

What are the chances of Lastpass being backdoored? - chashaz

I&#x27;m a full time user of Lastpass, the free or paid online cloud based password manager.<p>But in the light of recent revelations involving various government backdoors in popular sites, I&#x27;m beginning to wonder if such services can be trusted.<p>I&#x27;m not an expert but I&#x27;d seriously want to hear the opinion &amp; advice of HN users.<p>Thanks
======
macarthy12
Read / Listen to this for a complete answer.

[http://www.grc.com/sn/sn-256.htm](http://www.grc.com/sn/sn-256.htm)

~~~
da_n
I have a lot of respect for Steve Gibson but I wouldn't take this as anything
but his opinion. All he is doing essentially is re-iterating what LastPass
themselves claim about their security, so you can only trust this as much as
LastPass own claims. If you know Steve Gibson you'll know his TNO (Trust No
One) policy. I do choose to trust LastPass claims personally and am a paying
customer, but I would much rather use an open source, battle tested
alternative if it existed.

------
mike-cardwell
Lastpass could be compelled to send modified JavaScript down to your browser
which records your password when you enter it, and reports it back, meaning
they then have complete access to your password vault contents. They would
also be capable of retrieving meta data including the list of sites you log
into, when you log into them, and from what IP addresses.

