LastPass Password Manager

LastPass Password Manager
Developer(s) LastPass
Initial release August 22, 2008 (2008-08-22)
Stable release 1.80.0 / November 4, 2011; 3 months ago (2011-11-04)
Operating system Cross-platform
Available in Multilingual
Type Password manager
License Proprietary software
Website lastpass.com/

LastPass Password Manager is a freemium password management program developed by LastPass. It is available as a plugin for Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Safari. There is also a LastPass Password Manager bookmarklet for other browsers.

Contents

Overview

Passwords in LastPass Password Manager are protected by a master password and are encrypted locally and are synchronized to any other browser. LastPass Password Manager also has a form filler that automates password entering and form filling. It also supports password generation, site sharing and site logging. LastPass Password Manager offers a premium subscription that includes iPhone, BlackBerry, Android, Windows Phone, Windows Mobile, WebOS and Symbian applications, enhanced support, multi-factor authentication and no advertisements.

On December 2, 2010, it was announced that LastPass acquired the bookmark synchronizer Xmarks.[1] LastPass password management technology was integrated into the “Identity and Privacy” feature of Internet security company, Webroot’s newest security suite. Full terms of the licensing deal were not disclosed.[2]

Features

Source code

LastPass Password Manager is closed source, though many of the extensions can be run in a non-binary mode where the source is available, but LastPass maintains all rights.

One of the developers of LastPass Password Manager, Sameer, has argued that theoretically the integrity of the software could be verified without making it open source, and mentioned that the developers may be open to the future possibility of making the user interface of LastPass Password Manager open source.[3]

Reception

In March 2009, PC Magazine awarded LastPass Password Manager their "Editors' Choice" for password management.[4] LastPass Password Manager has a 4-star rating at the Firefox Add-ons web site with over 600 reviews,[5] and it has been featured on Download Squad,[6] Lifehacker,[7] and Makeuseof.[8]

LastPass Password Manager's security model was extensively covered and approved of by Steve Gibson in his Security Now podcast episode 256.[9]

Security breach

On Tuesday, May 3, 2011, LastPass discovered an anomaly in their incoming network traffic, and then another, similar anomaly in their outgoing traffic.[10] Administrators found none of the hallmarks of a classic security breach (for example, database logs showed no evidence of a non-administrator user being elevated to administrator privileges), but neither could they determine the root cause of the anomalies. Furthermore, given the size of the anomalies, it is theoretically possible that data such as email addresses, the server salt, and the salted password hashes were copied from the LastPass database. To address the situation, LastPass decommissioned the "breached" servers so they could be rebuilt, and on May 4, 2011, they requested all users to change their master password. However, the resulting user traffic overwhelmed the login servers and, temporarily, administrators were asking users to refrain from changing their password until further notice, having judged that the possibility of the passwords themselves being compromised to be trivially small. LastPass also stated that while there was no direct evidence any customer information was directly compromised, they preferred to err on the side of caution.[11] There have been no verified reports of customer data loss or password leaks since these precautions were taken.

See also

Free software portal
Cryptography portal
Cryptography portal

References

  1. ^ "LastPass Acquires Xmarks!". LastPass blog. 2010-12-02. http://blog.lastpass.com/2010/12/lastpass-acquires-xmarks.html. 
  2. ^ Automation, partnerships drive Webroot revamp cnet.com 2010-07-26.
  3. ^ Sameer's commentary on making lastpass open source
  4. ^ LastPass 1.50 Review & Rating | PCMag.com
  5. ^ LastPass Password Manager :: Add-ons for Firefox
  6. ^ Is Lastpass as good as they make it sound?
  7. ^ LastPass Adds Form Filler, Syncs Form Profiles and Passwords
  8. ^ Securely Synchronize Your Browser Passwords With LastPass
  9. ^ Security Now 256: LastPass Security or jump straight to review of LastPass Password Manager at 0:52:44
  10. ^ LastPass Security Notification
  11. ^ LastPass Security Notification

External links