About me

Developer Information
Name KeepItCool
User since Oct. 16, 2007
Number of add-ons developed 0 add-ons
Average rating of developer's add-ons Not yet rated

My Reviews

LastPass Password Manager

Rated 5 out of 5 stars

I have checked the Security of this addon!

On March 18 I have questioned about the security of lastpass (see my previous post).
After that I decided that more then just question about the potential security issues of lastpass or blindly believe in the lastpass folks, I should understand the way lastpass do things and check the security myself...
To verify everything I needed some information and I asked some questions to lastpass that was always very open and provided all the necessary information in detail.
You can follow up my testing steps in this post :

As a result of my tests I concluded that lastpass is very secure and that I can trust them my data!

But don't believe me or lastpass, see it by yourself, it's not that difficult... You just need to check some stuff like :
1) That lastpass never send your master password to their servers
2) That it is really your master password that is used to encrypt the sensitive information
3) That the information always leaves your computer encrypted

Then if you know something about encryption or if you read some stuff (lastpass has a nice FAQ pointing good external references) you will understand that without your master password your encrypted data on lastpass servers is useless.

But once again I say to all of you, don't take my word (or lastpass), just check it by yourself.
If you need any help, post in the forum post of the above link that I would be glad to point you some directions on how you can independently run some tests.

This review is for a previous version of the add-on (1.50). 

LastPass Password Manager

Security !? Rated 5 out of 5 stars

I think that this solution/addon seems great but I have a question about security.
You say that "data is locked down with your LastPass master password (which we never receive and will never ask for)..."
But why does the Master Password used for local encryption is equal to the website user password?
You say you never receive and you never ask but when I access to your website I do send my password...
This is even more true when I don't have the lastpass plugin installed in FF and I just log to your site.

Can you please clarify this?

This review is for a previous version of the add-on (1.50).