Imperfect software happens; I'm going to keep using Lastpass


In news that should really surprise nobody, recent security audits of popular password management software, Lastpass, discovered flaws in the code. For good reasons, people are very sensitive about problems in their password management software, and major flaws need to be discovered and fixed. How should you react when a major flaw is discovered in something as critical as your password management tool? I would recommend taking a look at the providers response, and basing your reaction on that.

I do not think it is reasonable to expect perfect code out of software that needs to run on so many different platforms and also relys on other software (namely your browser and OS). If you DO expect perfect code, and you are capable of producing it, then I suggest you get into the business and start producing, because I’m buying. If you do expect perfection, then you’re probably not able to read this, because I’m not aware of any browser/os platform that would meet your rigid requirements. I can therefore assume any readers of this piece are willing to make certain compromises in order to live their life.

Lastpass has an extremely good track record of dealing with security vulnerabilities. They fix issues that are disclosed to them, often in less than 24 hours. That’s exceptionally good response time, most companies wish they could do that. It’s a very good reason to stick with Lastpass, they are on the ball. I’m going to, and I’m going to continue to recommend them until something better comes along.


It's a good gift

When does an evil GM become truly evil?