Is your LastPass data really safe in the encrypted online vault?

[Olivoil 0]

Wladimir Palant, the well-known creator of AdBlock Plus, has published a blog post which should be very concerning for every LastPass user.
 

TL ; DR: LastPass fanboys often claim that a breach of the LastPass server isn’t a big deal because all data is encrypted. As I show below, that’s not actually the case and somebody able to compromise the LastPass server will likely gain access to the decrypted data as well.

LastPass has published a post which shows that they have fixed at least some of those flaws detecetd by Wladimir.

Nevertheless, Wladimir's conclusion is:

As this high-level overview demonstrates: if the LastPass server is compromised, you cannot expect your data to stay safe. While in theory you shouldn’t have to worry about the integrity of the LastPass server, in practice I found a number of architectural flaws that allow a compromised server to gain access to your data. Some of these flaws have been fixed but more exist. One of the more obvious flaws is the Account Settings dialog that belongs to the lastpass.com website even if you are using the extension. That’s something to keep in mind whenever that dialog asks you for your master password: there is no way to know that your master password won’t be sent to the server without applying PBKDF2 protection to it first. In the end, the LastPass extension depends on the server in many non-obvious ways, too many for it to stay secure in case of a server compromise.

I'm happy that I switched to KeePass a long time ago.

[GoodVictor 0]

Your data is safe if you choose the right platform to keep them too. To keep the documents safe you should be willing to invest a little bit and consult the options on the market. If you ask me, I can suggest Future Vault. They help people everywhere build more trust with their clients and members by delivering important documents and information. I don't disagree that there might be people with some bad or unpleasant experience. There are a lot of moments to be considered such as passwords, devices from which you connect, etc.