Wait a minute... LastPass stores BOTH your encrypted password vault AND the master password to unlock it!? That's about as secure as locking your front door, then keeping a spare key under the mat.*
That's ridiculous. The vault is encrypted. Either your master key is correct for decrypting it, in which case you're in, or it's not, in which case you're not. I see NO REASON for them to ever store your master password AT ALL.
Ok, I'm not a cryptography expert. Is there something I'm missing here?
(* Yes, I realize this is an exaggeration since the password is not stored in plaintext, but the principle still applies. It may be a key in a lockbox under the mat, but the key shouldn't be under the mat at all.)
UPDATE: As noted in 's response below, I was failing to note that LastPass isn't actually storing the master password at all, they're storing a cryptographic hash that lets them test if you've supplied the correct password without having to decrypt your entire vault first. Given this point, my analogy above doesn't really apply at all.
#lastpass #tech #security #passwords