A new feature from LastPass will follow a database of breached accounts, and notify you immediately if your account on any website has been broken into. The new feature, called LastPass Sentry, is built on a cooperation with PwnedList, a company which aggregates leaked usernames and passwords from all over the web.
In order to notify users of breached accounts, Sentry will follow PwnedList’s list, searching for email addresses that match those stored in LastPass. If a match is found, LastPass will immediately notify the user via email that the account has been compromised, urging them to change the password for that account. If your account has been broken into, you can also use LastPass’s Security Challenge to check if you’ve used the same password for any other website.
Following recent mass breaches such as those on LinkedIn and Last.fm, LastPass Sentry could be a really useful feature for those who constantly worry about account break-ins. Sentry will be available to all users, whether using the free version, premium version, or enterprise version. The new feature is an opt-out option, so if you really don’t want to be notified about these breaches, simply opt out of the emails.
What do you think of the new feature? Will it make you switch to LastPass?
Source: LastPass Blog
More articles about:
Hide 23 Comments
Dashlane has this feature too, I’ve been using it for a while and it’s pretty awesome. I’m glad to see LastPass getting it too though!
But lastpass is not storing any user info on their databases. Now I wonder how this feature works???
That is a really good point…
LastPass can sync your database between multiple devices, so it must be stored somewhere. In any case, they can probably access the email address you used, if not the password itself, which is irrelevant in this case.
Yes it is storing, but in well encrypted form. And they cannot decrypt it on their servers any of the user stored records. The decryption of the data happens on client machine. So i guess this feature of sending whenever account is breached – is slightly misinterpreted. I guess the feature might be when some one logs into their vault they can check for accounts breached at that point. I cant see any update on my account yet.
Well, I’m not a huge LastPass expert, but as I understand it, they don’t need access to more than your email address or addresses for this feature to work.
As it’s new, most of what I know is from what LastPass themselves provided. Once you get to use it, I’ll be happy to hear more about how it might work.
The notification IS NOT by all means a PROTECTION!
So it’s up to your database’s password that’s shielding your password database, indeed! Consequently as long as I depend by the password’ strength KeePass is at least as good as LassPass. Since I have the freedom of expressing my personal opinion I wouldn’t trade – so to say – KeePass on LastPass!
I actually use KeePass as well, and don’t plan on switching. But this is still a pretty cool feature. Of course it’s not protection, but it’s nice to be notified immediately when a service you’re using has been breached.
KeePass is a nice application.Has extensions for firefox as well.But couldn’t find extension for google chrome……..
Here you go:
https://chrome.google.com/webstore/detail/chromeipass/ompiailgknfdndiefoaoiligalphfdae
I have no idea where to turn on this function or check for leaked passwords?
If I understood correctly, the service is on an opt-out basis, so it will be turned on as a default. If you’re using the latest version of LastPass, I believe it should be activated.
its an awesome feature
The sentry feature sounds nice, but how useful is it really? Once a listed account is broken into, isn’t it too late (realistically) to save that account and whatever its password was protecting? Also, if I’m understanding this feature correctly, doesn’t the Sentry add a potentially *huge* burden to LastPass? The program has been easy to use, largely bug-free, and reliable up to this point…I don’t know much about this kind of software, but I worry that this stability is being put at risk by Sentry’s need to constantly monitor and obtain feedback from 3rd parties in order to function. What about the legal risks/ramifications of this?
These are all good questions.
It’s true that sometimes it can be too late to save an account that’s been broken into, but many times, these are not specific break ins into your account, but a leak of hundreds or thousands of passwords. When this happens, and you know your account details have been leaked, you can quickly go in and change your password before something even worse happens. It’s more about these scenarios.
As for how it will affect the program, I don’t think it should have a huge effect. It’s just monitoring a list and comparing to a database. If you’re curious, you can try asking LastPass about this!
You should say “IF” it is broken into. Not “When”. Lol
Already use LastPass. I don’t think I could live without it.
Awesome Feature
Finally.
Wow, cool… LastPass is powerful app, you must have it..
I have read a lot online about security issues with lastpass just by doing a google search of the term “LastPass security breach”. There are too many other password managers on the market to risk it. I recommend RoboForm.
Thanks Phil! LastPass seems to be a pretty decent product, but I don’t use it either. I use KeePass, which is excellent.
Lastpass autologin depends upon javascript enabled in the browse .It does not work with extensions such as Noscript …….