LastPass: Difference between revisions

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Feezo moved page LastPass (software) to LastPass: No need for disambiguation (at this point anyway - see Talk page for details)
Chealer (talk | contribs)
10,808 edits
rewrite lead hoping to give a proper definition
Line 23: Line 23:
}}
}}
{{Cleanup-spam|date=August 2013}}
{{Cleanup-spam|date=August 2013}}
'''LastPass''' is a [[freemium]] [[Password manager|password management service]] developed by '''Marvasol, Inc.''', a [[Virginia]]-based technology company [[doing business as|doing business]] under the LastPass brand.<ref>{{cite web | url=http://www.bloomberg.com/news/2011-05-05/lastpass-says-hackers-may-have-stolen-passwords-for-1-25-million-customers.html | title=LastPass says hackers may have stolen passwords for 1.25 million customers | work=[[Bloomberg News]] | date=5 May 2011 | accessdate=28 April 2014 | author=Michael Riley}}</ref><ref name="features">{{cite web | url=https://lastpass.com/features_free.php | title=Features | publisher=LastPass | accessdate=27 April 2014}}</ref> It is available as a plugin for [[Internet Explorer]], [[Firefox|Mozilla Firefox]], [[Google Chrome]], [[Opera (web browser)|Opera]], and [[Safari (web browser)|Safari]]. There are also LastPass [[bookmarklet]]s for other browsers.<ref name="features" /><ref>{{cite web | url=https://helpdesk.lastpass.com/features/bookmarklets/ | title=Bookmarklets | publisher=LastPass | accessdate=27 April 2014}}</ref>
'''LastPass''' is a [[freemium]] [[Password manager|password management service]] which seeks to resolve the [[password fatigue]] problem by centralising user password management in the cloud.<ref name="features">{{cite web | url=https://lastpass.com/features_free.php | title=Features | publisher=LastPass | accessdate=27 April 2014}}</ref>


'''LastPass''' also refers to a browser plugin designed for users of the LastPass service, available for [[Internet Explorer]], [[Firefox|Mozilla Firefox]], [[Google Chrome]], [[Opera (web browser)|Opera]], and [[Safari (web browser)|Safari]]. There are also LastPass [[bookmarklet]]s for other browsers.<ref name="features" /><ref>{{cite web | url=https://helpdesk.lastpass.com/features/bookmarklets/ | title=Bookmarklets | publisher=LastPass | accessdate=27 April 2014}}</ref>
LastPass seeks to resolve the [[password fatigue]] problem by centralising user password management in the cloud.

'''LastPass''' is also the trade name under which the developer of the LastPass service, [[Virginia]]-based technology company '''Marvasol, Inc.''', [[doing business as|does business]].<ref>{{cite web | url=http://www.bloomberg.com/news/2011-05-05/lastpass-says-hackers-may-have-stolen-passwords-for-1-25-million-customers.html | title=LastPass says hackers may have stolen passwords for 1.25 million customers | work=[[Bloomberg News]] | date=5 May 2011 | accessdate=28 April 2014 | author=Michael Riley}}</ref>


==Overview==
==Overview==

Revision as of 07:19, 30 April 2014

LastPass
Developer(s)LastPass
Initial releaseAugust 22, 2008 (2008-08-22)
Stable release
3.1.1[1] / February 14, 2014; 10 years ago (2014-02-14)
Operating systemCross-platform
Available inMultilingual
TypePassword manager
LicenseProprietary software
Websitelastpass.com

LastPass is a freemium password management service which seeks to resolve the password fatigue problem by centralising user password management in the cloud.[2]

LastPass also refers to a browser plugin designed for users of the LastPass service, available for Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Safari. There are also LastPass bookmarklets for other browsers.[2][3]

LastPass is also the trade name under which the developer of the LastPass service, Virginia-based technology company Marvasol, Inc., does business.[4]

Overview

Passwords in LastPass are protected by a master password and are encrypted locally and are synchronized to any other browser. LastPass also has a form filler that automates password entering and form filling. It also supports password generation, site sharing and site logging.

