topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday December 4, 2024, 10:22 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: LastPass - What are your thoughts?  (Read 33866 times)

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #25 on: September 30, 2013, 07:01 PM »
Thanks all :)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,069
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #26 on: October 01, 2013, 08:09 AM »
I've had some issues with Firefox not dropping down the menu when I want it occasionally

Not exactly surprising - I marvel at the fact Mozilla have ANY extension writers left given that they seem to break them without warning every three minutes.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,544
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #27 on: October 02, 2013, 05:39 PM »
+ 1 for LastPass - which I have been using since I started trialling it in June 2011. (FREE version - I don't need the paid version's features, but would be happy pay for it if I did.)

LastPass periodically seems to get improved/updated, and previous peculiar idiosyncratic features tend to get fixed.
I initially started trialling both LastPass and Xmarks. I had stopped using Xmarks because it started duplicating my bookmarks and I had to invest a lot of time in clearing the mess up. However, LastPass later acquired Xmarks, and I gather the two now work pretty seamlessly together.

By the way, if you have been running LastPass for a while, there is an adjustment you might need to make (for potentially improved security) - as per the LastPass account Help: (my emphasis)
LastPass also performs a large number of rounds of PBKDF2 server-side. This implementation of PBKDF2 client-side and server-side ensures that the two pieces of your data - the part that's stored offline locally and the part that's stored online on LastPass servers- are thoroughly protected:
     (screen capture image, not copied)

By default, the x number of rounds that LastPass uses is 5000. LastPass allows you to customize the number of rounds performed during the client-side encryption process. If you log in to LastPass, open your LastPass vault from the LastPass Icon, and launch Account Settings, you will see the "Password Iterations" field displaying the current number of rounds used for your account. Although 5000 is currently the default number of rounds, your number may be lower if your account is older.
___________________________
The notes on the account settings page recommend that you tweak up the round to 5000 if your setting is less.

As some kind of comparison, I wouldn't touch NortonIdentitySafe-v1 FREE with a bargepole though. (No trust.)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,069
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #28 on: October 03, 2013, 04:44 AM »
Thanks IainB - useful tip passed on. I have to say LastPass could do better at letting users (especially paid users) what changes they are making. How often do people sit and scrutinise settings for changes? Since updates are pretty much silent in most cases most people aren't aware of things changing over time.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #29 on: October 03, 2013, 05:16 AM »
Thanks Iain.  Momentary heart stoppage here when I increased the iterations (from 42? "Don't Panic" I guess) up to 5000 and it re-encrypted everything, then the vault showed up empty... they should have posted a note about needing to log back in afterward...  :P
vi vi vi - editor of the beast
« Last Edit: October 04, 2013, 05:28 AM by x16wda, Reason: <sigh> misspelling fix! »

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,544
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #30 on: October 03, 2013, 06:08 AM »
...Momentary heart stoppage here...
Same here!    ;D

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,775
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #31 on: October 04, 2013, 05:34 AM »
[...] I increased the iterations (from 42? "Don't Panic" I guess) up to 5000 [...]

Interesting. Mine was at 500.

oblivion

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 495
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #32 on: October 08, 2013, 02:07 AM »
[...] I increased the iterations (from 42? "Don't Panic" I guess) up to 5000 [...]

Interesting. Mine was at 500.
Ye gods. Mine was at 1. Now fixed. Agreed on the "they should communicate this stuff better" point -- and I AM a paid user.
-- bests, Tim

...this space unintentionally left blank.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #33 on: October 09, 2013, 10:35 PM »
Thanks Iain! Long-time LastPass Premium user and mine was at "1" also... I agree that LP lacks communication.

Thanks again!

Jim

Dirhael

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 387
    • View Profile
    • defreitas.no
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #34 on: October 11, 2013, 11:31 AM »
Been using LastPass (paid) for 2-3 years now across all of my devices (4x Android, 3x iOS, 3x Windows, 1x OSX, 1x Windows Phone) and I absolutely love it. About a year or so ago I also purchased a YubiKey (and later a YubiKey NEO with NFC support) to better secure my accounts. This setup works great with the exception of the iOS devices, as Apple apparently doesn't give a damn about NFC (it's mostly easy to work around though). For the Android devices and WP I just swipe the YubiKey across the back of the phones/tablet, enter my password and get access to what I need. On Windows/OSX I just plug it into a USB slot and "press" the button on the key when prompted. It appears to the OS as just another keyboard, so there's no installation to think of.

It's simple, secure and convenient. I wish they would give their mobile apps a face-lift (they look a bit outdated and beauty-challenged), but all the functionality I need is there and most importantly, it just works.
Registered nurse by day, hobby programmer by night.

