How secure is LastPass?
Question by Joseph Videtto /

I realize I have to trust LastPass company to some degree, especially from the time I enter the “master password” to the time Lastpass enters another website’s password for me. But I have a few questions:

1.) Is there ‘testing’ I can do to look and see if any of the passwords are stored locally on my machine ?

2.) Does LastPass store any passwords (in encrypted form, of course) – locally on my machine ? Do other apps enable storing locally encrypted passwords, for example, as an alternative to the LastPass approach ?

3.) Is there a tool to let me watch what data LastPass sends over the network wire to ensure I don’t see any unencrypted passwords being sent out ? Especially something that lets me view the wire data in a human-readable format that would allow me to search a file for the unencrypted password, and hopefully, not find it in the outgoing network stream from the app ?

4.) How does LastPass protect from ‘keyloggers’ – or does it assume my antivirus software has covered this vulnerability (if so – what’s a recommended program or safety practice to avoid being hacked by keylogger software ?)

5.) Is it worth to pay the yearly subscription rate for LastPass, or is the free version adequate (if you know how to get the most out of it ?

Browse other questions & answers in the category ; tagged , , , ; or ask your own question.

Comments for this Question are closed.

If you are looking for help, please ask a new question.

We will be happy to help you!

Answers (17)
  • David

    Intuitive Password is a nice password manager, looks like a new service with all security features developed in mind. Check it out

  • Finnhs Hs


  • ha14

    LastPass 2.0 manages your passwords thoroughly and flexibly, with features that go way, way beyond the competition. Yes, it stores your encrypted data in the cloud, but it’s a very, very secure cloud.,2817,2406190,00.asp

    in order to get more protection on your desktop you can try antilogger like zemana.

  • salim benhouhou

    it’s 4 months now being using lastpass and i find it very useful and i have paid for it . it really worth it .

  • Oron Joffe

    Lastpass is as trustworthy as any company. That of course is not a guarantee that it’s good enough *for you*, but that’s the way it is. The passwords are encrypted en-route between your computer and the cloud (and they even support multifactor authentication for extra security), and the passwords are kept encrypted on their servers. Now, regarding our specific questions:

    1.) Given that the passwords will be encrypted, I don’t see what practical testing you could do to find out, but see next point.
    2.) I don’t think lastpass keeps a local copy (it kind of defeats the purpose!), but I’m not sure. Try contacting their tech. support and get an answer from them! There are many other products (including of course the browsers, but also keepass etc) which keep a local encrypted database of the passwords. These are inherently less secure since the database can be stolen and the passwords cracked at the hacker’s leisure (used to be a big problem with IE).
    3.) You could use a packet sniffer (they’re plenty about, just google the term) to monitor the traffic between your PC and lastpass’s address. I can’t imagine this would happen though. Lastpass exists on its reputation as a safe way to keep your passwords, and they say that they encrypt their transmissions; why would they transmit them in the clear?
    4.) There are several ways in which lastpass protects from keyloggers, the most obvious being the “screen keyboard” (, but the real benefit of a system like that is that once lastpass memorises your passwords, you’ll never need to type them again, so as long as your system was free of keyloggers to begin with, you are a lot safer than without it!
    5) Both are good for what they do, but how much the extra features are worth for you is something you’ll have to consider yourself.

  • Alex Schnapps

    5) With LastPass does not need a keyboard to enter login / password. Correspondingly, the keylogger will not to intercept anything.

  • Jacques Knipe

    I personally use 1Password because it doesn’t store your passwords in the cloud. I believe LastPass is very secure, but if their server get hacked billions of passwoords can easily be stolen. 1Password stores the password file on your local hdd, so there is little to no risk of passwords being stolen.
    It has desktop and android/iPhone versions

  • Switchblade Rebirth

    There have been rumors that LastPass’ was attacked of sorts, but I’d still trust it nonetheless.

    • Rob Hindle

      Yes “of sorts” is correct and not just rumours, LastPass acknowledge that there had been some suspicious activity and advised that as a precautionary measure (and good practise anyway) users with weak master passwords should change to stronger ones. What might have been stolen was heavily encrypted but underlines the risk of using a poor master password for your LastPass vault.
      “Heavily encrypted” doesn’t mean 100% secure, it means it takes an awful lot of processor power and time to decrypt – the longer and more complicated the password the longer it takes – maybe years even on the fastest computers we’ve got. If you heavily encrypt a widely used password like “letmein” there’s barely a need to even bother trying to decrypt it, it’s a rubbish password to start with.

  • Alan Wade

    I have used LastPass for a long time now and trust them 100%. There are no passwords stored on your computer at all.

Load 10 more
New comment

Please login to avoid entering captcha

Log In