Is LastPass safe?

[raksrules]

What if we choose laptop as device type and also use it on mobile browser (may need to change the user agent to desktop)?

But then you cannot get that automatic popup in various apps on mobile to enter password and you will have to always copy paste the same from your browser. There will be no system wide integration.

 

[sauravghosh]

Switched just now to bitwarden, smooth process. Deleted lastpass account

Did you enable the autofill, drawover and other options in the settings on the app?

I didn't of course, I'm amateur. I thought most of these things were enabled by default, as I never had to even open Lastpass' settings.

Enabled the auto login thingy, but as for other options i need to check more.

 

[nRiTeCh]

But then you cannot get that automatic popup in various apps on mobile to enter password and you will have to always copy paste the same from your browser. There will be no system wide integration.

If thats the case then i'm ok as I only use LP on phone to manually see credentials and not using full fledged as like pc.

 

[TechNick]

Switch to Bitwarden already. I did last week and it is much more consistent with autofills.

 

[prime]

LastPass recently caused an uproar by announcing forthcoming changes to its pricing model that will effectively nerf the free tier, and now the company is in for some more bad news. According to a report published by German cybersecurity researcher Mike Kuketz (via The Register), the password manager uses seven third-party trackers that introduce potential security issues, prompting him to recommend LastPass users to switch to competitors.

Kuketz used Exodus Privacy to identify which third-party trackers the app uses, and he managed to find the following seven:

• AppsFlyer
• Google Analytics
• Google CrashLytics
• Google Firebase Analytics
• Google Tag Manager
• MixPanel
• Segment

LastPass analytics code raises questions about potential security issues

LastPass recently caused an uproar by announcing forthcoming changes to its pricing model that will effectively nerf the free tier, and now the company is

www.androidpolice.com

 

[alekhkhanna]

I am going to sound like a fool, but what is wrong with storing PWs in Chrome ? I know it's Google, but I trust Google more than Lastpass or any other company. Lastpass already had 2 breaches. I don't know if Google ever had one directly (from their servers), plus the password checkup feature keeps on nagging you if your password was ever exposed in a breach - it's a very nifty feature tbh (I know you can sign up on haveibeenpwned for this, but an in built tool is just easy, and more importantly, keeps on nagging you till you change your PW - which is the discipline most people lack).

 

[calvin1719]

I am going to sound like a fool, but what is wrong with storing PWs in Chrome ? I know it's Google, but I trust Google more than Lastpass or any other company. Lastpass already had 2 breaches. I don't know if Google ever had one directly (from their servers), plus the password checkup feature keeps on nagging you if your password was ever exposed in a breach - it's a very nifty feature tbh (I know you can sign up on haveibeenpwned for this, but an in built tool is just easy, and more importantly, keeps on nagging you till you change your PW - which is the discipline most people lack).

I'm not sure if it's more secure or private, but from a UX perspective, I personally don't like or use Chrome. Secondly, I find it better to have the password manager functionality not tied in to which browser I use.

Additionally, you can't use passwords stored in Chrome to fill in app logins on a phone.

Edit: I don't vouch for this article's accuracy, but it gives a pretty good overview of the shortcomings: https://www.allthingssecured.com/tips/password-security/is-chrome-password-manager-secure/

 

[sauravghosh]

I also use Chrome's auto fill feature. It's very convenient and it never failed once, whereas Lastpass kept failing me for one certain website's password which I had changed but Lastpass just was not able to auto fill the changed password and kept filling in the old password. Even manually checking showed me the old pass and yes, I did update the password upon change.

But one thing is as true as the existence of planet earth, despite me remaining a chrome user for several past years, there's not a single time it doesn't scream that how pathetic the performance of it is, on PC I mean obviously.

 

[nRiTeCh]

I also use Chrome's auto fill feature. It's very convenient and it never failed once, whereas Lastpass kept failing me for one certain website's password which I had changed but Lastpass just was not able to auto fill the changed password and kept filling in the old password. Even manually checking showed me the old pass and yes, I did update the password upon change.

But one thing is as true as the existence of planet earth, despite me remaining a chrome user for several past years, there's not a single time it doesn't scream that how pathetic the performance of it is, on PC I mean obviously.

