Lastpass/ How To Avoid Compromising Passwords

[THAIPHUKET]

I wrote this to lastpass support

I use an Android

1. Problem= gmail request occasionally physical password entry when I am on the road

For that I need to access my LP vault, i.e. compromising my LPmaster password to anyone.

2. your one time password are impossible to type without mistake, too long,

How to copy them , from where, but safely? Using these tiny password windows on smart phones?

Thanks

Amazingly prompt reply by LP support

For access to your sites on your Android, you may want to consider our Android app, part of our Premium upgrade (https://lastpass.com...res_compare.php and http://helpdesk.last...ss-for-android/). If that's not an option, our bookmarklets: http://helpdesk.last...m/bookmarklets/ may be a good option for logging in to your sites via the stock browser. Otherwise, you can login to m.lastpass.com.

OTPs can be created, manage, deleted, and printed from https://lastpass.com/otp.php - are you having any specific problems with the OTPs?

Best,

Amber

I still fail to understand.

Assume sitting in a cafe , reading mails, surfing ThaiVisa, do I not blast my password to anyone who might be keen to catch them?

and if then gmail arbitrarily chooses to demand physical re-entry of my gmail pword, which is so complicated that I must use the Lastpass vault to access it, would that not compromise my master pword plus all other pwords in the vault?

Do you use the temporary LP pwords? To print them out is unrealistic because they are so long that entering them in the field without mistyping is next to impossible.

[nocturn]

i fail to see any issue other than you are lazy

[Darrel]

Assume sitting in a cafe , reading mails, surfing ThaiVisa, do I not blast my password to anyone who might be keen to catch them?

Anything you do over wifi is potentially visible to anyone else nearby who has the right knowledge. The only exceptions would be things that occur via an SSL link (accessing your online banking, for example, or using a secure email server) though SSL links themselves are potentially hackable, even if this is very unlikely.

[THAIPHUKET]

Thanks Darrel, that´s what I thought. I assume with G3 the issue is the same . No security to speak of,

[Darrel]

3G is more secure than wifi. Whilst not perfect I would be surprised if anyone had any issues with 3G data being intercepted unless they have the Mossad or the MIB after them for some reason, not least because the use of 3G isn't dependent on being in one place on a fixed network with just a few other people. Safety in numbers!

Of course you should be aware that all unencrypted data is potentially visible to many people who work for your ISP and all the other service providers between you and the destination server.

[Darrel]

For what it's worth I'm a great believer in whole disk encryption using TrueCrypt and a complex password that is easy to remember but impossible to guess.

If this is done properly you can leave all your passwords in plain text on your hard drive rather than store them online or in a special programme, as without the main boot password it is impossible to get to the data (unless you are Mossad or MIB etc.). The only thing you really need to be careful about is not allowing the laptop to be stolen whilst it is booted up.

It is also very effective for desktop machines as it is more or less impossible to steal these without powering them down.