from Hacker News

What are the chances of Lastpass being backdoored?

by chashaz on 6/11/13, 6:57 AM with 3 comments

I'm a full time user of Lastpass, the free or paid online cloud based password manager.

But in the light of recent revelations involving various government backdoors in popular sites, I'm beginning to wonder if such services can be trusted.

I'm not an expert but I'd seriously want to hear the opinion & advice of HN users.

Thanks

  • by macarthy12 on 6/11/13, 8:17 AM

    Read / Listen to this for a complete answer.

    http://www.grc.com/sn/sn-256.htm

  • by mike-cardwell on 6/11/13, 8:31 PM

    Lastpass could be compelled to send modified JavaScript down to your browser which records your password when you enter it, and reports it back, meaning they then have complete access to your password vault contents. They would also be capable of retrieving meta data including the list of sites you log into, when you log into them, and from what IP addresses.