What are the chances of Lastpass being backdoored?

[chashaz]

I'm a full time user of Lastpass, the free or paid online cloud based password manager.

But in the light of recent revelations involving various government backdoors in popular sites, I'm beginning to wonder if such services can be trusted.

I'm not an expert but I'd seriously want to hear the opinion & advice of HN users.

Thanks

[macarthy12]

Read / Listen to this for a complete answer.

http://www.grc.com/sn/sn-256.htm

[da_n]

I have a lot of respect for Steve Gibson but I wouldn't take this as anything but his opinion. All he is doing essentially is re-iterating what LastPass themselves claim about their security, so you can only trust this as much as LastPass own claims. If you know Steve Gibson you'll know his TNO (Trust No One) policy. I do choose to trust LastPass claims personally and am a paying customer, but I would much rather use an open source, battle tested alternative if it existed.

[mike-cardwell]

Lastpass could be compelled to send modified JavaScript down to your browser which records your password when you enter it, and reports it back, meaning they then have complete access to your password vault contents. They would also be capable of retrieving meta data including the list of sites you log into, when you log into them, and from what IP addresses.