Hacker News new | past | comments | ask | show | jobs | submit login

When thinking about security who has more resources and expertise? LastPass or Google?



It depends on your threat model. If you are more afraid of the government than of a random script kiddie, the vastly bigger resources of Google do not matter as your (encrypted) database is just a NSL away.

And then the NSA is trying to crack it </tinfoil hat mode>


Well if I put on my tinfoil hat, then there is no protection from the NSA. So, now I'm only trying to protect my password/identity from criminal elements, I tend to side with Google as knowing what they are doing. It doesn't mean they will also be mistake free, but it is something they deal with and have been dealing with before LastPass was even an idea.


When you've put your passwordfile in the cloud, you should assume it's fallen into the wrong hands (NSA) already.

I've put my keepass file in the cloud for extra backup, and I know I can only rely on its cryptographic strength to keep it safe.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: