On Mon, Feb 4, 2019 at 3:49 PM Dale <rdalek1...@gmail.com> wrote:
>
> One reason I use LastPass, it is mobile.  I can go to someone else's
> computer, use LastPass to say make use of Paypal, Newegg, Ebay etc,
> logoff and it is like I was never there.

As much as I like Lastpass I would never do that.  It isn't magic - it
is javascript.  If there is a compromise on your computer, then your
password database will be compromised.  This is true of other
solutions like KeePassX and so on - if something roots your box then
it will be compromised.

If you were talking about something like a Chromebook that is still
locked down and you're using guest mode or logging in under a separate
user account from anybody else, then you're probably fairly safe
against that.  However, if you're just looking into a generic windows
box or a shared linux account then there isn't going to be much
protection if something has compromised the system.

At that point you're vulnerable to all kinds of attacks, from theft of
the password manager database, to just skimming the accounts you're
using.

This won't stop sniffing of individual passwords, but you could at
least protect your overall database by looking up the password on a
secure device (your phone or whatever) and rekeying it on the
untrusted device.  Then while that password is still vulnerable your
password database never touches that box.

-- 
Rich

Reply via email to