“There are password management apps that generate and store passwords for you like LastPass, but they can’t be trusted as they store your passwords on their servers.”
I’m pretty sure they only store the encrypted database on their servers (your passwords are encrypted with your master password before being sent to the server), which is equivalent to using Dropbox or Google Drive to sync your encrypted file.
Yes, I use Lastpass because I read that all of their encryption and decryption is done on-device using Javascript. Their servers never see your master password or your site passwords, they only pass the encrypted blob back and forth.
It’s also rather handy to have it built-in to all major browser, generate gibberish passwords, and have mobile apps too.
That would violate terms and conditions not to mention wouldn’t someone notice it is/was doing that? Agreed they have the ability but not the legal ability.
“There are password management apps that generate and store passwords for you like LastPass, but they can’t be trusted as they store your passwords on their servers.”
I’m pretty sure they only store the encrypted database on their servers (your passwords are encrypted with your master password before being sent to the server), which is equivalent to using Dropbox or Google Drive to sync your encrypted file.
Yes, I use Lastpass because I read that all of their encryption and decryption is done on-device using Javascript. Their servers never see your master password or your site passwords, they only pass the encrypted blob back and forth.
It’s also rather handy to have it built-in to all major browser, generate gibberish passwords, and have mobile apps too.
[Comment removed by author]
That would violate terms and conditions not to mention wouldn’t someone notice it is/was doing that? Agreed they have the ability but not the legal ability.
Even if we assume no malice on their part: If their servers get cracked, you still have a problem.