Bitcoin Forum
November 17, 2017, 07:54:26 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Is LastPass Good Enough  (Read 1230 times)
ventrabit
Newbie
*
Offline Offline

Activity: 22


View Profile
April 09, 2013, 03:37:26 AM
 #1

I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.

My bitcoins are scattered over several online wallets and trading accounts.

LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.

KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.

Is this safe? Can my LastPass account be compromised.

If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.

Thanks
1510948466
Hero Member
*
Offline Offline

Posts: 1510948466

View Profile Personal Message (Offline)

Ignore
1510948466
Reply with quote  #2

1510948466
Report to moderator
Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DarkPunk
Jr. Member
*
Offline Offline

Activity: 56



View Profile
April 09, 2013, 03:44:12 AM
 #2

I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.

My bitcoins are scattered over several online wallets and trading accounts.

LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.

KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.

Is this safe? Can my LastPass account be compromised.

If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.

Thanks

Short Answer:  If you trust LastPass, and your certain your PC won't be compromised in any other way, then your good.  A PC can always be compromised, and cookies/session can always be hijacked.  But both of those are inherent flaws of using any online wallet, LastPass or not.
Sage
Hero Member
*****
Offline Offline

Activity: 632


View Profile
April 09, 2013, 03:48:51 AM
 #3

HELL NO!

LastPass has already been hacked.

I use it, but only for websites of little consequence.  Never for anything vital.
Berghoff
Newbie
*
Offline Offline

Activity: 28


View Profile
April 09, 2013, 03:55:57 AM
 #4

That's your first mistake right there.  I transfer all coins off of those wallets immediately as soon as I can.  

As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string.  The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.  

So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass.  I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.  

Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.

And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.
Berghoff
Newbie
*
Offline Offline

Activity: 28


View Profile
April 09, 2013, 03:56:54 AM
 #5

HELL NO!

LastPass has already been hacked.

I use it, but only for websites of little consequence.  Never for anything vital.

They found odd behavior and immediately took steps to correct it.  I'm not aware of anyone who reported any accounts compromised.
segfault88
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 09, 2013, 04:00:23 AM
 #6

I like last pass, I trust it fairly well. The important rules are:

  • Use a STRONG master password.
  • Turn on the "Require password reprompt" feature for important/valuable sites.
  • Set the auto log off when idle feature.

A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use.

The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know).
ventrabit
Newbie
*
Offline Offline

Activity: 22


View Profile
April 09, 2013, 11:58:35 PM
 #7

That's your first mistake right there.  I transfer all coins off of those wallets immediately as soon as I can.  

As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string.  The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.  

So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass.  I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.  

Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.

And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.

Thanks. I have a lot to think about. I like how you store half the passwords, very clever.

I know storing in online wallets is not so good. I do have a paper wallet with a % there but I like to have some in online wallets and trading accounts for quick access and don't want all in one trading account just in case. I suppose i just have to keep minimal in online wallets/trade accounts and get more serious as btc and even ltc is big bucks now.

I'm lazy and get used to the way I do things but yeh i really have to make some changes.

Thanks again!!!
ventrabit
Newbie
*
Offline Offline

Activity: 22


View Profile
April 10, 2013, 12:02:21 AM
 #8

I like last pass, I trust it fairly well. The important rules are:

  • Use a STRONG master password.
  • Turn on the "Require password reprompt" feature for important/valuable sites.
  • Set the auto log off when idle feature.

A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use.

The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know).
Thanks for your info.

Why do you set the auto log off when idle? can someone access your pc and control it from their end? I understand about keyloggers and how a hacker can export files etc but can they do more?
rtgornik
Newbie
*
Offline Offline

Activity: 20


View Profile
April 24, 2013, 04:04:00 AM
 #9

Although I use lastpass, I do not use it for any financial transactions.

Having a totally centralized password database doesn't sit right with me.
Fluxbit
Newbie
*
Offline Offline

Activity: 18


View Profile
April 24, 2013, 05:36:49 AM
 #10

Steve Gibson knows his crypto and explains how LastPass works on his podcast: Security Now.  The review is on episode 256.

A link to the podcast:
http://twit.tv/sn256

A link to the transcript:
http://www.grc.com/sn/sn-256.htm

Spoiler: Gibson has nothing but positive things to say about LastPass.

17WkrCECEgtAn6vLYwfKsTJx96V4fKxBt5
zedicus
Hero Member
*****
Offline Offline

Activity: 798


🌟ATLANT ICO: 7/09/17🌟


View Profile
April 24, 2013, 05:49:50 AM
 #11

^^ + 1 for Steve he an old school assembly guru! hehe Smiley 


Lass pass is great.. I trust it but its just a layer of many. Dont use the default generated passwords.. daisy chain a few so you have long 50-100 passwords.. There are plenty of ways to secure youre pc dont depend on one.

......ATLANT......
..Real Estate Blockchain Platform..
                     ▄▄▄▄▄▄▄▄▄
                    ████████████░
                  ▄██████████████░
                 ▒███████▄████████░
                ▒█████████░████████░
                ▀███████▀█████████
                  ██████████████
           ███████▐██▀████▐██▄████████░
          ▄████▄█████████▒████▌█████████░
         ███████▄█████████▀██████████████░
        █████████▌█████████▐█████▄████████░
        ▀█████████████████▐███████████████
          █████▀████████ ░███████████████
    ██████▐██████████▄████████████████████████░
  ▄████▄████████▐███████████████░▄▄▄▄░████████░
 ▄██████▄█████████▐█████▄█████████▀████▄█████████░
███████████████████▐█████▄█████████▐██████████████░
▀████████▀█████████▒██████████████▐█████▀█████████
  ████████████████ █████▀█████████████████████████
   ▀██▀██████████ ▐█████████████  ▀██▀██████████
    ▀▀█████████    ▀▀█████████    ▀▀██████████

..INVEST  ●  RENT  ●  TRADE..
  ✓Assurance     ✓Price Discovery     ✓Liquidity     ✓Low Fees





███
███
███
███
███
███





███
███
███
███
███
███
███
███
███
███
███
███

◣Whitepaper ◣ANN ThreadTelegram
◣ Facebook     ◣ Reddit          ◣ Slack


███
███
███
███
███
███
███
███
███
███
███
███





███
███
███
███
███
███



John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1190


Will read PM's. Have more time lately


View Profile
April 24, 2013, 05:53:40 AM
 #12

Remember to use 2FA with last pass.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

BitFred
Member
**
Offline Offline

Activity: 96


View Profile
April 24, 2013, 06:09:24 AM
 #13

I recommend KeePass Password Safe.

keepass.info
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!