
LastPass 4.0 with Emergency Access and a New UI - bendoerr
https://blog.lastpass.com/2016/01/introducing-lastpass-4-0.html/
======
bendoerr
It sounds like with the new Emergency Access they are generating a key pair
for the emergency contact, encrypting to the public key and escrowing the
encrypted the symmetric key for your vault data [1]. However LastPass also
controls the private key... which seems counter to the marketing, e.g.
LastPass should never have access to your symmetric key.

[1]: [https://helpdesk.lastpass.com/emergency-
access/](https://helpdesk.lastpass.com/emergency-access/)

~~~
jlgaddis
Read the content in the right hand column (at your link), under the various
headings...

The "Emergency Contact" must be a LastPass user, so they already have a
public/private keypair. Your vault is encrypted with their public key and,
when the time comes, they're given access to your encrypted vault and are able
to decrypt it using their own private key.

Sounds good, in theory, but I'm certainly no cryptography expert. Regardless,
I'm not sure if I trust it/"them".

(It won't matter much for me, anyways. When the announced that LogMeIn had
bought the company, I jumped ship and moved to 1Password.)

