back to article LastPass connectivity snafu locks out Brits from password manager

Connectivity issues have left Brits unable to reliably access LastPass, the online password manager service, since Tuesday. In a series of updates to its official support account on Twitter, LastPass suggested that users should use "offline mode" as a workaround. The cause of the problem and when it might be resolved remains …

  1. JimmyPage Silver badge
    FAIL

    (Lastpass user here) No problem for me

    But then I don't trust 100% to cloud services. I have an exported copy of my vault in an encrypted file on my carry-everywhere USB key.

    You mean you didn't ?

  2. Naselus Silver badge

    What I don't understand

    is why anyone would want an online password manager. It's another one of those cases where the idea of sticking it in the cloud brings little benefit and a ton of downsides, and has just been done 'because we can'.

    I want my password manager + DB on a USB stick in a desk drawer, not a datacenter in Stockport.

  3. Anonymous Coward
    Anonymous Coward

    Re: What I don't understand

    So that they can access their list of logins even if they don't have access to their home PC or the drawer containing the USB key I assume.

    (Or for businesses, so they can share credentials between several users, and revoke them at will etc.)

  4. Ben1892

    Re: What I don't understand

    I just carry my desk around to avoid that problem

  5. Naselus Silver badge

    Re: What I don't understand

    "So that they can access their list of logins even if they don't have access to their home PC or the drawer containing the USB key I assume."

    Well, except for when there's literally any connection problem between you and wherever the hell the company has decided to dump your data. Like, y'know, what just happened.

    Combine with that the increased attack vectors when your password DB is always online and relying on the security regime implemented by the work experience kid of passvault company A, which in turn relies on the security regime implemented by the work experience kids at Cloud Company B, and you're looking at a whole bunch of downsides for the sake of not having to carry a 7 gram USB stick around with you.

  6. Stuart Halliday

    Re: What I don't understand

    Can't do that with my phone or tablet...

    I'd rather not have a USB stick welded to my person either.

  7. Velv Silver badge
    Headmaster

    Re: What I don't understand

    Well, except for when there's literally any connection problem between you and wherever the hell the company has decided to dump your data. Like, y'know, what just happened.

    Which is why LastPass has an offline mode which uses the cached local copy of the database so that users can still retrieve their passwords. On iOS this local DB is on the encrypted file system as well as being encrypted itself so well protected against breach.

    While you can encrypt your USB key, can you always run the tool to gain access to the data? I know of no employer where I can connect my USB keyboard their PC let alone run the app to access it, so a USB key pretty much means I would have no access to my passwords during working hours.

    Ultimately I don't store any critical passwords anywhere, I memorise them. It's the myriad of relatively trivial passwords in the password safe.

  8. tedleaf

    Re: What I don't understand

    Er,usb hosting ?

  9. Anonymous Coward
    Anonymous Coward

    Re: What I don't understand

    "(Or for businesses, so they can share credentials between several users, and revoke them at will etc.)"

    Mmmm yes and no, 'cause I certainly would want to have that server on-premise. And while provisioning random passwords into users' stores might be interesting, you can't deprovision a password clientside.

    And yes, I have briefly considered looking for site licenses for assword managers with support for the big 3+2 platforms while our glorious unified identity management approaches production with all the tenacity of a shambling glacier using Apple Maps, at which point our dozens of systems will develop new, exciting tentacles to delightify the user experience of around 30k people. (AC for obvious reasons)

  10. Infernoz Bronze badge
    WTF?

    Re: What I don't understand

    For credentials used on portable/multiple devices, cloud should only be used for distribution of securely pre-encrypted logins, with a local, still-encrypted cache and available temporary space for downloading, encrypted, timestamped/versioned updates, so that on-line login database access issues do not prevent use of older logins unless invalidated by expiry data.

    Sharing logins is WTF stupid, because it does not allow proper, separate, user level audit-logging and lock-out, so multiplies vulnerability, and multiples inconvenience if a shared login must be replaced. If shared credentials can't be avoided for use of something, it must be protected by a separate login access layer hiding those credentials from users!

  11. Ragarath
    Joke

    To avoid...

    Just write them down on the back of your hand.

    Or use the same one over and over on all sites.

    On second thoughts use that thing you we given called memory ;)

  12. WonkoTheSane
    Headmaster

    Three Words...

    Mooltipass (OK, two words!)

    https://www.themooltipass.com/

  13. Symon Silver badge
    FAIL

    Re: Three Words...

    This site can’t be reached

    www.themooltipass.com refused to connect.

    Try:

    Checking the connection

    Checking the proxy and the firewall

    ERR_CONNECTION_REFUSED

    p.s. https://pwsafe.org/

  14. Anonymous Coward
    Anonymous Coward

    Re: Mooltipass

    Pretty neat, but it's another case of preaching to the choir.

    Given the technical ability of the general public, it's far too fiddly. So the end result is it will mainly be used by the people who really don't need it, as they will already be aware of best-practices.

    Same as password managers in general. Most folk I know who use them are well aware of the pitfalls and mitigate around them. The folk that don't use password managers are - again generally - completely unsavvy about password hygiene anyway.

    Reminds me of an Ian Anderson quip at a Jethro Tull gig many years ago ...

    (holding up signature guitar)

    "Isn't it funny that when you can afford them, people give them to you for free"

  15. WonkoTheSane
    Facepalm

    Re: Three Words...

    @Symon - Link was copypasta from working website. Website still works. Problem @ your end.

  16. Brangdon

    Re: Three Words...

    The Mooltipass link worked for me. It expects you to carry a smart card, a dongle, and (to use with a phone) a USB cable. I'm not convinced it's easier to use than, say, KeePass, which is software you can keep installed on any device that needs it, with an archive replicated via DropBox or similar.

  17. groovyf

    No problems for me either (as a LastPass user)

    https://www.troyhunt.com/only-secure-password-is-one-you-cant/

  18. Velv Silver badge
    Big Brother

    GCHQ taking a copy of all UK accounts?

  19. Dan 55 Silver badge
    Black Helicopters

    Who's going to take the red pill and run traceroute to LastPass' server?

  20. Anonymous Coward
    Anonymous Coward

    > GCHQ taking a copy of all UK accounts?

    If they are, can they let remind me what my username/password is for P0rnhub please. I've forgotten it again.

    Thanks in advance....

  21. Anonymous Coward
    Anonymous Coward

    smallcockedwanker / p455w0rd

    You're welcome.

  22. To Mars in Man Bras!
    Thumb Down

    LastTwat

    >>>[LastPass] In a series of updates to its official support account on Twitter...

    ... whilst ignoring the countless "Last Pass not Working" threads on its support forums. Obviously sound-biting on Twatter is much more hipster and cool than actually directly addressing your paying customers' concerns.

  23. bexley

    its been doing this for weeks

    in the netherlands

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018