cancel
Showing results for 
Search instead for 
Did you mean: 
New Contributor

How secure is a password manager like LastPass?

I use LastPass to store and use my passwords, so I don't have a copy of my secret word no matter if I need to keep track of four to five separate records for each day, and an extremely long secret key. How secure are the secret phrases like LastPass that administer to whatsapp gb or not? Didn't they make a state of frustration? They are attractive administrators to programmers. How can I confide in the individuals behind these regulators and their security components? I figured that an outsider (governments, organizations, etc.) would easily 'pay' and take all of my passwords. Are there any other arrangements that provide simple comparison regulators to use?

 

1 ACCEPTED SOLUTION

Accepted Solutions
LogMeIn Contributor

Re: How secure is a password manager like LastPass?

Hello,

 

LastPass implements AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud for your account. Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass.

 

The LastPass service features a vault, in which sensitive user data is stored and, based on utilization of a ‘zero-knowledge’ framework, accessed only by entering the user’s master password, which is not maintained in unencrypted form by LastPass -- LastPass does not store and cannot access this password. User data input via the LastPass web or mobile application is encrypted with the user’s unique key on their device and the AES-256 encrypted data is synced to LastPass for secure storage. The user can access and decrypt their data on demand with their master password – which occurs entirely at the user and device-level.

 

For more information, please see the LastPass Security model snapshot here: https://assets.cdngetgo.com/69/c0/2cef992e48eeba015c85312f16ce/lastpass-encryption.pdf or for detailed technical security information please see here: https://www.logmeininc.com/trust/resource-center?filter=LastPass




RachelO is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudos!

View solution in original post

2 REPLIES 2
LogMeIn Contributor

Re: How secure is a password manager like LastPass?

Hello,

 

LastPass implements AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud for your account. Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass.

 

The LastPass service features a vault, in which sensitive user data is stored and, based on utilization of a ‘zero-knowledge’ framework, accessed only by entering the user’s master password, which is not maintained in unencrypted form by LastPass -- LastPass does not store and cannot access this password. User data input via the LastPass web or mobile application is encrypted with the user’s unique key on their device and the AES-256 encrypted data is synced to LastPass for secure storage. The user can access and decrypt their data on demand with their master password – which occurs entirely at the user and device-level.

 

For more information, please see the LastPass Security model snapshot here: https://assets.cdngetgo.com/69/c0/2cef992e48eeba015c85312f16ce/lastpass-encryption.pdf or for detailed technical security information please see here: https://www.logmeininc.com/trust/resource-center?filter=LastPass




RachelO is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudos!

View solution in original post

New Contributor

Re: How secure is a password manager like LastPass?

I use LastPass to store and use my passwords, so I don't have a copy of my secret word no matter if I need to keep track of four to five separate records for each day, and an extremely long secret key. How secure are the secret phrases like LastPass that administer to whatsapp gb or not? Didn't they make a state of frustration? They are attractive administrators to programmers. How can I confide in the individuals behind these regulators and their security components? I figured that an outsider (governments, organizations, etc.) would easily 'pay' and take all of my passwords. Are there any other arrangements that provide simple comparison regulators to use?

 

I have used Lastpass forever and I am very happy with it. As long as you use a good password, 2FA and and don't do anything extraordinarily stupid, history seems to tell that you are safer with Lastpass than without it. I am well aware of the theoretical weaknesses but in practice it proved itself to be solid and well run.