Rated 5 out of 5 stars

really amazing it had help me a lot, keep it up

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

Works great in FF3. Love this program. Recommend it highly!

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

Works great in FF3. Love this program. Recommend it highly!

This review is for a previous version of the add-on (1.50). 

Great program Rated 5 out of 5 stars

Great password manger, Kim komando recommends and endorses it so that's good enough for me.

This review is for a previous version of the add-on (1.50). 

Great little add on Rated 5 out of 5 stars

This saves me a lot of time filling out forms,logging in to many sites,1 password is all you need. If your lazy like me you'll love this nifty little add on.

This review is for a previous version of the add-on (1.50). 

Тары бары Rated 1 out of 5 stars

Пришло дополнение с описанием на тарабарском языке. Как разобраться нужно ли это мне. И если установлю буде работать на русском языке?

This review is for a previous version of the add-on (1.50). 

Тары бары Rated 1 out of 5 stars

Пришло дополнение с описанием на тарабарском языке. Как разобраться нужно ли это мне. И если установлю буде работать на русском языке?

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

Awesome way to keep passwords - whether it be on 1 computer or across multiple computer. This add-on rocks!

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

Excellent, easy, convenient ...

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

Excelente add-on de verdad me lo hace todo más fácil, ya que constantemente estoy viajando y en circuntancias he olvidado llevar mi laptop y wow!! Gracias a Dios existe LastPass Password Manager y no tengo que recordar todas las claves y cuentas de usuarios que tengo. Ya sean de foros, correos u otros servicios.

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

pretty cool and useful, i won't have to worry about having to re-save my passwords everytime i switch/and or get another computer/and or change my desktop/laptop homepage.

This review is for a previous version of the add-on (1.50). 

Couldn't live without it Rated 5 out of 5 stars

This is bar none the most useful tool I have ever installed on a PC. It is fantastic, and accurate 95% of the time for the sites that I visit. I have hundreds of passwords stored in here, and it's such a weight off my shoulders to have this app. I love it, the first thing I add to Firefox or IE when I install.

This review is for a previous version of the add-on (1.50). 

Rated 5 out of 5 stars

I have checked the Security of this addon!

On March 18 I have questioned about the security of lastpass (see my previous post).
After that I decided that more then just question about the potential security issues of lastpass or blindly believe in the lastpass folks, I should understand the way lastpass do things and check the security myself...
To verify everything I needed some information and I asked some questions to lastpass that was always very open and provided all the necessary information in detail.
You can follow up my testing steps in this post :
http://forums.lastpass.com/viewtopic.php?f=6&t=4389

As a result of my tests I concluded that lastpass is very secure and that I can trust them my data!

But don't believe me or lastpass, see it by yourself, it's not that difficult... You just need to check some stuff like :
1) That lastpass never send your master password to their servers
2) That it is really your master password that is used to encrypt the sensitive information
3) That the information always leaves your computer encrypted
...

Then if you know something about encryption or if you read some stuff (lastpass has a nice FAQ pointing good external references) you will understand that without your master password your encrypted data on lastpass servers is useless.

But once again I say to all of you, don't take my word (or lastpass), just check it by yourself.
If you need any help, post in the forum post of the above link that I would be glad to point you some directions on how you can independently run some tests.

This review is for a previous version of the add-on (1.50). 

The best at what it does Rated 5 out of 5 stars

At first, I was hesitating to use lastpas. I mean, send my passwords online??? What an idea. Then, I checked the way they're doing it, lots of reviews and documented myself on encryption. Also, I said to myslef "we're in 2009, in a couple of years, this kind of Internet based service will be everywhere, these guys are just a bit ahead of the curve".

So, I gave it a try (I was using sxipper before, a good product, but too present on the screen). I didn't experience even one glitch. My only problems came from old and outdated passwords I had... Very easy to solve with the "repair" feature.

Overall, a great product. And for guys worring about security : most banks and online backup services use 128 or 168 bits encryption, lastpass uses 256 bits... They're ahead, and my guess is that they intend to keep it that way.

Realize that you're using the Web, and you're going to use it better!

This review is for a previous version of the add-on (1.50). 

Rated 2 out of 5 stars

Dear Developer, I wished, y o u read, what I wrote:
Passwords are PRIVATE, which means: The only place they are made for is the user's home (or at least a place, only the user can access) who created it. Your machine may encrypt them (btw, one user found, that the master password for this storage is identical to the login-password to the account on your machine...?!?). But even i f they are encrypted, one have to send you the not encrypted passwords as well as the 'master password' to encrypt them.
This way every traffic listener on the web with enough knowledge can catch this data... and what kind of 'security' is this? You need to receive the not encrypted passwords to be able to encrypt them and... you know the master password... of course you also know the encryption algorithm ... what else can one offer you to access every single password (this method you call trustworthy???)? If you was smart enough, then you also created a 'comment' field for every stored password, so that the users are 'able' to remember where these passwords fit... (as well as you, what a convenient solution!)
Hm, do you need more? No, man, I'm not paranoid, but you seem to think, all people trust in strangers... may be some do - I WON'T.
Would YOU give all your passwords to me, if I'd tell you, they will be encrypted? You know what? There are indeed methods for such a kind of storage on a server, BUT before one single password leave a machine, it has to be encrypted LOCALLY with an algorithm AND password, which WILL NEVER leave the local machine. This would be safe, because nobody can decipher them (no sniffer, nobody in your network). And if you are a really correct person, then you think about that, what I and TheAssasin have mentioned.