Chrome is a piece of shit.. its like a OS inside a primary OS. If you dive deep chrome has many services running in bg coupled with few of its exes in task manager.
I always use FF.
In fact few yrs back when they introduced tabbed browsing, that was when it gave rise to resource hogging.
Earlier I used to run it all under 3gb ram and now by default 7-gb ram is utilized all the time..

 

[alekhkhanna]

Additionally, you can't use passwords stored in Chrome to fill in app logins on a phone.

You can. It works with app logins on Pixel at least. I don't think I've typed a password on my phone in.... forever.

 

[calvin1719]

You can. It works with app logins on Pixel at least. I don't think I've typed a password on my phone in.... forever.

So, on one family of phones among a hundred?

Regardless, I like software that integrates well with everything else, but doesn't break if the others are changed. Independent password managers work with mostly any browser and app, while the Chrome one works with Chrome and Pixel.

 

[sauravghosh]

Chrome is a piece of shit.. its like a OS inside a primary OS. If you dive deep chrome has many services running in bg coupled with few of its exes in task manager.
I always use FF.
In fact few yrs back when they introduced tabbed browsing, that was when it gave rise to resource hogging.
Earlier I used to run it all under 3gb ram and now by default 7-gb ram is utilized all the time..

The only reason I bothered with Chrome was because of that seamless integration of browsing history, bookmarks and whatnot between phone and PC. I am not sure whether it's possible with Firefox. The performance of Chrome is indeed abominable, I am not sure how google cannot fix this.

 

[alekhkhanna]

So, on one family of phones among a hundred?

Regardless, I like software that integrates well with everything else, but doesn't break if the others are changed. Independent password managers work with mostly any browser and app, while the Chrome one works with Chrome and Pixel.

I've not used a non Pixel in over 3 years, so don't know, and hence said at least on Pixel. I'm sure this should not be device dependent.
All app logins show an option for PW fill if it is stored with Chrome.

 

[nRiTeCh]

The only reason I bothered with Chrome was because of that seamless integration of browsing history, bookmarks and whatnot between phone and PC. I am not sure whether it's possible with Firefox. The performance of Chrome is indeed abominable, I am not sure how google cannot fix this.

Yes very much possible, just sign in with FF account on phone and pc inside the browser..

 

[t3chg33k]

In case there was any doubt over what LastPass has been up to recently, although this is more of an Android issue.

Surprise: LastPass Android app tracks the hell out of its users

It turns out that LastPass not only keeps your passwords in its vault but also tracks you with no less than seven embedded trackers within its Android app, according to a report by security research company Exodus Privacy.

www.phonearena.com

 

[blkrb0t]

Used LastPass for many years. Switching to 1Password after all the shenanigans LastPass has been up to. Not a trustworthy company, especially for someone involved in something as crucial as securely storing passwords.

 

[singenaadam]

Chrome is adequate for routine sites, or sites that won't cause you financial harm, like TE.

Where available, use 2FA.

When it comes to money matters, make your own password and remember it, keep changing regularly. Don't trust any service.

 

[nRiTeCh]

Chrome is adequate for routine sites, or sites that won't cause you financial harm, like TE.

Where available, use 2FA.

When it comes to money matters, make your own password and remember it, keep changing regularly. Don't trust any service.

Ok but what for someone like me having accounts on 500+ sites?? Cant even think about keeping a common passwords for all of them.

 

[ibose]

Ok but what for someone like me having accounts on 500+ sites?? Cant even think about keeping a common passwords for all of them.

Think he meant bank accounts. For others Bitwarden. Call me paranoid but I use KeePass offline.

 

[bssunilreddy]

Chrome is adequate for routine sites, or sites that won't cause you financial harm, like TE.

Where available, use 2FA.

When it comes to money matters, make your own password and remember it, keep changing regularly. Don't trust any service.

Yes Google Chrome is adequate for forums, reddit, Netflix, Amazon Prime, Disney Hotstar, Sunnxt, Zee5, Hungama Play, Aaha, Swiggy, Zomato etc
But when dealing with financial websites like banks, GPay, PhonePay, Paytm, Uber, Ola we should never use any password saving services but our memory only.
Because we don't need take chances right if they get hacked or so like.
So I use the above ways to respective sites.