On Fri, 11 Apr 2014 21:32:57 -0400, Manu <[email protected]> wrote:
On 12 April 2014 11:16, Manu <[email protected]> wrote:
On 12 April 2014 11:11, Brad Anderson <[email protected]> wrote:
On Saturday, 12 April 2014 at 01:09:45 UTC, Manu wrote:
This. Also, I have more than 1 computer (including a phone)... what's
the
solution there?
LastPass is cloud synced (including with phones).
... how does that work?
Ummm, yeah no, I'm soooo not enthusiastic about *paying* some
closed-source
company to hold every password I have for everything I am.
Re: Walter's single point of failure comment. And once money's on the
table, all bets are off wrt ethical behaviour.
I know this topic is going into the weeds, but I have to say, there is
quite the aversion to money on this thread, even for those of us who get
paid to write code.
I find it interesting that I have the exact OPPOSITE view. Paying for
something gives a company incentive NOT to f*** their customers over.
People who *require* money for service are not automatically corrupt, and
IMO are less likely to be corrupt. The software industry is an oddball,
where people are willing in droves to do free work, but people are still
people, and you typically get what you pay for.
Are they an american, canadian, australian, NZ, UK company? The NSA
probably insists a backdoor. If not, I bet NSA already has known exploits
in their infrastructure... they'd be one of the hottest targets out
there!
They have a statement on that, I'll post it again:
http://blog.lastpass.com/2013/09/lastpass-and-nsa-controversy.html
Of course, it means you have to accept their word, and trust their
competency. I tend to doubt that somehow this is all a ruse and they are
in cahoots with the NSA.
And the final irony of course, is that I have heard several people tout
their aversion to anything they are not able to scrutinize the source code
to the encryption, to see if any NSA back doors exist, etc. And some of
these same people did not scrutinize the disclosure statement before
signing up for a service that emails them their password in clear-text.
Keep in mind that even if the system is 'fixed' not to email you your
clear-text password, where do you think it got that password from?
-Steve
