Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the difference you're missing is that LastPass offers the OnlineVault option.

I much prefer the security of being in control of my file, and having its online option controlled by someone else (Dropbox); and logging into Dropbox to then see my passwords 'online' on the go.

If Lastpass.com is compromised, the attacker can MitM compromise my credentials. If 1Password.com is compromised, that is not the case. (Yes, if Dropbox is compromised, they could capture my dropbox credentials, but it would be more difficult for them to then capture my 1password credentials)

Ref: LastPass Online Vault: http://helpdesk.lastpass.com/full.php 1Password Anywhere: http://help.agile.ws/1Password3/1passwordanywhere.html Services I use, and why: http://www.mikeschroll.com/blog/2011/12/07/services-i-use-an...



>I much prefer the security of being in control of my file, and having its online option controlled by someone else (Dropbox); and logging into Dropbox to then see my passwords 'online' on the go.

You can't even do that. You have to install a local client. Download the file, open it in your new client, edit it, manually reupload it. If you don't want to use the on-web LastPass vault, then don't, but it's still doing local decryption and you can still used the signed Chrome extensions to carry out ops if you don't trust LastPass.com proper.

>If Lastpass.com is compromised, the attacker can MitM compromise my credentials.

Which part of "local, client-side encryption" is confusing?

edit: 1PassAnywhere is the exact same thing as what LastPass is doing with it's LastPass.com-served Vault.

edit2: There's even multifactor auth available for it and the Online Vault feature.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: