# What Software Is This?



## DeenaBoBeena (Sep 20, 2011)

Is anyone familiar with this? My husband signed up for something called Last Pass. The website says, "Last Pass is a password manager that makes web browsing easier and more secure." and "Never forget a password again and log into your sites with a single mouse click."

Two days ago, I told him that we were going to go into his office this weekend to install a keylogger. Is this a method for getting around a keylogger?


----------



## Almostrecovered (Jul 14, 2011)

hmmmm...I don't know
it seems like the program will automatically insert user names and passwords for all of your websites, no mention if it does it for actual programs or whether it captures the passwords automatically or if you have to tell it to remember certain passwords

if it is set up to capture passwords of programs and not just websites then it could be a way for him to deactivate the keylogger, but on the surface it seems like it is used for passwords when you have like 20 or more to remember for all the websites he visits for work and personal

my recommendation is to download it on the home comp and see how it works (its free anyways)


----------



## DeenaBoBeena (Sep 20, 2011)

Almostrecovered said:


> hmmmm...I don't know
> it seems like the program will automatically insert user names and passwords for all of your websites, no mention if it does it for actual programs or whether it captures the passwords automatically or if you have to tell it to remember certain passwords
> 
> if it is set up to capture passwords of programs and not just websites then it could be a way for him to deactivate the keylogger, but on the surface it seems like it is used for passwords when you have like 20 or more to remember for all the websites he visits for work and personal
> ...


I read the review on CNET. Some quotes:

"After creating a LastPass account and master password, which is used to access your password list, LastPass will ask to suck up all your passwords into its cloud-based, AES-256-encrypted servers. This key aspect of LastPass, the cloud-based storage, is then followed by an option to remove all your locally stored passwords. This prevents them from being compromised after you've begun using LastPass, although it also means that you will be tied to LastPass from that point. You can always export your passwords later, although after using the add-on for more than a year we've had no problems."

"While LastPass can be used solely from its Web site, and provides a virtual keyboard so you don't have to worry about a keylogger swiping your master password, some key features come only with the add-on."


----------



## Kobo (May 13, 2010)

Yes you can bypass the keylogger. It does form filling so he would not have to enter the password when he goes to a stored website. The Keylogger will capture his initial entries. This doesn't stop the capturing of what he types once he logs in.


----------



## HerToo (Oct 3, 2011)

It's a program that remembers your passwords for you for each web site you visit. It also encrypts your login and passwords, which means that keyloggers will be useless. 

I'd tell him to remove it immediately if you want the keylogger to work.


----------



## DeenaBoBeena (Sep 20, 2011)

Kobo said:


> Yes you can bypass the keylogger. It does form filling so he would not have to enter the password when he goes to a stored website. The Keylogger will capture his initial entries. This doesn't stop the capturing of what he types once he logs in.


Right.. so, presumably if he had something bookmarked, or on the home page (he uses Google Chrome), then it's possible I'd totally miss what site he was going to, and not even notice a log-in, since he wouldn't have to fill in the info.

Lovely.


----------



## HerToo (Oct 3, 2011)

Sorry


----------



## Almostrecovered (Jul 14, 2011)

DeenaBoBeena said:


> "While LastPass can be used solely from its Web site, and provides a virtual keyboard so you don't have to worry about a keylogger swiping your master password, some key features come only with the add-on."



well that will deny you seeing any of his passwords- which may be important for some work related accounts (he may get in trouble if you get work account passwords?). The screen capture will see what sites he is visiting tho, so if he has a secret email account for instance you won't get his password to access the account yourself but can see what he's writing in the email. This _could_ indicate that he has some sort of an account that he does have legitimate work he does with and has some messages hidden in the past folders tha he doesnt want you to see. But it isnt proof of in itself.

He is supposed to be transparent so ask him?


----------



## tacoma (May 1, 2011)

He's trying to keep his password secret.

The password program will just input his passwords without having to type them out.
Therefore a key logger will never have a chance.
_Posted via Mobile Device_


----------



## NoIssues (Oct 9, 2011)

My wife has all of my passwords and vice versa since we believe in helping each other feel secure in our marriage. 

What is the deal here? Is this for his business or for you to learn something about a suspected betrayal?

It would not be unusual for someone to want protect their computer with stored autofill passwords from nosy coworkers including bosses, subordinates, and those competing for the same promotion by using software similar to what you are asking about.


