Because good software is worth paying for?
In case you missed it, @Papageno Humble Bundle is having a sale -$6 for one year Premium sub and you can buy two of them for 2 years. That’s a good bargain, to be honest. Link is a few posts up.
Hmm, question. If you give your phone number there is a way to recover your account if you lose your master password. What I’m wondering is how is that possible because they’re not supposed to know what the password is?
Thanks, yeah I saw that. 6 bucks is a lot easier to swallow than 24. I wonder if it would just extend my current subscription which runs out in March.
And yes, LastPass has been a lifesaver @LeeAbe so I’m not loath to pay on principle, but I wasn’t thrilled with the price doubling either.
I believe it would work because I was able to extend my first subscription by adding another year into it.
Hmm. It states, though, that it starts from date of activation. It does say it can be stacked once. I’d just like to hear from someone who was paying the regular way so to speak, and bought one of these codes.
Thus ring some alarms.
Lastpass encrypts your master password via a one-time key on your browser, and then when you do SMS recovery they send you the key to decrypt that data. It is never stored on their servers, so it’s reasonably secure. Of course if someone steals your laptop, your laptop isn’t protected/encrypted, and your phone (or your phone number, to get SMS texts), that means they can get to your data. I don’t turn it on.
Are you sure on this? Seems extremely unsafe. Most password comparison schemes is via a oneway hash.
Edit: I mean storing an encrypted master password that can be reversed seems extremely dangerous.
What stusser said is correct:
Should we being using hardware security keys like Yubikey? I keep seeing mention of them lately, but I can’t tell if I really need one. Who are they for?
Yubikey is really secure. Google reports they’ve not had a single breach since they switched all their employees to it.
The problem is compatibility. For me, Yubikey and certain iPhones don’t mix. Or they have a Yubikey with Lightning and USB-C connection, but my desktop and laptop are USB-A only.
So I stick with LastPass with 2FA and an incredibly long and random password.
This is fine on a PC but on a smartphone they become a nightmare.
Last night the biometrics on my phone somehow got reset and I had to type in my LastPass password several times. Because LP can’t remember your credentials across more than one successive dialog. Meh.
This is true. I can not log into last pass on my phone, because for whatever reason, after several attempts, I can not put in my last pass password correctly.
LastPass on Android is supposed to monitor form fills in Chrome too but I’ve never gotten it to work.
You should use pass phrases, not long random passwords. A sequence of at least four random unrelated words separated by spaces is easy to remember and type, and difficult to crack. :)
I use pass phrases for things like Lastpass login and my Wifi. I use 6 words for my Wifi (which is probably overkill) and when someone asks for it I can tell them instantly, and my memory is not that great.
You can use an online generator to increase security by eliminating your own bias for grouping certain words together.
I’m good. My iPhone is encrypted. I keep a copy of my password on a local file on the phone. I just copy-and-paste when I need it. If I ever have the phone stolen or lost, I’ll change the LastPass password on the desktop and remove the phone from my authorized devices.
However, it should be noted that, due to the popularity of that exact xkcd comic, “correct horse battery staple” is most certainly not a safe password. ;)
Haha yes! :D
That’s why I use “correct horse bAttery staple 1!” as my common password for all my banking logins.
Because my security skills are l33t and I care enough to add that little extra security. Also the stupid website said I needed a capital letter, number, and symbol.