Risks of Storing Passwords in the Cloud with LastPass

Two recent incidents highlight the risks of storing passwords in the cloud with LastPass. The official reports from LastPass are here and here. I have updated my popular Which Password Manager post to include a description of these incidents.

It is important to note that LastPass stores only encrypted passwords on their servers. So even if encrypted passwords are stolen, it will be nearly impossible to reveal them if the master password is strong. This reinforces the need to choose a strong master password to guard the passwords stored in a password manager. For more on master password selection, see here: Master Password Selection.

FilterJoe is a Different Kind of Blog

This revision to Which Password Manager was the most substantial revision I’ve made to a prior post. However, please note that I make revisions to past material frequently. The majority of my posts contain information that will be relevant for at least a year, sometimes much longer. Therefore, I spend a lot of time and effort revising content I’ve already written.

Frequently revising prior blog posts is not standard practice. But I treat FilterJoe more like a reference site than a blog.

To be a good reference site, material needs to be accurate and up-to-date. If anyone ever notices anything in my posts that is not accurate or up-to-date, please point it out, and I’ll be sure to make the necessary revisions.

Author: Joe Golton

I’m a dad with a son who loves baseball. Professionally, I’ve been a software developer, investor, controller, and logistics manager. I now make my living from this blog, supplemented with occasional consulting gigs.