• LogMeIn buys LastPass for $110M up front
    53 replies, posted
[url]http://www.androidpolice.com/2015/10/09/logmein-acquires-lastpass-password-manager/[/url] [quote=Android Police]LastPass is one of the more well-known password managers out there. Now it's one that's joining LogMeIn. Both companies announced the acquisition earlier today. The buyer paid $110 million upfront with up to another $15 million payable in contingent installments dependent on retention and other markers over the next two years. LogMeIn, despite having a name that already sounds like a password manager in its own right, is primarily known for its remote access software. From a corporate perspective, this sounds like a good match, but some LastPass users have already filled the announcement post with negative comments expressing their disappointment. Several have complained of LogMeIn's bad customer service and price hikes.[/quote]
See, this is part of why I am very unhappy with the idea of trusting some third party privately owned company with all my passwords. Somebody buys them, then somebody else buys these, and even if the original company was good and trustworthy, before I know it, Sony bought them all and is now storing all my passwords in plaintext.
nothing good can come out of this i've been on the verge of switching away from lastpass for years but this gave me the push that i needed to actually do it
All your previous passwords shouldn't be vulnerable. They encrypted all lastpass vaults with aes 256 bit encryption. So if you're worried about security compromises you shouldn't expect anything bad to happen with your previous information at least.
[QUOTE=Ehmmett;48867917]eh as long as they don't change much it'll be fine, not like they'd have a reason to.[/QUOTE] I personally have no interest in taking that risk so I'm switching to KeePass. Also, one potential reason they have to change things is because security is expensive and it's perceived to be cheaper to slack on security.
[QUOTE=DarKSunrise;48867845]nothing good can come out of this i've been on the verge of switching away from lastpass for years but this gave me the push that i needed to actually do it[/QUOTE] Oh there could be Not getting hacked again for one
Unless they change up their security arbitrarily it should be fine. It's still encrypted and decrypted locally, they never actually get your password.
KeePass auto-type is like autofill for everything, even works on stuff like the GTAV launcher.
[QUOTE=Scratch.;48868187]Oh there could be Not getting hacked again for one[/QUOTE] What do you mean? Someone breached aes256?
[QUOTE=DaMastez;48867980]I personally have no interest in taking that risk so I'm switching to KeePass. Also, one potential reason they have to change things is because security is expensive and it's perceived to be cheaper to slack on security.[/QUOTE] I feel if their goal was to save money they wouldn't buy a company for $110 million.
[QUOTE=Slade Xanthas;48868234]KeePassX master race[/QUOTE] Aye. Better program especially if you use both windows and linux.
[QUOTE=SGTNAPALM;48868519]What do you mean? Someone breached aes256?[/QUOTE] No, someone got some hashed information from them iirc.
[QUOTE=Levelog;48868569]No, someone got some hashed information from them iirc.[/QUOTE] Oh. So they can't actually decrypt my passwords. It's like if Dropbox was hacked and someone got a hold of my TrueCrypt container. Doesn't actually matter.
[QUOTE=SGTNAPALM;48868588]Oh. So they can't actually decrypt my passwords. It's like if Dropbox was hacked and someone got a hold of my TrueCrypt container. Doesn't actually matter.[/QUOTE] I wouldn't say it doesn't matter. Once all of us are long long long dead, someone might have your password and find all your weird ancient porn.
[QUOTE=Levelog;48868661]I wouldn't say it doesn't matter. Once all of us are long long long dead, someone might have your password and find all your weird ancient porn.[/QUOTE] Or if a user uses the same password for another less secure website (which is obviously dumb, but still), it'd be easy to get his entire password vault. Realistically it doesn't matter, but you can't just discard a breach like that IMO
[QUOTE=Egonny;48868691]Or if a user uses the same password for another less secure website (which is obviously dumb, but still), it'd be easy to get his entire password vault. Realistically it doesn't matter, but you can't just discard a breach like that IMO[/QUOTE] Aren't lastpass passwords randomly generated? That'd mean said person is not only not using lastpass for that site, but using the same password as their master pass. Then whoever got them would have to specifically try lastpass as a site to use the password on. I'm not saying it's not possible, but it means the person is pretty stupid.
[QUOTE=Levelog;48868701]Aren't lastpass passwords randomly generated? That'd mean said person is not only not using lastpass for that site, but using the same password as their master pass. Then whoever got them would have to specifically try lastpass as a site to use the password on. I'm not saying it's not possible, but it means the person is pretty stupid.[/QUOTE] I meant the master password, for LastPass itself
Sticking with 1Password
[QUOTE=Egonny;48868744]I meant the master password, for LastPass itself[/QUOTE] Yeah, my point still stands. Said person would not have been using LastPass for that specific site, although they do use LastPass in general. Then they'd have to be using the LastPass master password as that site password. Then the attacker would have to try the decrypted password on LastPass. [editline]9th October 2015[/editline] [QUOTE=darth-veger;48868770]Sticking with 1Password[/QUOTE] We use Password Safe at work, but it uses PBKDF2.
[QUOTE=Egonny;48868744]I meant the master password, for LastPass itself[/QUOTE] That's a fault with the user themselves and not with LastPass or any other password vault. One shouldn't be using the same password for every site regardless, using the master vault password for another site is no exception. This is precisely why password vaults exist, so that users can more easily have secure practices and not have the same password for every site.
I wonder if this is a good thing or a bad thing...
[QUOTE=Levelog;48868772]Yeah, my point still stands. Said person would not have been using LastPass for that specific site, although they do use LastPass in general. Then they'd have to be using the LastPass master password as that site password. Then the attacker would have to try the decrypted password on LastPass.[/quote] Yeah realistically this won't happen, but it's still a possibility, if you'd want to go after one person specifically for example. [QUOTE=SGTNAPALM;48868810]That's a fault with the user themselves and not with LastPass or any other password vault. One shouldn't be using the same password for every site regardless, using the master vault password for another site is no exception. This is precisely why password vaults exist, so that users can more easily have secure practices and not have the same password for every site.[/QUOTE] While it's definitely a fault with the user, LastPass having a bunch of user data leaked isn't really helping. It's not really significant, but in an ideal case LastPass wouldn't be breached. IIRC they handled it pretty well though, so I don't why you wouldn't use LastPass (even with a new owner), just use it correctly
Ugh, I dunno if I'm crazy about this move. LastPass really is the simplest and easiest password manager there is, especially across multiple devices, and if LogMeIn fucks it up then I'm not going to be happy.
logmein sucks, keepass is still the way to go
[QUOTE=Map in a box;48869581]logmein sucks, keepass is still the way to go[/QUOTE] Rescue's pretty good if I must say so myself Our University and Microsoft use it Hamachi is aids though
Keepass is great because I can lock my password behind sloth pictures.
Piece-of-paper-under-the-bed master race. I really don't understand why you even thought that online password managers were ever a great idea in the first place.
[QUOTE=Ehmmett;48870320]You really are out of touch with reality.[/QUOTE] That's basically like telling MaxOf2SD he's French.
I just have passwords written down in a physical book I keep at home Granted if someone breaks in they could take it but I feel like I have bigger concerns if Ive been broken into
[QUOTE=spazthemax;48870831]I just have passwords written down in a physical book I keep at home Granted if someone breaks in they could take it but I feel like I have bigger concerns if Ive been broken into[/QUOTE] Same here. I feel the odds of someone breaking in to my place just to steal a list of login passwords is a lot less likely than said password management service just ending up with a data breach. Don't try to nail this on being "out of touch".
Sorry, you need to Log In to post a reply to this thread.