Joseph Videtto

How secure is LastPass?

03 Feb 2013
Chrome 24
03 Feb 2013 | Windows | Chrome 24

I realize I have to trust LastPass company to some degree, especially from the time I enter the “master password” to the time Lastpass enters another website’s password for me. But I have a few questions:

1.) Is there ‘testing’ I can do to look and see if any of the passwords are stored locally on my machine ?

2.) Does LastPass store any passwords (in encrypted form, of course) – locally on my machine ? Do other apps enable storing locally encrypted passwords, for example, as an alternative to the LastPass approach ?

3.) Is there a tool to let me watch what data LastPass sends over the network wire to ensure I don’t see any unencrypted passwords being sent out ? Especially something that lets me view the wire data in a human-readable format that would allow me to search a file for the unencrypted password, and hopefully, not find it in the outgoing network stream from the app ?

4.) How does LastPass protect from ‘keyloggers’ – or does it assume my antivirus software has covered this vulnerability (if so – what’s a recommended program or safety practice to avoid being hacked by keylogger software ?)

5.) Is it worth to pay the yearly subscription rate for LastPass, or is the free version adequate (if you know how to get the most out of it ?