Due to the issues and news from Augustus/December 2022, we all know that our entries which are shown in a LastPass-app are saved as records in a storage. Some fields are encrypted, but not all. URL's and meta-data isn't encrypted. Due to this design, the data is valuable without spending time to decrypt.
In my opinion a whole vault of an user should be stored as 1 encrypted blob in the cloud. When blob(s) are stolen, it's worthless completely, till it's cracked.
Agreed. Although I understand you do need the password iteration count to not be encrypted.
This should be a requirement, not a feature, I’m leaving the platform after being a paying user on it for most of its existence because not all the data is encrypted and we are now at risk of targeted phishing attacks. I will consider returning only if this feature is implemented and a third party audit has been performed proving security measures have been implemented to better protect user data.
I would also encourage the encryption of the whole blob. I've put some sensitive information into the comment fields thinking that all this would be encrypted. I guess that is on me. If you want my continued subscription, I need you to encrypt all of it.
And I don't know if you do this or not, but you might just encrypt our encrypted blob with your own encryption. That way anyone getting our vault would have to crack your encryption AND then our encryption.
Thanks for listening.
The notes (or comments as you call them) on a password record are encrypted.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.