mjr wrote:We're talking about "Lastpass" which is run by LogMeIn, Inc., a US corporation, right? Clearly the US government does have jurisdiction and yes, they can move their servers, but do you believe their board and relevant workers are really willing to go to jail to protect your password? And is it even ethical to expect them to when there are alternative tools which you could use which wouldn't require it?
Exactly there are alternative tools.
Ultimately they're a tech company that relies on selling you security and ethics. If for any reason some dirt turned up on the it's only a few minutes work to switch.
If it really bothers you then use them to provide the first part of a password and (say) delete the last 4 characters and replace them with a pin number or some such.
mjr wrote:Plus, how do you know it doesn't store your master password? Have you (or someone you trust) got their app source code, checked it, built it yourself and compared it to their published app?
Like most things I have to take their word for it.
When you're selling security your business model would be very shaky though if they're lying through their teeth - particularly when there's no need for them to do so.
mjr wrote:I think we probably disagree about whether it's worth trusting what lastpass and similar corporations say about their security. Me, I trust a coded book more.
That conjures up an amusing image of a 'Columbo' alike trying to use their phone, digging out their trusty notepad and screwing their face up as they try to decode and enter the information thus contained just so they can order a replacement notebook on Amazon...
(Obviously I've no idea of the reality)
Coded book though - that sounds horrifically clunky. I trust you have a backup(s).
Do you carry it around with you all the time or just if you think you might need to access a website?
A quick check on lastpass suggests I have 230 passwords - a lot of which are nonsense sites like this, but that's still a lot of messing about with a notebook. Particularly if you change the passwords regularly.