Accurate. What is the point being implied by this? Do you feel not knowing the password makes it somehow easier to be guessed by others?
The problem with people who are reliant on password managers and don't even know what there passwords is; should there password be compromised, changed, and then the changed password replaced, they wouldn't even know it.
This can't happen if you create your own password. Obviously preventing breaches is of huge concern, people put little thought into becoming aware when breaches occur.
Lastpass servers by necessity are far more secure than any forum software. There are several tiers of multi-factor authentication.
Correction.
Optionally, there are several tiers of multi-factor authentication. A single master password with poor strength requirements may be used. And Lastpass has been hacked, several times.
http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
Yes, again, after verifying my credentials with lastpass. What are you implying?
I'm glad you're verifying your credientials. That's not the default behaviour of Lastpass, nor how a huge number of people use it. For many within seconds anybody can run a browser, click on the Lastpass icon and view URLs, usernames and plaintext passwords. All without authentiction and this is the default behaviour. Completely inexcusable.
At leaste Chrome requires one to authenticate with one's windows password.
As much as Lastpass perports to be a security company it's not. It's a convienance company, and as my post explains, more often makes a machne and password management less secure than more secure. Especially if installed in the default mode.
YYG's (or rather PlayTec) has created a policy of passwords must contain - 10 chars plus 1 special character (perhaps Upper/lowercase requirements and numeric, can't remember). By using a password manager you effectively negate that policy. And as described Lastpass's master policy is completely inadequate.
Now, I'm not saying that Lastpass and other password managers must be insecure, but their default install state and turned off options and lack of features potentially only available with licenced versions often do make them inherantly insecure.
And BTW I've only addressed the points you've brought up, I could go on with dozens of other problems.
Playtec simply increasing the password strength policy does not really address security and can result in poorer security when taking actual user habits.
@NPT: Don't be such a snark. Do you have any idea how LastPass actually works? It's pretty damn secure... and I fail to see how it's worse than having the password stored in a file locally, or written on a postit and stuck to the monitor.
https://lastpass.com/how-it-works/
I'm very familiar with how it works and I never said anything about storing password files locally or writen on postit notes.
But, now that you've brought it up, the primary reason people do silly things like that is because of unreasonable password strength policies.