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #35 on: October 17, 2013, 02:26 AM »
LastPass asked why I wasn't renewing my Premium Sub I use the app on my Tablet) and I replied:

I will be renewing later, but I am a Disability Pensioner and have had a lot of unexpected expenses recently! Also the exchange Rate was so high I had to wait for it to come down for other software.

I will be renewing later this year.

They replied:

Hello Lynette,

Thank you for reaching out. Please enjoy your extended Premium subscription, which is now due to expire 2014-09-25.

Best,


Can't get better service than that!  :D :Thmbsup: :Thmbsup:

oblivion

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 495
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #36 on: October 17, 2013, 05:39 AM »
They replied:
Hello Lynette,

Thank you for reaching out. Please enjoy your extended Premium subscription, which is now due to expire 2014-09-25.

Can't get better service than that!  :D :Thmbsup: :Thmbsup:
What astonishingly nice people. :)
-- bests, Tim

...this space unintentionally left blank.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #37 on: October 17, 2013, 08:46 AM »
Really cool :)

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #38 on: October 17, 2013, 09:11 PM »
Surprising, and extremely nice! WTG LastPass!

Jim

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #39 on: November 07, 2013, 04:14 AM »
 :Thmbsup:

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #40 on: November 07, 2013, 05:04 AM »
Interesting comment to an ArsTechnica article about Lavabit -
http://arstechnica.c...=1&post=25632941

Lachlan Hunt
BrianB_NY wrote:
mudlock wrote:
"Despite what anyone tells you, end to end encrypted e-mail is not possible in a webmail world."

Sure it is. Anything a stand-alone client can do, a browser can do....

Exactly. The author either doesn't understand that you can implement stuff client side (Javascript for example) or he is making the leap that because doing so could potentially be too slow (in execution cycles) to be usable equates to "not possible"


If you start doing the decryption with javascript, then there are a number of issues that make it impractical and not totally secure. The question of where the private key is stored still exists. For practical and usability reasons, it's most convenient for the service to maintain the keys on their servers. It's possible that those keys can be password protected to provide limited protection against snooping, but users are notoriously bad at picking good passwords. Alternatively, you have to find some way to let the user store the private key themselves, leaving them wholly responsible for keeping it secure and backed up.

But assuming you have a workable solution for private key storage, you also need a way for the browser to perform the decryption of the email content, which is separate from normal decryption performed as part of the SSL/TLS connection. If, as you suggest, this is done by some JavaScript in the page. Then that exposes a huge security hole.

If you give the JavaScript access to the key and the user's password for decrypting the key, then it is also possible for that script to send a copy of the password and/or decrypted key back to the server. You have to have a certain level of trust in the service provider that they won't do this. But, that is exactly what HushMail did, and they were forced to snoop the credentials of some specific users in order to turn over unencrypted emails to the authorities.

It's also, unfortunately, the approach taken by services like LastPass when you log in via the website, rather than the extention, or use their security check tool. Users have to trust that LastPass is never going to send any javascript for the purpose of stealing their credentials. But they could certainly do so if they were ordered to. They could theoretically even direct this malicious version of the script to a specific IP address or user account, so no-one else could possibly notice it.

[...]

(my emphasis)
Tom

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,775
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #41 on: November 07, 2013, 02:47 PM »
The latest LastPass extension version has an annoying feature enabled out of the gate, where it shows matching sites in the extension as if it were a number of notifications. Thankfully this is easily disabled from the options.

Unforunately, the latest mobile app version of LastPass has a similarly annoying feature which isn't so easily disabled. In the past, you were able to disable the built-in LastPass browser so that you could continue to use your device's preferred/default browser. The latest version has re-enabled the LastPass browser and adopted a "Tabbed" view. Interestingly, the tabbed view can be disabled on my phone, but not on my tablet. But the browser itself cannot be disabled. This results in annoying "what do you want to open this link in?" prompts. Even after selecting "Always" use my default browser, I still get prompted which one to use occasionally. But I think that's because of the way Android parses the links.

Overall I have been really happy with my LastPass experience and the service itself. That said, I don't want them to try to provide me with a browser on my mobile devices. I just want access to my password vault. That's all.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #42 on: November 08, 2013, 11:14 PM »
This results in annoying "what do you want to open this link in?" prompts. Even after selecting "Always" use my default browser, I still get prompted which one to use occasionally.
You've just solved a mystery for me.  I've never understood why LastPass appears along with my tablet's 3 browsers when I'm asked "What do you want to open this link in?"  I had no idea that LastPass had a browser.  Many thanks for clueing me in.

