LastPass data is held and decrypted locally. The only password at risk is the master password used to access logins but it's useless without the local file.
LastPass - What encryption is being used?
Agree on the need to see the exact error.
What they didn't say is that the encryption they're using is not strong enough, and there are vulnerabilities already detected in the password handling.
Look at this paper that took LastPass as a test subject: http://www.cs.uccs.edu/~cyue/papers/ASEScience13.pdf
It's a few years old, and maybe it's already fixed, but how do we can know that? Or that they didn't add any new hole?
Another issue is the master password you mention. Assuming perfect software, the security of the whole thing relies on the safety of the master password. Using a weak one means that brute forcing it will be trivial and anyone can ultimately reveal your passwords.
Due to that, and the general unreliability of anything "cloud", I'm only suggesting software that does NOT interact with any servers directly (at least as an option) and specially in the case of passwords managers must be open source, so we can verify what it really does. And having serious research to back that up is an important part in my choice.
I would not store anything like that in the cloud or let any program handle it.
If you can`t remember your passwords in your head, then you should right them down along with what they go with.
Okay here's an alternative view:
Bad news! LastPass breached. Good news! You should be OK… – Naked Security
What about getting back to the original question?
Saving passwords into a webmail folder indeed.I know this sounds like somewhat of a "security" issue BUT...does anyone know if there's a safe way (free) where I can save all of my log-ins/passwords ? I've had a couple of hard drive crashes now and I'm nsick of losing all that info ! I've actually been savin all of my log-in info to a folder in my webmail.BUT,....THAT'S TEDIOUS ! AND...I tend to only update that about once a month !!I need something like a "social" (But,not "public") place where I can save all of of my log-in info that's safe (Other than my pc) ??????? And,if it makes any difference (In case,there's an add-on) I generally use Firefox for my browser.
It's lucky that I'm not some sort of hacker of identity thief considering the number of work colleagues and relatives passwords that I have seen written down. Never mind about the number of passwords that are stored by their browser's password manager.
I use a password manager because I can use different complex passwords for many (unimportant) sites without needing to remember them or write them down or type them into the password field. I certainly do not use a password manager for anything important like banking logins or email logins. Those stay in my head. If I want to access my bank account online - login requires me to place my card into a portable card reader and enter my PIN number. Then the card reader generates a unique code on it's screen that needs to be typed into the browser in order to continue. There's no way it can be hacked.
I'm comfortable with using LastPass. It meets my needs for unimportant logins.
Problem with storing passwords in your head is that human brains are much weaker for storing random things, which happen to be excellent passwords, but excel in remembering patterns and familiar things, which make very predictable passwords.
The more important a login is, the more important is to use a password manager, for this very reason. For example, can you remember a password like this?
And even then, can you create it? Most people I know would say "no". Passwords managers make both of those trivial. And this makes them so important for vital accounts. I would use them for my main email, bank account and a few more, but maybe go without one for unimportant things like forums. But since I already use it, there is no reason not to use it everywhereCode:BF`]C]!zGv"u0-Ky{a.0
Of course, all of this refers to local password managers, where the data remains with you under your control. Uploading that to internet is of course an immense risk.
Quote