| 1 |
On Mon, Feb 4, 2019 at 3:49 PM Dale <rdalek1967@×××××.com> wrote: |
| 2 |
> |
| 3 |
> One reason I use LastPass, it is mobile. I can go to someone else's |
| 4 |
> computer, use LastPass to say make use of Paypal, Newegg, Ebay etc, |
| 5 |
> logoff and it is like I was never there. |
| 6 |
|
| 7 |
As much as I like Lastpass I would never do that. It isn't magic - it |
| 8 |
is javascript. If there is a compromise on your computer, then your |
| 9 |
password database will be compromised. This is true of other |
| 10 |
solutions like KeePassX and so on - if something roots your box then |
| 11 |
it will be compromised. |
| 12 |
|
| 13 |
If you were talking about something like a Chromebook that is still |
| 14 |
locked down and you're using guest mode or logging in under a separate |
| 15 |
user account from anybody else, then you're probably fairly safe |
| 16 |
against that. However, if you're just looking into a generic windows |
| 17 |
box or a shared linux account then there isn't going to be much |
| 18 |
protection if something has compromised the system. |
| 19 |
|
| 20 |
At that point you're vulnerable to all kinds of attacks, from theft of |
| 21 |
the password manager database, to just skimming the accounts you're |
| 22 |
using. |
| 23 |
|
| 24 |
This won't stop sniffing of individual passwords, but you could at |
| 25 |
least protect your overall database by looking up the password on a |
| 26 |
secure device (your phone or whatever) and rekeying it on the |
| 27 |
untrusted device. Then while that password is still vulnerable your |
| 28 |
password database never touches that box. |
| 29 |
|
| 30 |
-- |
| 31 |
Rich |
Archives