Personal computing discussed

Moderator: Dposcorp

Gerbil Elite
Topic Author
Posts: 723
Joined: Fri Aug 03, 2007 2:29 pm
Location: South Carolina

LastPass explained

Thu Apr 10, 2014 3:30 pm

In light of all this HeartBleed stuff, can someone explain in layman's terms how LastPass (or something else similar) actually works. I currently use a handful of different passwords for all my accounts/logins, but it relies simply on my memory. I feel the need to use LastPass, but I just can't seem to wrap my brain around how it works.
Thanks for any insight or advice.
Corsair 450D | EVGA SuperNova G3 650W | Asus Z270 Prime-A | Intel i7-7700K | Cryorig H7 | MSI GTX1070 Gaming X 8G | 16gb GSkill TridentZ DDR4 3200 | Crucial MX300 M.2-2280 1TB | Corsair K70 Rapidfire | Logitech G502 | Asus ROG Swift PG279Q
Grand Gerbil Poohbah
Posts: 3932
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: LastPass explained

Thu Apr 10, 2014 3:42 pm

Lastpass stores an encrypted blob on their website that's synced to any of your browsers and/or mobile devices using their service. They never see your plaintext, so in theory they're pretty proof against outside attack. Even though their site was vulnerable to Heartbleed, it didn't matter because all traffic between you and it is encrypted client-side with Javascript before being sent.

When you visit a site you've got an account on, the browser extension notices and can populate your user/pass into the login fields, and optionally automatically log in. It can also generate random passwords of any length and complexity, and automatically create entries in your vault when you create new accounts. You can also create "secure notes" storing things like your Wifi password, SSN, credit card numbers, insurance info, &c. Multiple types of multi-factor authentication are supported, including Google Authenticator, Yubikey (a USB stick with a keyfile), and a grid that you print off and carry in your wallet.

They've got a helpdesk with a bunch of FAQs and tutorial videos, etc.:
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
Gold subscriber
Graphmaster Gerbil
Posts: 1093
Joined: Thu Feb 05, 2004 2:30 pm

Re: LastPass explained

Thu Apr 10, 2014 3:44 pm

LastPass doesn't really protect you against the Heartbleed threat per se, as any password uncovered by the exploit would still grant access to the account on that site, regardless of whether generated/managed by lastpass. What lastpass will do, is generate different passwords for websites/accounts, so that if one site is hacked and a password is compromised, it won't be the one you use for numerous other site.

Somewhat ironically, the laspass site was actually vulnerable to Heartbleed, at least a t first. However, I believe Lastpass employs additional encryption that would have prevented any compromising of user passwords.
Gerbil Team Leader
Posts: 240
Joined: Fri Nov 08, 2013 3:55 pm

Re: LastPass explained

Thu Apr 10, 2014 3:45 pm

This is a little long but this is where I first heard of lastpass and it will give you everything you would need to know about lastpass. I am trying it out now for the first time and it seems pretty easy to use IMO.

Who is online

Users browsing this forum: No registered users and 3 guests