET YOU ARRESTED, AND TODAY IF YOU FAIL TO RESPOND BACK TO US WITH THE PAYMENT THEN, WE WOULD FIRST SEND A LETTER TO THE MAYOR OF THE CITY WHERE YOU RESIDE AND DIRECT THEM TO CLOSE YOUR BANK ACCOUNT UNTIL YOU HAVE BEEN JAILED AND ALL YOUR PROPERTIES WILL BE CONFISCATED BY THE FBI.

WE WOULD ALSO SEND A LETTER TO THE COMPANY/AGENCY THAT YOU ARE WORKING FOR SO THAT THEY COULD GET YOU FIRED UNTIL WE ARE THROUGH WITH OUR INVESTIGATIONS BECAUSE A SUSPECT IS NOT SUPPOSE TO BE WORKING FOR THE GOVERNMENT OR ANY PRIVATE ORGANIZATION.
YOUR ID WHICH WE HAVE IN OUR DATABASE BEEN SENT TO ALL THE CRIMES AGENCIES IN AMERICA FOR THEM TO INSET YOU IN THEIR WEBSITE AS AN INTERNET FRAUDSTERS AND TO WARN PEOPLE FROM HAVING ANY DEALS WITH YOU.

THIS WOULD HAVE BEEN SOLVED ALL THIS WHILE IF YOU HAD GOTTEN THE CERTIFICATE SIGNED, ENDORSED AND STAMPED AS YOU WHERE INSTRUCTED IN THE E-MAIL BELOW.
THIS IS THE FEDERAL BUREAU OF INVESTIGATION (FBI) AM WRITING IN RESPONSE TO THE E-MAIL YOU SENT TO US
AND AM USING THIS MEDIUM TO INFORM YOU THAT THERE IS NO MORE TIME LEFT TO WASTE BECAUSE YOU HAVE BEEN GIVEN FROM THE 3RD OF JANUARY.

AS STATED EARLIER TO HAVE THE DOCUMENT ENDORSED, SIGNED AND STAMPED WITHOUT FAILURE AND YOU MUST ADHERE TO THIS DIRECTIVES TO AVOID YOU BLAMING YOURSELF AT LAST WHEN WE MUST HAVE ARRESTED AND JAILED YOU FOR LIFE AND ALL YOUR PROPERTIES CONFISCATED.YOU FAILED TO COMPLY WITH OUR DIRECTIVES AND THAT WAS THE REASON WHY WE DIDN'T HEAR FROM YOU ON THE
3RD AS OUR DIRECTOR HAS ALREADY BEEN NOTIFIED ABOUT YOU GET THE PROCESS COMPLETED YESTERDAY AND RIGHT NOW THE WARRANT OF

ARREST HAS BEEN SIGNED AGAINST YOU AND IT WILL BE CARRIED OUT IN THE NEXT 48HOURS AS STRICTLY SIGNED BY THE FBI DIRECTOR.
WE HAVE INVESTIGATED AND FOUND OUT THAT YOU DIDN'T HAVE ANY IDEA WHEN THE FRAUDULENT DEAL WAS COMMITTED WITH YOUR INFORMATION'S/IDENTITY AND RIGHT NOW IF YOU ID IS PLACED ON OUR WEBSITE AS A WANTED PERSON, I BELIEVE YOU KNOW THAT IT WILL BE A SHAME TO YOU AND YOUR ENTIRE FAMILY BECAUSE AFTER THEN IT WILL BE ANNOUNCE IN ALL THE LOCAL CHANNELS THAT YOU ARE WANTED BY THE FBI.

AS A GOOD CHRISTIAN AND A HONEST MAN, I DECIDED TO SEE HOW I COULD BE OF HELP TO YOU BECAUSE I WOULD NOT BE HAPPY TO SEE YOU END UP IN JAIL AND ALL YOUR PROPERTIES CONFISCATED ALL BECAUSE YOUR INFORMATION'S WAS USED TO CARRY OUT A FRAUDULENT TRANSACTIONS, I CALLED THE EFCC AND THEY DIRECTED ME TO A PRIVATE ATTORNEY WHO COULD HELP YOU GET THE PROCESS DONE AND HE STATED THAT HE WILL ENDORSE, SIGN AND STAMP THE DOCUMENT AT THE SUM OF $400 USD ONLY AND I BELIEVE THIS PROCESS IS CHEAPER FOR YOU.

