Not Completely Safe Rated 2 out of 5 stars

No amount of overkill security known to man is completely flawless. Even MD5 hashes are crackable. I find it unacceptable that my data is being stored on a third parties system when it makes more since and is more secure to store that data locally.

Some of you may be willing to give over your credit card and banking passwords to someone else but I am not. Your passwords he claims are not accessible by him but if he is using a sql server then the data is not as secure as it may seem to be.

Admittedly I do not know his method of storing the data but it has to be some type of database and that part scares me. Why on earth does lastpass insist on transmitting your passwords to HIS server? that makes no sense whatsoever.

I have deleted the program, the addon and changed ALL of my passwords.

Good Luck,

This review is for a previous version of the add-on (1.35). 

You might want to understand how it works before passing judgement

LastPass is a 'host proof' solution, where we at LastPass can not access your sensitive data because it's encrypted on your computer using your Master Password.

That means that it doesn't matter if it's stored in a SQL database -- it's encrypted. It's useless to us.

Not having access to any of your sensitive data is a key tenant of our solution, it's included in our privacy statement.

If you're interested in learning how it works there's plenty of information on our website like:

What encryption is being used?
AES utilizing 256-bit keys. AES-256 is accepted by the US Government for protecting TOP SECRET data. AES is implemented in JavaScript for the website, and in C++ for speed in the Internet Explorer and Firefox plug-ins. This is important because your sensitive data is always encrypted and decrypted locally on _your computer_ before being synchronized. Your master password never leaves your computer and your key never leaves your computer. No one at LastPass (or anywhere else) can decrypt your data without you giving up your password (we will never ask you for it). Your key is created by taking a SHA-256 hash of your password. When you login, we make a hash of your username concatenated with your password, and that hash is what's sent to verify if you can download your encrypted data.