Your passwords sux!

I have facebooked that LastPass is the tool everyone needs to be using.  I am not always clear as to why I select the tools that deserve your attention.  Every week I get some news and security tidbits from the below podcasts.  What I love about this particular source of information is that Steve Gibson provides ALL the details, dives deep and leaves no stones unturned.  I know this is the second post in a row about Steve’s stuff – but I really did get a Facebook message from a cousin today asking why he should trust LastPass with his passwords.

The short answer is that LastPass does not get your passwords (not exactly).  All that is sent to them is your encrypted stuff.

Most if not all of the password decryption runs in your browser – but it may look like it is on their site.  I am no longer 100% clear on this but myself I will have to re-listed to the first podcast below.

Lastpass and why you can trust it:
Text http://www.grc.com/sn/sn-256.htm Audio http://media.grc.com/sn/SN-256.mp3

Lastpass and why you should use it:
Text http://www.grc.com/sn/sn-366.htm Audio http://media.grc.com/sn/SN-366.mp3

There are some password recovery items the paranoid should look into and disable (but think, know, trust, what you are doing when you do so).

Always Swim Up