LastPass stores the encrypted blob on the user's device and at our Tier-1 data centers. Using the Enterprise policies you can control the settings of individual accounts making all your users more secure (i.e.: enforce strong, long master passwords and use of 2nd factor auth universally at a company). The only data that is accessible to LastPass is low value data such as email addresses which we need to support users. Even under government subpoena LastPass could ever only turn over an encrypted blob with no key. Neither the master password nor the key is ever shared with LastPass, and never touches LastPass servers. LastPass employs a 'zero-knowledge' model: all sensitive data is encrypted locally with a key generated from the user's master password. In addition a dashlane rep at a recent conference mentioned they were more secure so I'm hoping to get some counterpoint thoughts on that as well. I'm looking for some security reassurances. A lastpass hack with ALL our secure credentials moved into lastpass would be devastating.
We have a secured spreadsheet on our network that holds other passwords for non web services, notes, etc that I'm thinking about transitioning into lastpass via secure notes.Ī lastpass hack of our passwords in our current state would be damaging. We use it to store the passwords to various resources. Recently I've started deploying lastpass enterprise to my IT staff. I've been a lastpass personal users for a numbers of years. This is a general question about lastpass security. I've been a lastpass personal users for years, when I thought about bringing in the enterprise product, I emailed their support. Email the support of the products you are interested in and and ask them about it.
0 kommentar(er)