Like you, I'm quite pleased with LastPass, which I have used on my computers for five years or so and which I'm now also starting to use on my Nexus 7 tablet.  I do wish, though, that the LastPass folks had done more thinking and testing before they released the most recent update.  I suspect they now wish they had as well.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #43 on: November 08, 2013, 11:20 PM »
My biggest annoyance with LastPass on an iPad is actually not their fault, but Apple's. On my Android phone I use the Dolphin browser and it allows extensions not unlike Firefox in Windows. Install the LastPass extension and it fills login fields automatically or by clicking on the LP icon. Very convenient. On the iPad though extensions aren't permitted and so LastPass is not allowed to fill login credentials in any browser other than its own. So I must copy and paste my usernames and passwords manually. Of course since you can't show multiple windows at once this means opening one over the other and then vice versa. Just a PITA!

Jim

lotra

  • Participant
  • Joined in 2013
  • *
  • default avatar
  • Posts: 9
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #44 on: November 09, 2013, 08:39 AM »
Just another thanks to IainB for info, :up: I'm usually thorough about stuff like this, but this one I overlooked. I'm using Lastpass without any problems since 2010 and My number of "Password Iterations" was only 1, and when I've changed it to 5000 I've noticed that Firefox Lastpass addon is a little slower to login now, but I can live with that. :)

LastPass also performs a large number of rounds of PBKDF2 server-side. This implementation of PBKDF2 client-side and server-side ensures that the two pieces of your data - the part that's stored offline locally and the part that's stored online on LastPass servers- are thoroughly protected:
     (screen capture image, not copied)

By default, the x number of rounds that LastPass uses is 5000. LastPass allows you to customize the number of rounds performed during the client-side encryption process. If you log in to LastPass, open your LastPass vault from the LastPass Icon, and launch Account Settings, you will see the "Password Iterations" field displaying the current number of rounds used for your account. Although 5000 is currently the default number of rounds, your number may be lower if your account is older.
« Last Edit: November 09, 2013, 08:48 AM by lotra »

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #45 on: November 09, 2013, 10:21 AM »
Just another thanks to IainB for info, :up: I'm usually thorough about stuff like this, but this one I overlooked. I'm using Lastpass without any problems since 2010 and My number of "Password Iterations" was only 1, and when I've changed it to 5000 I've noticed that Firefox Lastpass addon is a little slower to login now, but I can live with that. :)

I've noticed LP acting slower lately also but wasn’t certain if it was the new version or the change to the iterations setting.

Thanks!

Jim

lotra

  • Participant
  • Joined in 2013
  • *
  • default avatar
  • Posts: 9
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #46 on: November 09, 2013, 11:14 AM »
I've noticed LP acting slower lately also but wasn’t certain if it was the new version or the change to the iterations setting.

Well, I guess it's only logical for it to be slower and it's also using more cpu cycles during encryption since its number of rounds is much bigger now.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #47 on: November 09, 2013, 12:00 PM »
I've noticed LP acting slower lately also but wasn’t certain if it was the new version or the change to the iterations setting.

Well, I guess it's only logical for it to be slower and it's also using more cpu cycles during encryption since its number of rounds is much bigger now.

I only got notification of an update (version 3) today per email - is that the new version you're talking about?
Tom

lotra

  • Participant
  • Joined in 2013
  • *
  • default avatar
  • Posts: 9
    • View Profile
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #48 on: November 09, 2013, 02:14 PM »
I only got notification of an update (version 3) today per email - is that the new version you're talking about?

Not me, I think it's safer to wait for a while, cause people are reporting many problems with this major version change.

oblivion

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 495
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: LastPass - What are your thoughts?
« Reply #49 on: November 09, 2013, 05:05 PM »
Not me, I think it's safer to wait for a while, cause people are reporting many problems with this major version change.
Most of the changes seem to be cosmetic -- and, once you get used to them, the lack of need to keep clicking up in the toolbar or the Lastpass icon, are reasonably good.

I haven't seen reports of problems but have experienced some of my own -- running Portable Firefox, on a portable HD under WinXP, the new popup-when-you-click-the-icon-in-the-form functionality comes up blank, and the option to do autofill from the main Lastpass menu is several clicks away. But it's okay on my other systems, and you can restore the previous functionality from the "notifications" setting so I'm not entirely sure waiting for bugfixes is necessary.

(I've reported the problems to LastPass and tried some of their suggestions to no avail; it's starting to look like it might be a conflict with another addon but I haven't got it pinned down yet.)

And, like I said, on my other systems 3.01 looks pretty solid. It's just a change in behaviour that rattles people a bit, I suspect.
-- bests, Tim

...this space unintentionally left blank.