LastPass login security

Question

If LastPass does not store your master password, then how can you login to use their web app?

Surely you must type it in, it is sent over using SSL, and then salted/hashed on the server-side, and then compared with what in their DB, like any other login scheme on the web.

score 5 · Accepted Answer · edited Apr 13 '17 at 12:57

No, The LastPass website does not normally know your login credentials.

On their website, they supply JavaScript code to do in-browser decryption. So, yes, we still need to trust LastPass that this code is implemented correctly, but the password isn't sent to their servers.

Note: Trusting lasspass means that we need to trust them not to give you a non-standard version of their website javascript for certain special IP addresses at the behest of the NSA if they use a National Security Letter.

Resources:

thanks! didnt see all of this lastpass documentation! ill read through it. — tau, Apr 10 '14 at 01:26

score 4 · Answer 2 · edited Mar 17 '17 at 10:46

4

Also see How safe are password managers like LastPass?.

I had concerns about its security integrity and the fact that your passwords are saved on servers that are located in the USA. Even though they only store encrypted data, LastPass is obliged to give this data to the USA government when requested (due to the PATRIOT Act).

Since I realized this, I moved to KeePass Password Safe, an offline password manager with protection against keyloggers.

edited Mar 17 '17 at 10:46

Community

1

answered Apr 11 '14 at 09:20

Steven Volckaert

1,203
9
15

i use keepass too; its awesome and much simpler than lastpass. – tau Apr 11 '14 at 17:02
1

+1 for recommending KeePass. I have been using it for more than a year now and it is a brilliant piece of software. Not to mention its OSI certified and peer reviewed by many cryptanalysts and security experts alike. And all this is free. – Pavin Joseph Mar 25 '15 at 23:41
Couldn't agree more! – Steven Volckaert Mar 26 '15 at 10:30

LastPass login security

2 Answers2