|User since||Oct. 16, 2007|
|Number of add-ons developed||0 add-ons|
|Average rating of developer's add-ons||Not yet rated|
Rated 5 out of 5 stars
I have checked the Security of this addon!
On March 18 I have questioned about the security of lastpass (see my previous post).
After that I decided that more then just question about the potential security issues of lastpass or blindly believe in the lastpass folks, I should understand the way lastpass do things and check the security myself...
To verify everything I needed some information and I asked some questions to lastpass that was always very open and provided all the necessary information in detail.
You can follow up my testing steps in this post :
As a result of my tests I concluded that lastpass is very secure and that I can trust them my data!
But don't believe me or lastpass, see it by yourself, it's not that difficult... You just need to check some stuff like :
1) That lastpass never send your master password to their servers
2) That it is really your master password that is used to encrypt the sensitive information
3) That the information always leaves your computer encrypted
Then if you know something about encryption or if you read some stuff (lastpass has a nice FAQ pointing good external references) you will understand that without your master password your encrypted data on lastpass servers is useless.
But once again I say to all of you, don't take my word (or lastpass), just check it by yourself.
If you need any help, post in the forum post of the above link that I would be glad to point you some directions on how you can independently run some tests.
Security !? Rated 5 out of 5 stars
I think that this solution/addon seems great but I have a question about security.
You say that "data is locked down with your LastPass master password (which we never receive and will never ask for)..."
But why does the Master Password used for local encryption is equal to the lastpass.com website user password?
You say you never receive and you never ask but when I access to your website I do send my password...
This is even more true when I don't have the lastpass plugin installed in FF and I just log to your site.
Can you please clarify this?