On December 2, 2010, it was announced that LastPass acquired the bookmark synchronizer Xmarks.[5] LastPass password management technology was integrated into the “Identity and Privacy” feature of Internet security company Webroot’s newest security suite. Full terms of the licensing deal were not disclosed.[6]

Features

  • One master password
  • Cross-browser synchronization
  • Secure password generation
  • Password encryption
  • Form filler
  • Importing and exporting passwords
  • Portable access
  • Multifactor authentication
  • Fingerprint verification
  • Cross-platform availability (and mobile versions for premium)
  • Mobile access available[7]
  • Free and premium credit monitoring (USA only)[8]

Source code

LastPass is closed source, though many of the extensions can be run in a non-binary mode where the source is available, but LastPass maintains all rights.

One of the developers of LastPass, Sameer, has argued that, theoretically, the integrity of the software could be verified without making it open source, and mentioned that the developers may be open to the future possibility of making the user interface of LastPass open source.[9]

Reception

In March 2009, PC Magazine awarded LastPass their "Editors' Choice" for password management.[10] LastPass has a rating of 4 out of 5 stars at the Firefox Add-ons web site with over 900 reviews,[11] and it has been featured on Download Squad,[12] Lifehacker,[13] and MakeUseOf.[14]

In July 2010, LastPass's security model was extensively covered and approved of by Steve Gibson in his Security Now podcast episode 256.[15] He also revisited the subject and how it relates to the NSA in Security Now podcast episode 421.[16]

Security breach

On Tuesday, May 3, 2011, LastPass discovered an anomaly in their incoming network traffic, and then another, similar anomaly in their outgoing traffic.[17] Administrators found none of the hallmarks of a classic security breach (for example, database logs showed no evidence of a non-administrator user being elevated to administrator privileges), but neither could they determine the root cause of the anomalies. Furthermore, given the size of the anomalies, it is theoretically possible that data such as email addresses, the server salt, and the salted password hashes were copied from the LastPass database. To address the situation, LastPass decommissioned the "breached" servers so they could be rebuilt, and on May 4, 2011, they requested all users to change their master password. However, the resulting user traffic overwhelmed the login servers and, temporarily, administrators were asking users to refrain from changing their password until further notice, having judged that the possibility of the passwords themselves being compromised to be trivially small. LastPass also stated that while there was no direct evidence any customer information was directly compromised, they preferred to err on the side of caution.[18] There have been no verified reports of customer data loss or password leaks since these precautions were taken. In comment 6, Joe Siegrist committed to a third-party audit, saying one "is certainly prudent". However, no audit results have been published to date.

XSS vulnerability

In February 2011, a cross-site scripting (XSS) security hole was discovered, reported by security researcher Mike Cardwell, and closed within hours.[19] There was disagreement over severity. Cardwell stated that people should be "very concerned." The company reported that a log search showed no evidence of exploitation (other than by Cardwell). However in addition to closing the hole, LastPass took additional steps to improve security, including implementing HTTP Strict Transport Security (HSTS), as Cardwell had suggested, implementing X-Frame-Options, and a Content Security Policy-like system in order to provide defense in depth.[19][20]

See also

References

  1. ^ "Recent changes to LastPass". Retrieved 10 March 2014.
  2. ^ a b "Features". LastPass. Retrieved 27 April 2014.
  3. ^ "Bookmarklets". LastPass. Retrieved 27 April 2014.
  4. ^ Michael Riley (5 May 2011). "LastPass says hackers may have stolen passwords for 1.25 million customers". Bloomberg News. Retrieved 28 April 2014.
  5. ^ "LastPass Acquires Xmarks!". LastPass blog. 2010-12-02.
  6. ^ Automation, partnerships drive Webroot revamp cnet.com 2010-07-26.
  7. ^ LastPass mobile
  8. ^ LastPass Credit Monitoring
  9. ^ Sameer's commentary on making lastpass open source
  10. ^ LastPass 1.50 Review & Rating | PCMag.com
  11. ^ LastPass Password Manager :: Add-ons for Firefox
  12. ^ Is Lastpass as good as they make it sound?
  13. ^ LastPass Adds Form Filler, Syncs Form Profiles and Passwords
  14. ^ Securely Synchronize Your Browser Passwords With LastPass
  15. ^ Security Now 256: LastPass Security or jump straight to review of LastPass at 0:52:44
  16. ^ Security Now 421: The Perfect Accusation
  17. ^ LastPass Security Notification
  18. ^ LastPass Security Notification(Archive)
  19. ^ a b LastPass Vulnerability Exposes Account Details (Archived by WebCite®)
  20. ^ Cross Site Scripting vulnerability reported, fixed (Archived by WebCite®)
Retrieved from "https://en.wikipedia.org/w/index.php?title=LastPass&oldid=606442828"