----------



## Jellybeans (Mar 8, 2011)

DeenaBoBeena said:


> Two days ago, I told him that we were going to go into his office this weekend to install a keylogger. Is this a method for getting around a keylogger?


And why on earth did you reveal that to him ahead of time???


----------



## Almostrecovered (Jul 14, 2011)

Jellybeans said:


> And why on earth did you reveal that to him ahead of time???


he volunteered it and how else is she going to get one on his work computer?


----------



## Jellybeans (Mar 8, 2011)

She could have installed it on her own w/o him knowing. 
BUT if he offered it up, great.

I have no idea what Lasspass is. Never heard of it.


----------



## DeenaBoBeena (Sep 20, 2011)

Jellybeans said:


> She could have installed it on her own w/o him knowing.
> BUT if he offered it up, great.
> 
> I have no idea what Lasspass is. Never heard of it.


His computer, in his company's building, in their offices. I would never be able to get inside the building without him giving me access. Plus, with him being the IT Manager/Sys Admin, I'm pretty sure he'd notice if someone installed a keylogger without his permission.

I did ask him about Last Pass. He logged into his account and showed me that he has 200+ passwords saved, many of them long and complicated ones for his work applications that he'd never be able to remember on his own. The email I saw was supposedly from when he needed to have it put on our computer, so he could do work from home yesterday. He offered to let me have full access to his Last Pass account so I can see everything on it.

I told him that Last Pass (and any other password-logging software) would have to come off, and he'd just have to keep his passwords on a spreadsheet or something. He was.. annoyed.. that I was so upset, but I just don't see why he wouldn't think of Last Pass being a problem when we were discussing putting the keylogger on.


----------



## Almostrecovered (Jul 14, 2011)

good way to handle it

and while his reason in installing it certainly proved to be valid, he certainly should have thought better of it in light of the recent events. The passive aggressive whining isn't good either.


----------



## HerToo (Oct 3, 2011)

Too dang bad if he was upset. Us cheaters earn what we get.


----------



## baldmale (Dec 29, 2010)

Deep breaths...you are over-reacting here.

LastPass is a great add-on for Firefox. I use it. He isn't using it to cheat in all likelihood.

The way it works: after signing on to Lastpass using a master password, you can then one click onto all other sites. It encrypts and stores all other passwords for you. It even generates more secure ones for you (a GREAT tool).

So, if he is willing to give you his master LastPass password, no problem-o. You can then one-click your way onto all of his sites. In fact, you can even go into his LastPass vault (the screen comes up automatically on log-in) and see all the sites he uses LastPass for.

It's one of my favorite add-ons.

Now....if he won't give you his LastPass master password, then he may be trying to hide something.


----------



## DeenaBoBeena (Sep 20, 2011)

baldmale said:


> Deep breaths...you are over-reacting here.
> 
> LastPass is a great add-on for Firefox. I use it. He isn't using it to cheat in all likelihood.
> 
> ...


He did offer to let me have his password, and considering that would give me access to a lot of work things that I could screw up for him, I figure that's a pretty good sign. Honestly, I'd just rather he delete it.

Personally, I was more annoyed that he didn't even consider Last Pass when we were discussing keyloggers (reviewing which ones we liked, how we could make it harder for him to get around them, etc). The fact is, though, he has access to many computers at work, so it would be very easy for him to just use a different computer that doesn't have a keylogger on it. I figure the only thing I can really hope to get out of it is if someone surprises him with something--an IM, an email on an account I already know about, etc.


----------



## ing (Mar 26, 2011)

DeenaBoBeena said:


> with him being the IT Manager/Sys Admin, I'm pretty sure he'd notice if someone installed a keylogger without his permission.
> 
> .


Sorry. If he is the sysadmin then there are about a hundred ways to defeat a keylogger or any other surveillance software you put on the computer.


----------



## larry.gray (Feb 21, 2011)

If he's giving you the password, then you can see what sites he's storing passwords for and what they are.

Storing a work password in a spreadsheet is not considered OK from a security perspective. Then again, neither is a key logger.

You really are opening the company to a big risk though. If anyone hacks the key logger and gets the sysadmin passwords then they have full access to everything. Emptying accounts, stealing trade secrets and so on.


----------



## larry.gray (Feb 21, 2011)

ing said:


> Sorry. If he is the sysadmin then there are about a hundred ways to defeat a keylogger or any other surveillance software you put on the computer.


:iagree:

He can use anyone's computer... create a log in, do whatever he wants, and wipe tracks behind himself.


----------

