Dear Lifehacker, You recommend LastPass to avoid problems when services get hacked, but what happens if (or when) LastPass gets hacked? Wouldn’t that just give hackers access to all of my accounts? Is LastPass safe to use? Thanks, Password Protector
Your worry is a common one: if LastPass stores all your passwords in the cloud, what’s to stop someone from hacking them and then getting into all your other accounts? Thankfully, it’s not so simple. Nothing is 100 per cent secure, but we think you can feel safe with LastPass.
First of all, let’s remember that LastPass — as a security-focused app — is dedicated to security in a way many services are not. Even when LastPass thought it might have been hacked back in 2011, it notified users immediately, and forced a master password change if you tried to access it from a new computer.
Furthermore, like any other service, you should be using two-factor authentication with LastPass. If you do, someone with your master password still will not be able to access your account, even in the event of a breach. If you want to take it to the next level, you can put together this awesome thumb drive-based system and enable these features for extra two-factor security.
Lastly, remember that the only secure password is one you can’t remember. If you can remember it, it’s probably more easily hacked and more easily usable on your other accounts. Using a password manager is still the most secure way to use your accounts, and it makes things very easy to audit an update when someone does get hacked (which sadly is a common occurrence these days).
If you don’t like the idea of storing your passwords in the cloud, there are alternatives, like the awesome KeePass. These keep your data out of the cloud, but make it more difficult to access your passwords on anything but your main computer — which is a huge blow to convenience. Unless, of course, you sync them with Dropbox, which defeats the whole purpose of using a local password manager (though you could encrypt the database with something like TrueCrypt first). And remember, if someone has physical access to your computer, they can still get your password database that way.
At the end of the day, it’s up to you to use what makes you feel safe. But remember: nothing is 100 per cent secure. We still think LastPass is the best option around, as long as you use it correctly.
Got your own question you want to put to Lifehacker? Send it using our [contact text=”contact form”].