YOU NEED TO DO EVERYTHING POSSIBLE WITHIN TODAY AND TOMORROW TO GET THIS PROCESS DONE BECAUSE OUR DIRECTOR HAS CALLED TO INFORM ME THAT THE WARRANT OF ARREST HAS BEEN SIGNED AGAINST YOU AND ONCE IT HAS BEEN APPROVED, THEN THE ARREST WILL BE CARRIED OUT, AND FROM OUR INVESTIGATIONS WE LEARNT THAT YOU WERE THE PERSON THAT FORWARDED YOUR IDENTITY TO ONE IMPOSTOR/FRAUDSTERS IN NIGERIA LAST YEAR WHEN HE HAD A DEAL WITH YOU ABOUT THE TRANSFER OF SOME ILLEGAL FUNDS INTO YOUR BANK ACCOUNT WHICH IS VALUED AT THE SUM OF $10.500,000.00 USD.

I PLEADED ON YOUR BEHALF SO THAT THIS AGENCY COULD GIVE YOU THE 2011/02/16 SO THAT YOU COULD GET
THIS PROCESS DONE BECAUSE I LEARNT THAT YOU WERE SENT SEVERAL E-MAIL WITHOUT GETTING A RESPONSE FROM YOU, PLEASE BEAR IT IN MIND THAT THIS IS THE ONLY WAY THAT I CAN BE ABLE TO HELP YOU AT THIS MOMENT OR YOU WOULD HAVE TO FACE THE LAW AND ITS CONSEQUENCES ONCE IT HAS BEFALL ON YOU.YOU WOULD MAKE THE PAYMENT THROUGH MONEY GRAM TRANSFER OR WESTERN UNION MONEY TRANSFER WITH THE BELOW

DETAILS.
RECEIVER NAME ==== FRANK OBISI
COUNTRY========== NIGERIA
CITY============== LAGOS
TEXT QUESTION==== URGENT
TEXT ANSWER===== MATTER
AMOUNT=====$400 USD
SENDERS NAME======
SEND THE PAYMENT DETAILS TO ME WHICH ARE SENDERS NAME AND ADDRESS, MTCN NUMBER, TEXT QUESTION AND ANSWER USED AND THE AMOUNTSENT.

MAKE SURE THAT YOU DIDN'T HESITATE MAKING THE PAYMENT DOWN TO THE AGENCY BY TODAY SO THAT THEY COULD HAVE THE CERTIFICATE ENDORSED, SIGNED AND STAMPED IMMEDIATELY WITHOUT ANY FURTHER DELAY.
AFTER ALL THIS PROCESS HAS BEEN CARRIED OUT, THEN WE WOULD HAVE TO PROCEED TO THE BANK FOR THE TRANSFER OF YOUR COMPENSATION FUNDS WHICH IS VALUED AT THE SUM OF $10,500,000.00 USD WHICH WAS SUPPOSE TO HAVE BEEN TRANSFERRED TO YOU ALL THIS WHILE.
NOTE/ ALL THE CRIMES AGENCIES HAS BEEN CONTACTED ON THIS REGARDS AND WE SHALL TRACE AND ARREST YOU IF YOU DISREGARD THIS INSTRUCTIONS.

You are given a grace TODAY to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism, money laundering and drug trafficking charges, so be warned not to try any thing funny because you are been watched.
THANKS AS I WAIT FOR YOUR RESPONSE
RESPECTIVELY
AGENT RONALD T. HOSKO.
EMAIL: [email protected]
FEDERAL BUREAU OF INVESTIGATION (FBI)

[Deozaan]

Hilarious! 

[Carol Haynes]

Credit monitoring is only in the US and it is an optional 'service' - if you don't actively enable it nothing changes.

See: http://helpdesk.last...s-credit-monitoring/

[J-Mac]

Well... at first only the "premium" credit monitoring wasn’t active till you enabled it; free was automatic. Then they backed off after a lot of backfire. However my form-filler identity cards have the credit monitoring enable/disable checkbox on it. And it was checked by default right after the update this morning. wasn’t supposed to be but that's what I hate about this shit. It's that I now don’t trust the a-holes.

Jim

[Carol Haynes]

Can't really comment - it must be either using IP geo-referencing or, as I have a premium account, they must use my billing address because the tick box isn't even on my forms (even if I change to a US address in my profile).

[rjbull]

Here are a few I've noticed, but not tried:

• Password Depot by AceBIT GmbH
   Automated log-in to password protected websites due to full browser integration!
  
• Password Profiler 3
  Automate Log-Ons and Fill Forms Faster
  PC Magazine
  • Logs into Web sites automatically
  • Fills long registration and checkout forms quickly and easily
  • Saves logins to your favorite sites
  • Shares logins between IE and Firefox
  
• PassCrypt
  same author made PC Magazine's Password Profiler 3
  Auto-Fill Dialog
  This mini-dialog pops up whenever you visit a site that has saved form/password information. Just click the Fill Form button and you're ready to go.
  
• Sticky Password
  The only password manager and online form filler you‘ll need (sic)
  * login automatically to your favorite websites
  * fill-in online forms with one click
  

Password Depot has been mentioned on DC before.