27th Jul 2016
If a LastPass user visits a website with some malicious code on it they could find their account completely compromised and all their passwords completely exposed to hackers.
Scary stuff.
I've never used one of these password vault services but I imagine they're very useful as we use more and more online services in our daily lives. This convenience is appealing, but putting all our passwords into a single place online inevitably comes with risk.
I'm reminded of a piece of advice I once read about storing passwords. It might sound surprising, but (assuming you trust your household and work colleagues) there's almost no risk in writing down certain passwords on a piece of paper kept at home or in our desk drawer. This is because most attacks on our online lives come from online sources, which are completely independent from our physical lives. There's no way a hacker in Russia could find and use the piece of paper with our Twitter password on it, for example. Same goes for our wifi passwords - someone outside your premises can't see that bit of paper so can't access the network, while someone inside your premises... well, you already trust them, right?
I don't think anybody would recommend this for financially-sensitive services like PayPal or online banking, and you should still change passwords regularly, but maybe this helps avoid needing a cloud-based password vault that could one day reveal everything you've got through a single gaping security hole.
