Aug 27, 2008

Have you seen what passwords a virus could pull from your PC?

One of the reasons we created LastPass was to remove a threat that we were worried about -- if you somehow got a virus on your PC, could it immediately grab passwords and then uninstalls itself leaving you none the wiser? This would be a particularly insidious attack as you'd be unlikely to notice, and unlikely to change your passwords as a result of the attack.

If you're on a Windows PC, I'd encourage you to try https://lastpass.com/lastpass.exe
this is the LastPass installer, and as one of the installation steps allows you to optionally see what passwords LastPass can find, and optionally choose which (if any) you'd like to encrypt and then potentially remove from your PC.

It may be a big eye opener about what passwords are sitting out there in an unencrypted form on your PC, and even if you don't choose LastPass to be your Password Manager, you'll at least know what you're risking, and be able to clean up.

Recently a virus called Gammima.AG. made it onto the space shuttle, and it's goal was to gather passwords (albeit not in the exact same way I describe above), but it shows that attacks of this nature aren't far fetched and can happen to the best and brightest of us.

How LastPass protects against phishing attacks

Hopefully you have started using LastPass and are now hooked because of the added convenience, security and organization it brings to you life. One facet of LastPass security that we haven't really mentioned is how we protect you from phishing attacks.

Phishers setup rogue websites with domains that are close in name to their target, so they can catch people who mistype the URL. They make the page look identical, so it is easy to enter your login information without a second thought.

LastPass protects against this if you use the LastPass website to login or the Sites drop-down in the plug-in. There is no URL to type, LastPass navigates to the page for you. It is both convenient and safe.

The second way phishers often trick people is by sending emails that look legitimate, but have links that point to their website instead of who they are impersonating. LastPass protects against this by only form filling and putting our icon in the form fields if you have an account with this site.

So if you do not see the LastPass icons in the form fields on one of your sites, do not simply enter your information! First make sure you are logged into LastPass and review the address.

Lastpass Saved Me While Traveling Abroad - No Stress Bill Pay From a CyberCafe

Victory was mine this morning, Visa won't being getting a late fee from me! Even though I was traveling abroad - on the road - without a secure internet access point this morning in Berlin, Lastpass's virtual keyboard and universal access saved the day.

About six million north americans live abroad with 20 million more working/traveling outside the country every year. As a member of this traveling horde, I sometimes find myself stuck in a foreign country, without secure Internet access needing to pay an online bill or transfer funds between bank accounts. In the past - I had to choose between logging on from a public PC and hoping for the best - vis-a-vis keystroke loggers and other bad online things or paying late fees or overdraft penalties.

Not today. I was able to log-on to my credit card account using the Lastpass virtual keyboard ( feature in the upper right on the log-in page) and pay a credit card bill. I know the guys behind Lastpass from our days at eStara so I'm not terribly surprised they've made Lastpass easy to use , portable and secure, but I am pleased that they did. Thanks guys!