Personal computing discussed

Moderator: Dposcorp

Gerbil Elite
Topic Author
Posts: 705
Joined: Fri Aug 03, 2007 2:29 pm
Location: South Carolina

LastPass explained

Thu Apr 10, 2014 3:30 pm

In light of all this HeartBleed stuff, can someone explain in layman's terms how LastPass (or something else similar) actually works. I currently use a handful of different passwords for all my accounts/logins, but it relies simply on my memory. I feel the need to use LastPass, but I just can't seem to wrap my brain around how it works.
Thanks for any insight or advice.
Corsair 450D | EVGA SuperNova G3 650W | Asus Z270 Prime-A | Intel i7-7700K | Cryorig H7 | MSI GTX1070 Gaming X 8G | 16gb GSkill TridentZ DDR4 3200 | Crucial MX300 M.2-2280 1TB w/ Win 10 64-bit | Corsair K70 Rapidfire | Logitech G502 | Asus VW246H
Grand Gerbil Poohbah
Posts: 3800
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: LastPass explained

Thu Apr 10, 2014 3:42 pm

Lastpass stores an encrypted blob on their website that's synced to any of your browsers and/or mobile devices using their service. They never see your plaintext, so in theory they're pretty proof against outside attack. Even though their site was vulnerable to Heartbleed, it didn't matter because all traffic between you and it is encrypted client-side with Javascript before being sent.

When you visit a site you've got an account on, the browser extension notices and can populate your user/pass into the login fields, and optionally automatically log in. It can also generate random passwords of any length and complexity, and automatically create entries in your vault when you create new accounts. You can also create "secure notes" storing things like your Wifi password, SSN, credit card numbers, insurance info, &c. Multiple types of multi-factor authentication are supported, including Google Authenticator, Yubikey (a USB stick with a keyfile), and a grid that you print off and carry in your wallet.

They've got a helpdesk with a bunch of FAQs and tutorial videos, etc.:
Hakkaa päälle!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|SanDisk Ultra II 480GB|1988 Model M|Saitek X-45|Logitech MX 518 & F310|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
Gerbil Elite
Posts: 973
Joined: Thu Feb 05, 2004 2:30 pm

Re: LastPass explained

Thu Apr 10, 2014 3:44 pm

LastPass doesn't really protect you against the Heartbleed threat per se, as any password uncovered by the exploit would still grant access to the account on that site, regardless of whether generated/managed by lastpass. What lastpass will do, is generate different passwords for websites/accounts, so that if one site is hacked and a password is compromised, it won't be the one you use for numerous other site.

Somewhat ironically, the laspass site was actually vulnerable to Heartbleed, at least a t first. However, I believe Lastpass employs additional encryption that would have prevented any compromising of user passwords.
Gerbil Team Leader
Posts: 221
Joined: Fri Nov 08, 2013 3:55 pm

Re: LastPass explained

Thu Apr 10, 2014 3:45 pm

This is a little long but this is where I first heard of lastpass and it will give you everything you would need to know about lastpass. I am trying it out now for the first time and it seems pretty easy to use IMO.

Who is online

Users browsing this forum: No registered users and 3 guests