Using LastPass 'One Time Passwords' to Protect Your Data From Key-loggers
Loading...
Loading...
50,569
Link to this comment:
Share to:
Loading...
- 2:15Welcome to 1Passwordby AgileWebSolutions37,493 views
- 0:48How to recover your password on windows XPby HS94andPI9329,217 views
- 4:41Victoria's Secret Show 2000, pass 2by thatsboss30,019 views
- 9:52Dane Cook - Why Women Win Fightsby WorldWideComedyTM765,866 views
- 3:21Using LastPass Sesameby lpuser1157,205 views
- 8:37Clinton Kicks the Crap out of Fox News Part 2by prezjackie4,018,023 views
- 3:26Passpack Autologinby passpack21,770 views
- 2:03Strong 2 factor authentication on Apple's iPad ...by YubiKey3,925 views
- 5:57The Last Password You'll Ever Need (LastPass)by mediasprout876 views
- 1:00LastPass iPhone bookmarklet syncby lpuser1117,458 views
- 2:38Using LastPass to Generate Secure Passwords (ad...by lpuser1115,914 views
- 1:45LastPass Bookmarklet setup and demonstrationby lpuser1135,143 views
- 1:34LastPass Form Fill Demonstrationby lpuser1130,315 views
- 3:07Using LastPass with Yubico's YubiKeys - Securit...by lpuser1111,400 views
- 8:48LastPass explained by Steve Gibson - Part 5 - O...by someoddstuff567 views
- 2:26Using LastPass to Store Confidential Notes Secu...by lpuser1111,732 views
- 2:19Using the LastPass Screen Keyboard To Log Into ...by lpuser117,335 views
- 2:25Using LastPass with Yubico's YubiKeysby lpuser1148,756 views
- 1:02Pledge, One-time Password for Google Appsby TheCommiter1,046 views
- 3:30LastPass Password Manager For Firefox 3 5by YesWeDoServers2,623 views
Your master password is kept safe by this mechanism, but if you use any of your stored passwords on a machine with a key logger, then the ones you used can be compromised. If you manually type any in, those are certainly exposed.
For auto fill is something done to protect against key logging?
Maybe someone from LastPass can comment on this.
mattz200802 1 month ago
A+ work to the Lastpass team.
guyalan64 11 months ago
@bestSVMS Not quite sure. However, the database is encrypted and decrypted without them knowing, it's all done client side. So this is likely. From a talk by Steve Gibson, he mentioned a lot of this, and how they go about checking stuff.
Though I worry that these are soft mechanisms (the software checks and says yes or no) as opposed to hard mechanisms (they can't decrypt without it). The recovery mechanisms some of them have (like the grid), suggest these are soft mechanisms.
uriahsw 1 year ago
@uriahsw
so if you generate 10 otp, it would be encrypted 10 times?
bestSVMS 1 year ago
@bestSVMS The could transcode it client side. Additionally, you might find that the header is encrypted with your hashed password/etc, and the header then just has to be transcoded. Though given how small the data is, it's likely the whole package is.
Though I am uncertain. I would like to see more movies about the infrastructure and architecture behind LastPass.
uriahsw 1 year ago
so you use one time password insted real password so one stoll the real one?
mogroo 1 year ago
in order to build in the one time passwords, wouldn't that involve LP knowing your password and username? From one of the other videos, he said that username and pass is hashed, and that is used for authentication. That is then hashed again, to encyprt the database. In order to provide the OTP, somehow the database has to be decypted without them knowing the key, which doesn't seem like the case.
bestSVMS 1 year ago
Excellent tutorial. Awesome program.
Laoch111 1 year ago