I have been using LastPass for the last three years and am impressed by it. Its cross browser support, the security and the easy password management, this is too much more than what I wanted from my cloud based password manager.
Though, what I did not know about LastPass, was how responsible they are as a company. Over the last few months, we have seen a series of hacks and data thefts ,each one bigger than the earlier. The one making rounds lately is the PNS hack. Though, out of all companies that were hacked, LastPass was the most responsible one and managed to pacify its customers. The timely response and the prompt action taken by LastPass has earned it a lot of good karma and as will help it gain more users.
LastPass was right in sounding the alarm and has taken steps to mitigate the effect of damages like these.
LastPass have mentioned that they will be introducing PBKDF2, a technique where a pseudo-random function is applied to the input password along with a salt( a 256-bit one, in LastPass’s case) repeatedly ( 100,000 in LastPass’s case) to produce a cryptographic key, which is then used to encrypt the password – as a deterrent to further reduce chances of brute-force attacks from being able to crack a password.
As the holder of all my online passwords, LastPass did exactly what I wanted it to do .The mature (non-annoying non-Amazon style) timely response was assurance enough that I will continue using LastPass. Thank you LastPass for raising the flags in time. For a security company, a key aspect of your business is understanding and connecting to your customers and I have to congratulate LastPass on this well-done job.