First, when I started testing those 3 services, I was enthusiast about it. I could set up my password
Then, things started to get ugly when I received a red banner from LastPass, saying that it could not connect to the server.
Security issue
How can we trust a service that remotely stores our passwords? No, it is not possible. These companies can steal our passwords. One of their contractors can steal our credentials and we may be never aware of it. They can tell us whatever they want in fancy simplistic youtube videos. They can lie. They can state things like: “we value security” which is easy to say but does not prove anything. If a company value security, they should ask their employees to sign a non-disclosure agreement because employees are the first potential threat. Then, it would be important to know which technology they use to store the data.
Also, some security experts pinpointed different security issues related to LastPass:
- https://www.tomsguide.com/us/lastpass-phishing-attacks,news-22139.html
- https://www.pcworld.com/article/3185731/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html#tk.rss_all
Risk of password loss
We didn’t find a solution to backup our credentials when we tested it. On top of that, at some point, the LastPass servers were unavailable and the automated credentials autocomplete didn’t work. We guessed there were no locally stored data.
Performance
The browser extensions slew down the page load from time to time.
Subdirectories not supported:
I discovered that LastPass didn’t support multiple websites in subdirectories. In fact, LastPass suggests the password belonging to the parent domain when someone tries to log in into a subdirectory of this domain.
Big surprise when I tried to delete all my passwords
I discovered it had to delete the credentials one by one. Then, before closing the account, I told myself “Did they really delete the credentials on their server, I will never know?”
Privacy policy:
We found interesting clauses in the privacy policy of LastPass
As you can see below, LastPass disclose customers details with third parties. However, we don’t know those third parties and we don’t know their privacy policy.
We may disclose the information we collect, as described above, with nonaffiliated third parties that are acting on our behalf, including:
Companies that perform data searches and support services for us, including the three credit bureaus.
Conclusion
Some people complain that Google or Facebook try to gather information about users. On the other hand, few people expose the problems related to those companies that store passwords.