This review is for a previous version of the add-on (1.50). 

We are using the method that you consider safe! Please check and see for yourself!

To quote you directly:
"There are indeed methods for such a kind of storage on a server, BUT before one single password leave a machine, it has to be encrypted LOCALLY with an algorithm AND password, which WILL NEVER leave the local machine"

This is __EXACTLY__ what LastPass does! You don't have to take our word for it either, other people have verified that it's true, and we will help you verify that it's true yourself if you'd like to verify it.

I don't expect everyone to take what we're saying at face value, I expect them to verify, and once they do, they realize that what we're doing is secure. By the same token, I'd hope you'll consider checking into what we're doing further, the user who questioned how our login password worked did and verified every aspect of the solution and was satisfied.

We'd like nothing more than a large number of people verifying what we're doing, we're not infallible we realize that more eyes = more safety.

Rated 2 out of 5 stars

The worst "security" idea I've heard for the last year. If someone grabs my passwords and throw them to the web, I'll be hacked after sometime! It's only means of time period!..

This review is for a previous version of the add-on (1.50). 

very bad idea Rated 1 out of 5 stars

people who use this must be insane,even if Last Pass only gets the encrypted data on their servers,what if an attack on AES is discovered that weakens the algorithm or even breaks it?
all your passwords will be compromised.

This review is for a previous version of the add-on (1.50). 

Let's run that scenario out

Let's say that someone figures out a theoretical attack on AES -- would it be practical? Almost certainly not, but let's pretend it was practical too for the sake of argument.

LastPass would be working to provide new encryption algorithms to choose from not exploit a hole without existing algorithm -- your data is still protected by LastPass, even if you suddenly have to worry about a rogue LastPass employee. You'd have plenty of time to react as well: it might mean you'd want to change the passwords of your most sensitive accounts but only if you don't trust LastPass employees.

LastPass has done everything we can to avoid the liability of having an employee or anyone have access to your sensitive data and we'll continue to do so.

There are plenty of other businesses that employee this model with arguably more sensitive information: online backup providers.

Is every online backup provider (which uses the same exact encryption algorithm as LastPass with typically _weaker keys_) a very bad idea too? No, that's a billion dollar industry, and a very good idea.

Rated 2 out of 5 stars

Excuse me, fairy tale lovers, but... in times, when mobile storage offers 16 GB (an ordinary USB-Stick) really nobody can tell me, that my passwords have to be stored somewhere in the web (be it with or without 'password'!). I can carry encyclopedias full of passwords to any place in the world without the possibility for anybody to watch them (encrypted, decrypted, in runes written or in hieroglyphs...).
So please tell me: Why does one need to give ones private access keys (!!!) to people they will never know in their life???
That's why I call users 'trusting' such technologies 'fairy tale lovers'... I'm not paranoid, BUT what is the reason for using passwords? If I give them anybody (who I don't know!!!), I simply don't need them - that easy it is.

This review is for a previous version of the add-on (1.50). 

You need to look at the details

Kurt, if you looked into the details you'd realize that your 'fairy tale' is TRUE! You're storing encrypted data which LastPass doesn't have access to!

This technique is called Host Proof Hosting: http://en.wikipedia.org/wiki/Host-proof_hosting

With LastPass you can be secure and it's more convenient than your USB thumb drive.

Rated 5 out of 5 stars

a little confusing at first, but gets easier. lots of options. recommend.

This review is for a previous version of the add-on (1.46). 

Security !? Rated 5 out of 5 stars

I think that this solution/addon seems great but I have a question about security.
You say that "data is locked down with your LastPass master password (which we never receive and will never ask for)..."
But why does the Master Password used for local encryption is equal to the lastpass.com website user password?
You say you never receive and you never ask but when I access to your website I do send my password...
This is even more true when I don't have the lastpass plugin installed in FF and I just log to your site.

Can you please clarify this?
Thanks!

This review is for a previous version of the add-on (1.50). 

Clarification

When you log in (doesn't matter if it is in plugin or on website), we take a 1 way hash of your password and send it to our servers for authentication. Your password never leaves your computer (feel free to use TamperData to watch what goes across the wire) because we clear the field before the form submits.

We then locally generate the encryption key from your username and your password. All encryption/decryption is done locally. So since LastPass never receives your password, we can never create the key to decrypt your data. It is perfectly safe.