Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Let’s Talk About Lastpass

Become a Patron of Ask Leo! and go ad-free!

Transcript

Show Transcript

Podcast audio

Play

Keep Calm and LastPass On

28 comments on “Let’s Talk About Lastpass”

  1. I down loaded the newest version. First thing I noticed was the new interface. It sucks compared to the old one. It is not intuitive as before. I also had problems with LP not signing in correctly and it is noticeably slower. While I appreciate them fixing under the hood it doesn’t work or look as good as before.

  2. Hi Leo. We have been using LastPsass for several years now, well, ever since life got to be complicated because one needed to memorize so many passwords!
    Thank you for your video. We were not aware pf this vulnerability until I watched your video. We agree with you completely and remain confident with LastPass. In fact, it’s the only vault we’ve used.
    About a month ago I changed my LP password and horrors, forgat some of it! How could I retrieve my password? They did provide a way, through my cellphone!
    Way to go, LP!

  3. I like LastPass a lot, so thanks for the shot out for them. I also like what you shared about the importance of disclosure. I work in the medical device field and there is talk about importance of disclosure of cybersecurity vulnerabilities (see new FDA Guidance on Post-Market Cybersecurity, specifically ISAOs) and I think what you have here shows the benefit, and I may share with others.

  4. I agree I think Lastpass totally handed this bug very well., with over 350 passwords and secure notes in Lastpass all with unique passwords I feel even safer now. I still have a great faith in Lastpass and will continue to recommend it to family and friends.

  5. Leo,
    Thank you very much for this video. I have been using LastPass for three years now and I love it. When I heard about this breach, I got worried but had faith that they would fix it fast and they did. Thanks for reassuring me that this is a wonderful, safe program in which to save passwords. I have about 100 different passwords and I am so happy to learn that LastPass is safe once more.

  6. I have to say that I have been very frustrated with Lastpass’ ability to store multiple logins for the same site. In my experience, it is a hit or miss if it will work. I have more than one Amazon login stored but the only browser I can get that to work in is in Safari and for WordPress I have multiple logins and it fails miserably at allowing me to login with the stored information.

    • I have 25 WordPress logins. I’ve had problems when I had the link pointing to the comments page instead of the dashboard page.

  7. After 20 years online I’ve found that few sites are worth registering for if you can view them otherwise, I don’t have to communicate through almost all of them and I have a small group of websites I call home.

    Really, I have cats, and bicycles and stereo gear to keep running…and HOUSEWORK. I’m simply not about to die typing and I have no need of a cellphone. I DO have a small radio to listen to on my bike but I tend to ride without it.

    The internet is not my job or my life, it’s a reference point.

  8. Password Vaults:

    I use an Excel Spread Sheet. 3 columns: Account Name User ID and Password

    I assign a Password to the SS. I then copy it to a USB drive which is on my key chain for my house keys and car key. Always with me except when I’m sleeping.

    Simple and FREE. What’s the danger I’m exposed to, if any?

    • Someone stealing the thumbdrive and cracking Excel’s encryption. Depending on the version of Excel, that could be easy or hard.

      ALso, potential remnants in Windows temporary files and paging file as you open the spreadsheet.

  9. When I need to provide a password for a site, I have it generated by a program that makes a password of 40 characters long, chosen from a set of 200 different ones. I have Lastpass to remember it. Problem is that most sites don’t tell you the conditions they have for new passwords.

  10. I’ll being using LastPass for almost 10 years. I didn’t know about this incident until I got your email and I thank you for that. This incident will not change my mind to stop using it, for now. Like you said, every software is not 100 % secured. Windows, Apple and Linux OS, they all are not 100 % secured either and we still use them. I don’t use it everyday and when I do, I only use it for the sites that are saved in the vault.

  11. Thank you Leo for explaining about Last Pass and the recent ‘bug’, which I had not heard about. It is reassuring, however, to have it confirmed by a respected expert as yourself, that there is nothing to worry about, because of their impressive response. I am sure my Computer magazine ( which I shall not name) will love splashing an eye-catching headline about this LP bug on the cover of its next edition to capitalise! I shall continue to feel confident with Last Pass. Thanks.

  12. I read about the incident last week on a forum, but I didn’t panic. As far as I remember, in one of your past newsletters articles, you ask the question about what keeps one sleeping at night — I don’t remember exactly how the question was formulated— I had to bring LastPass as an example. I did say that I use LastPass (which I am still using, by the way) but I will never let it remember any password regarding my financial institutions, videlicet: two bank accounts an Paypal; and that was exactly in reference to the subject at hand.

    Like you, Leo, I trust LastPass and I will keep using it for the foreseeable future until they drop the ball as you put it. Thanks for the reassurance you gave in your video. It’s really comforting.

  13. Hi Leo,

    After reading the transcript of your Video, “Let’s talk about LastPass”, I listened to the Video – because of an obvious error in the transcript:

    The key word “don’t” is missing in the transcript which garbles the last sentence in the below excerpt.
    ” The bottom line, of course, is that all software has bugs. Every single piece of software that you’re using today has a bug in it somewhere. Anybody that claims otherwise, either is lying because they have an agenda to promote or they just understand software. ”

    Whatever program was used for this translation from Video to Text should be upgraded* to maintain the excellent quality of everything you generate.

    Regards,

    and many thanks for Ask Leo!

    Peter

    • Thanks for pointing out the typing mistake. We fixed it. …And the program used for the translation is a person. She’s pretty smart and has all her latest upgrades installed, so no updates needed! (Meant to be funny.)

  14. Hi Leo,

    The past two or three LastPass vulnerabilities that happened over the last 3 yrs or so I only found out about only through “Ask Leo”. I think LastPass should some how have an alert to all users about previous vulnerabilities and there fixes. Would this be feasible? What do you think.

    • Only if there’s something I need to DO, do I want them to broadcast anything. (And they’ve done this once – and while it wasn’t something everyone NEEDED to do, it was out of a sense of extra precaution relating to the specific problem at the time.)

      In this case there actually was nothing to do, as Lastpass updates itself as needed.

      Aside from that as long as they keep documenting things on their blog, I’m happy.

  15. The problem with lastpass…Apparently… It use to be 12 bucks… Reasonable…but login and now it’s 2 bucks a month. I use to use the free version of roboform. Then… After learning it well… And pretty happy with it…. They started to take away features what made it great. So I started paying…then they upped the price… I fear this is what is going to happen with lastpass and they already upped the price by 100%!

    Look, I know companies need to make money but… I feel two bucks really isn’t worth it. and… like I said, it’s just a matter of time before they start cranking that up… so… Best bet? Use Keepass — open source. Can’t go wrong … a bit of a learning curve but…. at least you know you want get rapped in the end and gotta start all over again.

    Would be nice, if google had an extension (free) you just donate what you want, kinda like adblock.. If you really love it, donate more or hate it… don’t donate anything.

      • I used to pay the $12 because it included a LastPass browser for Android. Now the free version includes the browser and none of the additional features are anything I’d use.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.