LastPass explained

The place for all kinds of software for all kinds of operating systems.

Moderator: Dposcorp

LastPass explained

Postposted on Thu Apr 10, 2014 3:30 pm

In light of all this HeartBleed stuff, can someone explain in layman's terms how LastPass (or something else similar) actually works. I currently use a handful of different passwords for all my accounts/logins, but it relies simply on my memory. I feel the need to use LastPass, but I just can't seem to wrap my brain around how it works.
Thanks for any insight or advice.
Corsair 650D | Corsair AX750 | MSI XPower Big Bang X58 | Intel i7-950 | Corsair Hydro Series H80i | MSI GTX670 OC PE | 12gb GSkill Ripjaws DDR3 1600 | WD Caviar Black 1TB w/ Win 7 64-bit | MS Reclusa Keyboard | Logitech MX518 | Asus VW246H & VW224U
RickyTick
Gerbil Elite
 
Posts: 581
Joined: Fri Aug 03, 2007 2:29 pm
Location: North Carolina

Re: LastPass explained

Postposted on Thu Apr 10, 2014 3:42 pm

Lastpass stores an encrypted blob on their website that's synced to any of your browsers and/or mobile devices using their service. They never see your plaintext, so in theory they're pretty proof against outside attack. Even though their site was vulnerable to Heartbleed, it didn't matter because all traffic between you and it is encrypted client-side with Javascript before being sent.

When you visit a site you've got an account on, the browser extension notices and can populate your user/pass into the login fields, and optionally automatically log in. It can also generate random passwords of any length and complexity, and automatically create entries in your vault when you create new accounts. You can also create "secure notes" storing things like your Wifi password, SSN, credit card numbers, insurance info, &c. Multiple types of multi-factor authentication are supported, including Google Authenticator, Yubikey (a USB stick with a keyfile), and a grid that you print off and carry in your wallet.

They've got a helpdesk with a bunch of FAQs and tutorial videos, etc.: https://helpdesk.lastpass.com/
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3189
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: LastPass explained

Postposted on Thu Apr 10, 2014 3:44 pm

LastPass doesn't really protect you against the Heartbleed threat per se, as any password uncovered by the exploit would still grant access to the account on that site, regardless of whether generated/managed by lastpass. What lastpass will do, is generate different passwords for websites/accounts, so that if one site is hacked and a password is compromised, it won't be the one you use for numerous other site.

Somewhat ironically, the laspass site was actually vulnerable to Heartbleed, at least a t first. However, I believe Lastpass employs additional encryption that would have prevented any compromising of user passwords.
cynan
Gerbil Elite
Gold subscriber
 
 
Posts: 831
Joined: Thu Feb 05, 2004 2:30 pm

Re: LastPass explained

Postposted on Thu Apr 10, 2014 3:45 pm

This is a little long but this is where I first heard of lastpass and it will give you everything you would need to know about lastpass. I am trying it out now for the first time and it seems pretty easy to use IMO. http://www.youtube.com/watch?v=r9Q_anb7pwg
toki
Gerbil
 
Posts: 25
Joined: Fri Nov 08, 2013 3:55 pm


Return to General Software

Who is online

Users browsing this forum: No registered users and 3 guests