Some time ago I made the switch from Firefox to Google Chrome. When I was on Firefox I was a heavy user of LastPass. Part of the reason was that Firefox didn't use OS X's excellent Keychain Access program for password management. Is this still the case?
Now I've been on Chrome for quite some time and I am pleased with the way it integrates with OS X, exp. re: Keychain Access.
There is a LastPass extension for Google Chrome. I wonder if I'm missing out on much by not using it. I also wonder if, in some ways, my data are less secure if I put all my stuff out there 'in the cloud'. Thinking of recent missteps by Dropbox et al. makes me a little queasy. There are other concerns such as making a large number of highly random passwords and storing them in LastPass, only for LastPass to be sold. All of a sudden I'd have quite a task on my hands to get all those random passwords back.
With these things in mind, is it advisable to use, and rely upon, LastPass in a Chrome-only OS X environment? Any suggestions would be greatly appreciated.
Best Answer
I don't have enough experience and knowledge of the LastPass folks to answer your questions. The dropbox issue is a non-issue if the data stored on the site was encrypted well before it ever was sent off your computer.
In general, I have different criteria for selecting software that is critical for me. Some random plug in, pictures, a cool app that doesn't store say, banking information. I'm all about giving people the benefit of the doubt.
My core operating system and my password generator/manager isn't time for that sort of experimentation. I am very happy using 1Password and understand their business model. Yes, for a time it was free, but it was obvious that they had a sustainable and reasonable pricing model. Now that they have (I hope) millions of users, they can charge a modest cost to ensure they have great response, great support and most importantly, great engineering. I will make more allowances for initial downsides when I believe more in the long term decisions of the company making my core tech and less likely to dabble in newcomer efforts (no matter how worthy they seem).
I would evaluate whatever software you choose by trying LastPass, 1Password and several others with fake data, but not trust your critical information to software until you are comfortable knowing who made it, how they secure data, and that they won't likely sell out to a low bidder at the first wave of $25k. The value of millions of people to add to a corporate mailing list is attractive to owners that don't have an otherwise viable business model. I try hard not to be part of their short sell-off strategy by giving them my most valuable information for free.
I hope this helps you frame your decision and someone else that has gotten comfortable with LastPass weighs in with their take on your questions. It's a good one and high time more users start holding their authentication credentials a little closer and more securely between sites.