Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

What Happened When the DEA Demanded Passwords from LastPass

There are a dozen or more password managers for Macintosh, Windows, Linux, Chrome, Android, and Apple iOS computers. LastPass has always had a good reputation for being one of the more secure password managers. That was proven once again recently when the Drug Enforcement Administration (DEA) demanded logins and physical and IP addresses, as well as communications between a user and LogMeIn, the owner of massively popular tool LastPass.

LastPass is an encrypted vault for storing passwords. The DEA was seeking information related to a LastPass customer suspected of dealing drugs via the dark Web and Reddit, according to a court-ordered search warrant detailing the request.

There was a problem with the request, however.

It seems that LastPass uses an encrypted vault for storing passwords. While the encrypted passwords and notes are stored on LastPass’ servers, even the LastPass employees cannot decrypt any user’s vault and therefore cannot read any of the contents of a LastPass vault. Court order or no court order, the DEA was unable to obtain the requested private information.

You can read the details in an article by Thomas Brewster in the Forbes web site at: http://bit.ly/2UdZ77d.

The next time you store a password or a text note in a password manager, ask yourself, “How secure is this password manger anyway? Can a government agency or a hacker in Uzbekistan obtain this information?” Then you should recall the Drug Enforcement Administration’s experience.

Disclaimer: I have been a LastPass user for years.

Categories: Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.