LastPass

from Wikipedia, the free encyclopedia
LastPass

LastPass logo 2016.svg
Lastpass ingevulde gegenevens bewaren.png
Screenshot (Dutch)
Basic data

developer LogMeIn
Current  version 4.1.46
(April 19, 2017)
operating system platform independent
programming language JavaScript
category Password manager
License commercially
German speaking Yes
www.lastpass.com

LastPass is a web-based password manager - online service . It has been offered in the freemium model since 2008 . It offers both a web interface and numerous browser add-ons.

The encryption is done with the AES algorithm and 256 bit length as well as PBKDF2 hashes.

The maker of LastPass was acquired by LogMeIn in October 2015 .

In December 2019, LogMeIn announced in a press release that it would be sold to subsidiaries of Francisco Partners and that the acquisition should be completed in mid-2020.

Security issues

As a password manager, LastPass has been the target of attacks several times, as happened in May 2011, June 2015 and July 2016. In June 2015 the attackers were able to steal e-mail addresses, password reminders and authentication hashes that are required for logging into LastPass but not the passwords and can only be calculated back with a great deal of effort. LastPass recommended changing the master password.

In July 2016, the security company Detectify discovered a hole in the LastPass browser add-on. However, this was closed before the public announcement. In March 2017, Tavis Ormandy from Google's Project Zero found several loopholes. In April 2017 it was announced that LastPass had made elementary mistakes in the implementation of two-factor authentication (2FA). The vulnerability was closed according to its own information.

According to Golem, LastPass stores the passwords in the main memory: "The password database is also completely stored in RAM - and remains there even if LastPass has been blocked."

See also

Individual evidence

  1. Releases ( Memento of the original from April 24, 2017 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / lastpass.com
  2. The Recent Changes to LastPass
  3. LastPass Premium
  4. The best way to manage your passwords . LogMeIn . Retrieved August 8, 2018.
  5. Security on lastpass.com
  6. Andreas Donath: Takeover: Lastpass password manager sold for $ 125 million . In: Golem.de . October 12, 2015 ( golem.de ).
  7. LogMeIn Enters into Definitive Agreement to be Acquired by Affiliates of Francisco Partners and Evergreen Coast Capital for $ 86.05 per Share in Cash. Retrieved January 8, 2020 (Canadian English).
  8. Eike Kühl: LastPass: Burglary with the password manager . In: The time . June 16, 2015 ( zeit.de ).
  9. Ronald Eikenberg: Zero-Day Gap in Password Manager LastPass , Heise.de , March 27, 2017
  10. Jan Schüßler: Another gap in LastPass closed, new version available , Heise.de , March 31, 2017
  11. Dennis Schirrmacher: Password manager Lastpass fails with two-factor authentication , Heise.de , April 24, 2017
  12. Moritz Tremmel in Golem: Password managers leave passwords in memory (February 21, 2019)