On Mon, Feb 4, 2019 at 3:49 PM Dale <rdalek1...@gmail.com> wrote: > > One reason I use LastPass, it is mobile. I can go to someone else's > computer, use LastPass to say make use of Paypal, Newegg, Ebay etc, > logoff and it is like I was never there.
As much as I like Lastpass I would never do that. It isn't magic - it is javascript. If there is a compromise on your computer, then your password database will be compromised. This is true of other solutions like KeePassX and so on - if something roots your box then it will be compromised. If you were talking about something like a Chromebook that is still locked down and you're using guest mode or logging in under a separate user account from anybody else, then you're probably fairly safe against that. However, if you're just looking into a generic windows box or a shared linux account then there isn't going to be much protection if something has compromised the system. At that point you're vulnerable to all kinds of attacks, from theft of the password manager database, to just skimming the accounts you're using. This won't stop sniffing of individual passwords, but you could at least protect your overall database by looking up the password on a secure device (your phone or whatever) and rekeying it on the untrusted device. Then while that password is still vulnerable your password database never touches that box. -- Rich
