back to article LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

LastPass's cloud service suffered a five-hour outage today that left some people unable to use the password manager to log into their internet accounts. Its makers said offline mode wasn't affected – and that only its cloud-based password storage fell offline – although some Twitter folks disagreed. One claimed to be unable to …

  1. Graham Dawson Silver badge

    And this is why I like Bitwarden. I can run my own server, so when it goes down I know exactly who's to blame and exactly when it will be back again.

    1. MatthewSt

      Hadn't heard of Bitwarden before, but I'm liking the look of it!

      1. Bronek Kozicki
        Pint

        +1

        (n/t)

    2. Excused Boots Bronze badge
      Happy

      Blame Culture

      I quite like this idea, I think we should all install our own Bitwarden servers and then, when and if it goes down we can blame Graham Dawson as well!

      1. Graham Dawson Silver badge
        Coat

        Re: Blame Culture

        Dangit!

    3. steviebuk Silver badge

      What if you can't get hold of yourself when you call your support line? Do you have a holding page that states to yourself that there is an outage?

      I'll get my coat.

  2. Christopher Rogers
    Windows

    Well, these things happen.

  3. vtcodger Silver badge

    Another Day ...

    Another day -- another cloud problem. Anyone see a pattern emerging?

    1. Anonymous Coward
      Anonymous Coward

      Re: Another Day ...

      It's raining in Cloud land, all the bits are falling down..

    2. mosw

      Re: Another Day ...

      "Another day -- another cloud problem. Anyone see a pattern emerging?"

      Although I understand the sentiment in this comment, I would be curious to see some actual numbers as to the the availability of typical in-house systems vs cloud based systems. In my, admittedly limited, experience with small businesses I am seeing less downtime with cloud based solutions than in-house ones.

      1. really_adf

        Re: Another Day ...

        I would be curious to see some actual numbers as to the the availability of typical in-house systems vs cloud based systems. In my, admittedly limited, experience with small businesses I am seeing less downtime with cloud based solutions than in-house ones.

        I would also be curious. I also have limited experience but the main observation I would make is that when it's your own systems, you get to choose when you do the risky things that, sometimes, you will get wrong and cause issues for users. That choice can virtually eliminate, or at least mitigate, the impact when things don't go to plan.

    3. steviebuk Silver badge

      Re: Another Day ...

      Yeah! Infrastructure Free is the way to go!

      Sorry I keep banging that out but it's for certain fellow readers who get the insider joke.

  4. ma1010
    Happy

    Keepass

    I use Keepass which runs on Windows, Linux, Mac, Android and, I think, BSD. My passwords are available on my Windows work computer, my Linux home computer, my Android phone and a USB key which I use to synchronize the different machines - and the synchronization works perfectly. (I don't actually synchronize the phone - for that I copy the password file from one of the computers onto the phone.)

    I've used this for years without any problems. I have my passwords with me all the time, without a cloud in sight.

    1. Peter 26

      Re: Keepass

      I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.

      Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.

      1. ma1010

        Re: Keepass

        Copying the file is a minor nuisance, but beats having my "cloud" account disappear for however long the provider decides to be TITSUP.

        Also, I'm an odd duck and don't use my phone a great deal - mainly just look at email or make a call. I rarely use it on my phone, but on occasion it's handy.

      2. Phil Kingston

        Re: Keepass

        Got to agree, it's the whole security-vs-convenience thing. Sure manually copying a file between devices may be more secure, but at quite some inconvenience. Too far along that scale for me to implement.

        1. ThatOne Silver badge

          Re: Keepass

          > but at quite some inconvenience

          Come on, how often do you add new passwords? I copy password files too, and in average I need to copy the updated password file to my phone 2-3 times a year. The rest of the time it either hasn't changed, or the changes aren't needed on my phone.

          Besides I synchronize my phone weekly for other stuff, like documentation, address books and similar stuff anyway, so it's not really an inconvenience. Being locked out because their server fell over would be much more annoying, IMHO.

        2. The Original Steve

          Re: Keepass

          Store you Keepass DB on a cloud file storage solution which has offline cache then. Simples.

      3. a_yank_lurker

        Re: Keepass

        Having a local file that is not in the cloud is going to more secure and more reliable. True it is only available on devices it is installed on but do not have to worry about a cloudy connection of dubious security as it is on the hard drive.

    2. Palpy

      Re: Keepass

      Cloud vs local: yes, well, I keep a copy of the KeePassXC database on the cloud as well as on my various devices. One more step, but there's no free lunch; the dog had it.

    3. Schultz

      Keepass + Dropbox

      This was the reason I created a Dropbox account (many years ago). Keep the updated keepass file on Dropbox for convenient access. For those moments without internet, you'll have the last local copy on your device. Couldn't be more convenient.

      1. Pascal Monett Silver badge

        Use Sync

        Your files are encrypted with Sync, and only you have the key. If you really have to store your keepass file on cloud, I think it would be better if you used an encrypted platform.

      2. Roland6 Silver badge

        Re: Keepass + Dropbox

        >This was the reason I created a Dropbox account (many years ago).

        Whilst this resolves some issues with Keepass, you are still vulnerable to Dropbox outages.

        Personally, as a Lastpass user, I wasn't aware of there having been a problem until reading this article, but then I use the off-line client across my devices...

      3. Korev Silver badge
        Thumb Up

        Re: Keepass + Dropbox

        This was the reason I created a Dropbox account (many years ago). Keep the updated keepass file on Dropbox for convenient access. For those moments without internet, you'll have the last local copy on your device.

