Hacker News new | past | comments | ask | show | jobs | submit login

I am a LastPass user. Unfortunately. I have things in passwords notes field (like answers to security questions) because I assumed that the notes section was encrypted. Some comments here on HN made me think they are actually not encrypted. I asked if they were encrypted or not to LastPass support and to the support forum. That was 2 days ago and there has been no response. I’m going to take that as a no. I’m working right now to move off of LastPass. Unfortunately I have nearly 2,000 passwords on there, so it is taking forever.



How are you trying to move off such that it’s “taking forever”? Did you consider exporting your data from LastPass and importing the file into something like Bitwarden or KeePassXC?


All notes fields are encrypted.

Take a look at the following analysis of the LastPass data structure:

https://github.com/cfbao/lastpass-vault-parser/blob/master/l...


Do you mean secure notes or notes attached to passwords?


Both.

See the link.

Notes on a site/password go in the "extra" field, which is encrypted.

For most people it looks like the only field that should hold any user-provided unencrypted data is the URL field.


Metadata fields were unencrypted in last pass, sorry.


https://github.com/cfbao/lastpass-vault-parser/blob/master/l...

This says notes (encrypted). Do you have a different source?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: