Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

[Walter Bright]

On 4/11/2014 8:30 PM, Steven Schveighoffer wrote:
> Of course, it means you have to accept their word, and trust their competency. I
> tend to doubt that somehow this is all a ruse and they are in cahoots with the NSA.

I agree that it is pretty unlikely they are in league with the devil. But what 
would happen to you if all your passwords got lost or compromised? How much 
trouble would it be? All your bank accounts? All your email accounts? All your 
professional accounts? All your accounting stuff? Suddenly you're cut off from 
all of it? The risk may be small, but the potential damage could be very high.

The company itself may not be malicious. But they may be incompetent. And they 
may have a rogue employee. And they may succumb to pressure from the government. 
And they may get hacked. And they may change managers. And they may get acquired 
by Evil Corp X.

What is your recourse if it all goes bad? What is your Plan B?

When I went skydiving, I had a backup chute. There are two independent braking 
systems on my car. I don't invest everything in one company stock. I store 
backups off site.

 > you typically get what you pay for.

Typically, yes. What do you really expect to get for $12/year? That buys about 5 
minutes of some entry level person's time. There's just no way I'm going to put 
all my hundreds of accounts into that one box.

I strongly suggest, at a bare minimum, that you have LastPass print out all the 
passwords it holds on a sheet a paper, and put that paper in your safety deposit 
box.