Pinterest Stumbleupon Whatsapp

A new feature from LastPass will follow a database of breached accounts, and notify you immediately if your account on any website has been broken into. The new feature, called LastPass Sentry, is built on a cooperation with PwnedList, a company which aggregates leaked usernames and passwords from all over the web.

In order to notify users of breached accounts, Sentry will follow PwnedList’s list, searching for email addresses that match those stored in LastPass. If a match is found, LastPass will immediately notify the user via email that the account has been compromised, urging them to change the password for that account. If your account has been broken into, you can also use LastPass’s Security Challenge to check if you’ve used the same password for any other website.

Following recent mass breaches such as those on LinkedIn and Passwords Stolen From Last.FM, eHarmony And LinkedIn [Updates] Passwords Stolen From Last.FM, eHarmony And LinkedIn [Updates] The discovery of password security breaches at three popular sites has yet again reminded the web that using the same password for every site isn't a good idea. Passwords have been stolen from millions of... Read More , LastPass Sentry could be a really useful feature for those who constantly worry about account break-ins. Sentry will be available to all users, whether using the free version, premium version, or enterprise version. The new feature is an opt-out option, so if you really don’t want to be notified about these breaches, simply opt out of the emails.

What do you think of the new feature? Will it make you switch to LastPass?

Source: LastPass Blog


  1. suneo
    November 26, 2012 at 3:34 pm

    Lastpass autologin depends upon javascript enabled in the browse .It does not work with extensions such as Noscript .......

  2. Phil Blake
    October 1, 2012 at 6:31 pm

    I have read a lot online about security issues with lastpass just by doing a google search of the term "LastPass security breach". There are too many other password managers on the market to risk it. I recommend RoboForm.

    • Yaara Lancet
      October 2, 2012 at 12:42 pm

      Thanks Phil! LastPass seems to be a pretty decent product, but I don't use it either. I use KeePass, which is excellent.

  3. bonioloff
    September 24, 2012 at 5:30 am

    Wow, cool... LastPass is powerful app, you must have it..

  4. HLJonnalagadda
    September 23, 2012 at 8:56 am


  5. Vijaynand Mishra
    September 22, 2012 at 10:25 am

    Awesome Feature

  6. GodSponge
    September 21, 2012 at 4:59 pm

    Already use LastPass. I don't think I could live without it.

  7. scott pettersen
    September 21, 2012 at 4:35 pm

    You should say "IF" it is broken into. Not "When". Lol

  8. James Poole
    September 21, 2012 at 4:34 pm

    The sentry feature sounds nice, but how useful is it really? Once a listed account is broken into, isn't it too late (realistically) to save that account and whatever its password was protecting? Also, if I'm understanding this feature correctly, doesn't the Sentry add a potentially *huge* burden to LastPass? The program has been easy to use, largely bug-free, and reliable up to this point...I don't know much about this kind of software, but I worry that this stability is being put at risk by Sentry's need to constantly monitor and obtain feedback from 3rd parties in order to function. What about the legal risks/ramifications of this?

    • Yaara Lancet
      September 24, 2012 at 12:22 pm

      These are all good questions.

      It's true that sometimes it can be too late to save an account that's been broken into, but many times, these are not specific break ins into your account, but a leak of hundreds or thousands of passwords. When this happens, and you know your account details have been leaked, you can quickly go in and change your password before something even worse happens. It's more about these scenarios.

      As for how it will affect the program, I don't think it should have a huge effect. It's just monitoring a list and comparing to a database. If you're curious, you can try asking LastPass about this!

  9. josemon maliakal
    September 21, 2012 at 1:58 pm

    its an awesome feature

  10. Ales Mole
    September 21, 2012 at 1:33 pm

    I have no idea where to turn on this function or check for leaked passwords?

    • Yaara Lancet
      September 21, 2012 at 4:54 pm

      If I understood correctly, the service is on an opt-out basis, so it will be turned on as a default. If you're using the latest version of LastPass, I believe it should be activated.

  11. Xantes
    September 21, 2012 at 12:55 pm

    The notification IS NOT by all means a PROTECTION!
    So it's up to your database's password that's shielding your password database, indeed! Consequently as long as I depend by the password' strength KeePass is at least as good as LassPass. Since I have the freedom of expressing my personal opinion I wouldn't trade - so to say - KeePass on LastPass!

    • Yaara Lancet
      September 21, 2012 at 4:52 pm

      I actually use KeePass as well, and don't plan on switching. But this is still a pretty cool feature. Of course it's not protection, but it's nice to be notified immediately when a service you're using has been breached.

  12. flower king
    September 21, 2012 at 12:08 pm

    But lastpass is not storing any user info on their databases. Now I wonder how this feature works???

    • Bill
      September 21, 2012 at 4:50 pm

      That is a really good point...

    • Yaara Lancet
      September 21, 2012 at 4:51 pm

      LastPass can sync your database between multiple devices, so it must be stored somewhere. In any case, they can probably access the email address you used, if not the password itself, which is irrelevant in this case.

      • flower king
        September 21, 2012 at 11:09 pm

        Yes it is storing, but in well encrypted form. And they cannot decrypt it on their servers any of the user stored records. The decryption of the data happens on client machine. So i guess this feature of sending whenever account is breached - is slightly misinterpreted. I guess the feature might be when some one logs into their vault they can check for accounts breached at that point. I cant see any update on my account yet.

        • Yaara Lancet
          September 22, 2012 at 2:49 am

          Well, I'm not a huge LastPass expert, but as I understand it, they don't need access to more than your email address or addresses for this feature to work.

          As it's new, most of what I know is from what LastPass themselves provided. Once you get to use it, I'll be happy to hear more about how it might work.

  13. Selena
    September 21, 2012 at 11:41 am

    Dashlane has this feature too, I've been using it for a while and it's pretty awesome. I'm glad to see LastPass getting it too though!

Leave a Reply

Your email address will not be published. Required fields are marked *