Re: [PLUG] Lastpass - friend of foe

Rich Freeman on 9 Jan 2017 05:04:47 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Lastpass - friend of foe

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Lastpass - friend of foe
Date: Mon, 9 Jan 2017 08:04:40 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=dopvyavAdd4vfWXGDFUrAJybW7A+dD/sTkvA+5nuKa8=; b=FtPfJB2J6m/pvbWBa84O0a2Wnglummvk6pWh5aC3ltUviYlN9fY8+tMZL9jSmoacHz m+T3tSh9C6VphRi7HFifPXVaEJPOyjva7AjJqjoe4rvc67aQk9IMJAqePooSSoJxqXZ1 VpC3SmAQd/adM4gCoNvK7IoFc6PXxNqNeeegijk+RfN9z/JrJg6Hs8WrFbMXuaPswp0L o1glyuowF02v2YSA+c8OLIk+t+//dBIBOE4VDKfAtJj2Oeb6HXJ6lI3kmNBJyeDdjwYM 84nTnWummV6aQeZntKMm21lSMFBXBgkC3lrsOxEbKQHQgpB//DAFJHQ+vctVszpbzjnE 9rrA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Mon, Jan 9, 2017 at 7:53 AM, Rich Kulawiec <rsk@gsp.org> wrote:
>
> Given that approach, how will LastPass know?

Presumably they have security monitoring.  A hacker would need to
compromise the client side, since the vaults are encrypted on the
server side.  A modified client being pushed out should be fairly
detectable.  Heck, somebody other than Lastpass could probably spot
that, not that anybody is necessarily looking.

And if you assume that somebody is able to push out modified clients
then I don't know why you'd trust something like Keepass more since
the same risk exists on your distro or Android Play.  Maybe you might
trust that if it were detected it would be more likely to be
announced, but so far Lastpass has been up-front about past security
issues and has taken conservative reactions even when it was not clear
that anything serious was compromised.

>
> This is the point where you should be sweating, getting off LastPass,
> and changing all your passwords as fast as you possibly can.
>

The problem is a general lack of alternatives.  I need something that
can handle form-filling passwords on:
1.  Chromium on Gentoo.
2.  Chrome on Windows, ChromeOS, and Android
3.  Ugh, IE/Edge on Windows which rarely is needed.
4.  Lots of random applications on Android.

I've yet to find a suitable substitute that covers all of these
options.  On android in particular I want the fields to be filled in,
not to switch to some application, copy a username, switch back,
paste, switch back, copy a password, switch back, paste.  Granted,
that is sometimes needed in lastpass as well but it is pretty rare.

If somebody could offer a comparable FOSS implementation I'd be more
than happy to use it.  I can take another look at Keepass but the last
time I checked they were still not a great option on Android or
ChromeOS.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Lastpass - friend of foe
  - From: Victor <plug@osquat.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Kulawiec <rsk@gsp.org>

References:
- Re: [PLUG] XKCD: Team Chat
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] XKCD: Team Chat
  - From: Andrew Libby <andrew.libby@gmail.com>
- [PLUG] Lastpass - friend of foe
  - From: Timothy Marion <timothy.marion@marion.systems>
- Re: [PLUG] Lastpass - friend of foe
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Lastpass - friend of foe
  - From: Christopher Barry <christopher.r.barry@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Lastpass - friend of foe
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Tim Allen <tim@peregrinesalon.com>
- Re: [PLUG] Lastpass - friend of foe
  - From: Rich Kulawiec <rsk@gsp.org>

Prev by Date: Re: [PLUG] Lastpass - friend of foe
Next by Date: Re: [PLUG] Lastpass - friend of foe
Previous by thread: Re: [PLUG] Lastpass - friend of foe
Next by thread: Re: [PLUG] Lastpass - friend of foe
Index(es):
- Date
- Thread