I recently installed LastPass on my desktop PC. However, through one
of my other newsletters, or Googling, I caught an article regarding a suspected
security breach on LastPass fairly recently and I started reconsider the whole
cloud storage approach for specifically my password information. The
alternative I’m considering is Roboform. Now, I know from past newsletters
you’ve praised both software and I understand it’s also personal preference, but
what is your take on the breach and storing passwords away from your own
system? I look forward to your response.
LastPass security breach
Well, I’ll put it this way. I’m a heavy LastPass user.
So there are two things going one here:
1) If it’s the security breach that I’m thinking of, it wasn’t a breach at all.
The LastPass people saw what they considered ‘suspicious activity’ on their network. There was never any confirmation that any kind of a breach had actually happened. They took some proactive steps at that point to notify everybody to say basically, you know, this probably isn’t a problem but you may want to change your password.
In other words, they were being abundantly over cautious which I really appreciate.
Now, the thing I like about LastPass is that your information is encrypted on their servers. In fact:
2) It’s encrypted in a way that even they cannot recover: you lose your password, you lose your LastPass.
The only time that LastPass information is decrypted is when it’s on your PC and you’ve specified the correct password to perform that decryption. It’s one of the things that really draws me to LastPass because that’s the level of security I really appreciate.
Now, you’re thinking of replacing it with RoboForm. To be honest, it’s kind of funny because RoboForm is a cloud solution, too.
RoboForm stores all of your information up in the cloud, so if it’s the cloud that has you nervous, LastPass to RoboForm doesn’t really change anything. RoboForm, like I said, is a cloud-based solution that is really similar to LastPass.
I do not know their encryption strategy. I’m sure it’s good. I don’t know, for example, if they were faced with a court order, “could” they decrypt stuff. I really don’t know. I don’t think LastPass can, I honestly don’t know about RoboForm.
In terms of the features and the functionality of the two tools, I used RoboForm for many years. I switched to LastPass a couple of years ago because I really appreciate the openness of their security model and the security model itself.
I don’t have a problem using either of them and, like I said, I’m not aware of a security breach, a true security breach, for LastPass that would have me concerned at all. So I’d use them both.
Keep using LastPass if you like it.
End of Answercast #17 Back to – Audio Segment