Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>I much prefer the security of being in control of my file, and having its online option controlled by someone else (Dropbox); and logging into Dropbox to then see my passwords 'online' on the go.

You can't even do that. You have to install a local client. Download the file, open it in your new client, edit it, manually reupload it. If you don't want to use the on-web LastPass vault, then don't, but it's still doing local decryption and you can still used the signed Chrome extensions to carry out ops if you don't trust LastPass.com proper.

>If Lastpass.com is compromised, the attacker can MitM compromise my credentials.

Which part of "local, client-side encryption" is confusing?

edit: 1PassAnywhere is the exact same thing as what LastPass is doing with it's LastPass.com-served Vault.

edit2: There's even multifactor auth available for it and the Online Vault feature.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: