08 May, 2011

Is LastPass and othe software secure?

With the recent security scare with LastPass, some may fear that it's less secure than RoboForm or other password managers. In fact though we have no evidence that indicates it's less secure. Even if data is compromised, it still doesn't mean it was less secure -- it just indicates that it was the target of an attack.
Every time we install software on our computers, we're making an assumption that the software is secure. Unfortunately we can never know if software is truly secure; we only know of reports that indicate software has been tested and no security issues have been detected.
So the real decision on security should not be one based security tests. Rather you need to ask these questions. Is it in the companies best interest to take security seriously and devote resources to it (and have they)? What's the likeliness that they would be a target of attacks? If attacked, are they prepared to respond?
Take for example Microsoft Windows vs. Apple OSX. With the many attacks against Windows, it has become a much more secure OS and likely much more secure OS than OSX, as Microsoft has continually worked to close the security issues as they're identified. On the other hand, many folks have opted for Macs with OSX because it has not been near the target Windows has.
Bottom line, we can assume companies do their best to make secure software, but even with the most respected and trusted companies you should never take that as an indication that your data is secure in their software forever.

No comments: