Aug 27, 2008

Have you seen what passwords a virus could pull from your PC?

One of the reasons we created LastPass was to remove a threat that we were worried about -- if you somehow got a virus on your PC, could it immediately grab passwords and then uninstalls itself leaving you none the wiser? This would be a particularly insidious attack as you'd be unlikely to notice, and unlikely to change your passwords as a result of the attack.

If you're on a Windows PC, I'd encourage you to try https://lastpass.com/lastpass.exe
this is the LastPass installer, and as one of the installation steps allows you to optionally see what passwords LastPass can find, and optionally choose which (if any) you'd like to encrypt and then potentially remove from your PC.

It may be a big eye opener about what passwords are sitting out there in an unencrypted form on your PC, and even if you don't choose LastPass to be your Password Manager, you'll at least know what you're risking, and be able to clean up.

Recently a virus called Gammima.AG. made it onto the space shuttle, and it's goal was to gather passwords (albeit not in the exact same way I describe above), but it shows that attacks of this nature aren't far fetched and can happen to the best and brightest of us.

No comments:

Post a Comment