Henry_Lee (7/19/2013)

---

How is this different than Password Safe? Just wondering if I'm missing something. I sync through dropbox, but the safe itself is encrypted on my machines/devices and decrypted there as well.

Hey Steve,

Sorry, I might have made that a little confusing. I didn't mean to compare PasswordSafe and LastPass directly - my description was really meant to distinguish LastPass's model from other online providers, for example Dropbox.

Dropbox manages your encryption keys, so they can decrypt your data. Contrast that with LastPass - or SpiderOak would be a great comparison. SpiderOak is an online storage / syncing provider just like Dropbox. LastPass and SpiderOak do not have your encryption keys - they can not decrypt your data.

Of course, you could put a PasswordSafe or TrueCrypt file in Dropbox and they couldn't read it, but that's you working around Dropbox's inherent insecurity by encrypting your data locally. I'm not suggesting there's anything wrong with this approach, I just think it is important folks distinguish between what Dropbox does versus what companies like LastPass and SpiderOak do.