I recently installed LastPass on my desktop PC. However, through one
of my other newsletters, or Googling, I caught an article regarding a suspected
security breach on LastPass fairly recently and I started reconsider the whole
cloud storage approach for specifically my password information. The
alternative I’m considering is Roboform. Now, I know from past newsletters
you’ve praised both software and I understand it’s also personal preference, but
what is your take on the breach and storing passwords away from your own
system? I look forward to your response.
Become a Patron of Ask Leo! and go ad-free!
LastPass security breach
Well, I’ll put it this way. I’m a heavy LastPass user.
So there are two things going one here:
1) If it’s the security breach that I’m thinking of, it wasn’t a breach at
The LastPass people saw what they considered ‘suspicious activity’ on their
network. There was never any confirmation that any kind of a breach had
actually happened. They took some proactive steps at that point to notify
everybody to say basically, you know, this probably isn’t a problem but you may
want to change your password.
In other words, they were being abundantly over cautious which I really
Now, the thing I like about LastPass is that your information is encrypted
on their servers. In fact:
2) It’s encrypted in a way that even they cannot recover:
you lose your password, you lose your LastPass.
The only time that LastPass information is decrypted is when it’s on your PC
and you’ve specified the correct password to perform that decryption. It’s one
of the things that really draws me to LastPass because that’s the level of
security I really appreciate.
Now, you’re thinking of replacing it with RoboForm. To be honest, it’s kind
of funny because RoboForm is a cloud solution, too.
RoboForm stores all of your information up in the cloud, so if it’s the cloud
that has you nervous, LastPass to RoboForm doesn’t really change anything.
RoboForm, like I said, is a cloud-based solution that is really similar to
I do not know their encryption strategy. I’m sure it’s good. I don’t know,
for example, if they were faced with a court order, “could” they decrypt stuff.
I really don’t know. I don’t think LastPass can, I honestly don’t know about
In terms of the features and the functionality of the two tools, I used
RoboForm for many years. I switched to LastPass a couple of years ago because I
really appreciate the openness of their security model and the security model
I don’t have a problem using either of them and, like I said, I’m not aware
of a security breach, a true security breach, for LastPass that would have me
concerned at all. So I’d use them both.
Keep using LastPass if you like it.
End of Answercast #17 Back to – Audio Segment