[Cialug] LastPass & Firefox!

Matt Stanton matt at itwannabe.com
Sat Jun 10 20:31:56 UTC 2017


I think I would avoid LastPass altogether, regardless of its usability.  I've read articles regarding their vulnerabilities, and their last two-factor authentication vulnerability really highlighted the poor design choices they make.  For instance, as quoted from a Tom's Hardware article (http://www.tomshardware.com/news/lastpass-2fa-bad-design-decision,34207.html):

"The main issue with LastPass’ 2FA system was that LastPass derived the encryption key that protects the vault from the master password (the password that protects all of your stored LastPass passwords). Considering the whole point of using 2FA is to protect against hackers who already have your password, this seems like a bad idea."

If they are making these kinds of errors, and they aren't being caught by ecryption specialists hired to review the code before it makes it into production (yeah, right... like they hired anyone qualified to look at it), then there are bound to be other mistakes that I'm not willing to live with.  Poor performance in the UI code might not be important in the grand scheme of things as relates to security (but who knows?  It may make a vulnerability possible that wouldn't had the machine just breezed throigh the code), but it may serve as another "poor design decision" red flag.

Unfortunately, I don't have anything to suggest as a replacement that is as "feature-rich,"** and the passwords you are trying to protect may not matter enough to care, but it is worth considering putting up with a little less convenience for a lot less danger.

-- Matt (N0BOX)

** Yeah, I'd suggest the Mooltipass again, but it doesn't seem anyone has the stomach for dealing with having to carry it around.

Sent from my android device.

-----Original Message-----
From: "L. V. Lammert" <lvl at omnitec.net>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Sent: Sat, 10 Jun 2017 13:26
Subject: [Cialug] LastPass & Firefox!

If anyone is using LastPass w/Firefox (don't know about other browsers),
BE ADVISED that version 4 requires a VERY high-end workstation to work
properly! Even with one (8-core, 32GB, 4Ghz) it has been prone to lockup
with sites like eBay.

The LastPass attempt to improve the "user experience" has created a total
DOG! If you are using LP, know that the MOST RECENT USABLE version. 3.3.4
(5/17/17) is available here:

https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/versions/

Again, stay AWAY from the totally blated LP 4, it ONLY works (and then not
all the time) on a high-end workstation.

        Lee

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list