Add your comments
DLS Archives
May 2013
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Essential Windows Apps | Do Not Track | Microsoft Office | SayNow | LibreOffice | Zeam Android Launcher | Dead Space iPhone | Firefox 4 Mobile | Firefox 4 Release | PlayStation iPhone App | Excel Tips | Android Launcher | Google One Pass | Dead Space | Google Cloud Print | Songbird for Android | NBA Jam | Internet Explorer 9 | Windows 7 Connector for Mac | Office Mac 2011 | IE9 RC
Reader Comments (Page 1 of 1)
(Unverified)Aug 23rd 2008 9:20AM
OK Joe,
I guess I'm willing to give it a fair try, but only with nonessential passwords for now: not, for example, with passwords for online banking. You know, if I was a fraudster wanting to steal passwords, this would be exactly the kind of service I would setup to collect my data (and then, after harvesting many thousands of them, I would suddenly let it go bust). In other words, how should I know I can really trust the people behind something like this? I don't think I'm paranoid, but I do want to be careful.
Henk
leeAug 23rd 2008 9:23AM
That's an excellent point, Henk, and one for anyone to consider when using ANY online password sync service - even the addon for KeePass.
How do you REALLY know that everything's totally safe once it's off your PC?
(Unverified)Aug 23rd 2008 10:27AM
Henk -
It's a fair point, though if you look at our product closely you'll see a lot of features, and a lot of time and effort has been put in to do this right; and I'm talking about the little features that no one notices otherwise because the product 'just works' like refreshing open LastPass.com browser sessions when you add a password in another tab, or offering to replace an existing account, or confirm a password update. These things take a lot of time, and supporting IE and Firefox is more than double the amount of work.
My team and I also have a reputation which we've worked hard to build and wouldn't throw away; I was an executive at a software company which was acquired for $50M, and worked extensively with large Financial Service clients.
We originally started writing this months ago with everything encrypted server side (believe me, that's a lot easier), but stopped and spent an extra few months making sure we could make the entire system run with exclusively client side encryption because we wanted something that would hold up to scrutiny, wanted something we could use comfortably, something where the server could be stolen and we wouldn't be a head line news story.
There are other start-ups out there which are taking your password and keeping it on their servers, or using the built in, insecure password manager -- we didn't want to be like them.
Trust is earned, and we hope we're on the road to earning that trust.
Joe