undefined | Better HN

0 pointssytelus7y ago0 comments

What makes you trust LastPass that they won't sell/leak/expose your passwords from some backdoor or under the table deal? I'm asking because this is not a public company or an entity that can be held responsible in any way for such an act. It's just another startup obligated to make their investors 10X returns. I haven't read their agreements but I'm pretty sure any lawyers of such companies have enough clause to absolve them of any such acts.

0 comments

puszczyk7y ago

They don’t have your passwords

sytelusOP7y ago

They do store your "vault" on their server. It's encrypted though using key that doesn't leave your computer. However I can easily imagine deliberate as well as innocent "mistakes" in browser plugins and other weak links in architecture that would expose the master key and hence your vault.

woolvalley7y ago

That can pretty much happen to any software provider you download software from.

You don't have the time to:

- audit the source code

- check every auto-update hash matches the main hash list "just in case" you get a special update just for you

If you turn off auto-update, you will eventually get hacked because of bitrot

lmilcin7y ago

They don't, officially. Nothing is stopping them from updating the client to siphon your passwords or the encryptuon key, though. This is a problem all password managers have.

It would be nice to have some kind of communication protocol that could be provably restricted from passing whatever the company wants.

j / k navigate · click thread line to collapse