        I have a similar setup. I have a pair of KeepassX databases; one for work, t'other for home stuff. The work one (keepassx is the approved standard) gets backed up to OneDrive for Business (again approved). The home stuff lives on a NAS and also gets backed up to a cloud.

        The only downsides are the potential for $CLOUD to get hacked and then the encryption cracked; the other is manually entering >20 character random passwords onto an IOS device manually soon gets old...

  5. SVV

    Five hour outage drives netizens bonkers

    This statement assumes that using a third party cloud based password manager was a sane thing to do in the first place. Anyone who sticks with it after a five hour outage stops people working can be safely classified as not only having being driven there, but permanently resident from now on.

  6. JohnFen

    This is why

    This is why I don't use any password manager that requires the use of a server, whether I run it or not. Critical systems like that should never be dependent on network connectivity.

    1. Fred Flintstone Gold badge

      Re: This is why

      People do it so password files stay synced between devices.

      I think it would be a good idea to give these instances an offline cache. It's not like that is a new idea, IMAP servers have been doing that for decades with email.

      1. JohnFen

        Re: This is why

        Yes, I know why people do it. I'm just saying that it's a bad idea -- gaining a little bit of convenience in exchange for reduced reliability and increased security risk.

  7. Ian 55

    Ah, that's what was happening. I thought it was patchy contacting them just because the network was extremely busy doing a large rsync between devices.

  8. Lars Johansson
    Coat

    What's all the fuzz about?

    I would just like to chip in my 5p to the discussion (or throw a torch, which ever):

    I am a LastPass 'power user', using both the Chrome and Edge plugins as well as the Android and iOS apps, and I hardly noticed. Circuit beakers seemed to work as intended and the plugin/app read my passwords from the local copy. The only thing i noticed was the the Chrome plugin icon turning grey, indicating no connection to the cloud...

    Cheers,

    /L

  9. DeeCee
    Trollface

    one password for everything, simple so you can always remember it and no problems

    1. Pascal Monett Silver badge
      Coat

      Sure, but typing 374852zeilrunhsLOEHFD?OEHIDMZ323894 from memory is a bit troublesome, not to mention that there are websites who do not allow more than 12 chars for a password.

    2. Jdoley

      And you break that one password you get access to all. Smart move!

      1. Flywheel

        KeepassX also allows a separate key file, and Yubikey options for the truly paranoid careful user.

      2. Crimperman1996

        > And you break that one password you get access to all. Smart move!

        Which is why it's smart to use two-factor authentication in addition to that one password. I have it set for access to my LP vault itself and for certain other services where I don't want to trust access to a single factor/password (even if that is 60 characters long and stored in LP).

        As with others this outage didn't really impact me at all. I saw the Chrome icon greyed and reporting it couldn't connect to the service but I was still able to use it for the main services I needed to connect to yesterday.

        I don't use LP for everything - bank details for example are committed to memory - but it is used for a lot of things now as it means I have reduced the number of complex passwords I have to remember by a significant factor. I was as wary of this as I am for any other "cloud" service (e.g. very) but after a tentative trial period I think it works and that works for me.

      3. circle

        You might like to try 2FA .. Yubikey works great for me .. When LP is working that is

  10. Jdoley

    My grandpa always said

    He always mentioned that online news and articles would never be a thing and yet here we are...! I logged into my LP account no problem today, offline worked on both my Mobile App and Browser Ext. I see some of the contents about offline Pwd managers that you can maintain and manage yourself with no online sync... I am old enough to remember times when people wanted to run their own servers because Gmail and Outlook had issues and yet here we are now! Write them down in a notebook as long as you are at it...! Im staying with free for life LP ;-)

    1. ElReg!comments!Pierre

      Re: My grandpa always said

      >I am old enough to remember times when people wanted to run their own servers because Gmail and Outlook had issues

      Oh, I see. A genuine Graybeard then ...

  11. Jeroen Braamhaar
    Black Helicopters

    Moral of the story:

    Put nothing in "the cloud"

    - that you don't have a certified, current and regularly checked, usable and updated (local) backup of.

    - that is too important to lose (for whatever reason)

    - that you must have access to at critical moments.

    Completely

    Lost

    Our

    Unmissable

    Data

    ;-)

    1. Jdoley

      Re: Moral of the story: Nothing in the cloud?

      Except all your money, emails, pictures, contacts, government and personal details, all your location history and information, all your relatives pictures, details, data and your own backups. But passwords are the problem here :-D this just made me laugh!

  12. Baldrickk

    I can say that I honestly didn't even notice

    The app on my phone worked just fine for retrieving passwords.

    And worst comes to the worst - I run through the "forgotten password" loop for a service I really need access to.

    Yes, any downtime has the capacity to be annoying, but then again, I also get all the synchronisation handled for me between devices.

    comme ci comme ça

  13. Anonymous Coward
    Anonymous Coward

    Why use it?

    I have my own system

    (Servicename)SucksCock!

    Different for each and memorable, very memorable

  14. googleman

    Still using LastPass for password maangement? Just Google It!

    I am surprised nobody has mentioned that Google has solved the password management problem by providing a FREE Password Manager for ALL which is also built-into Chrome browser and automatically synced with all your devices (phones/tables etc). Just visit https://passwords.google.com

  15. DwarfPants

    Clouds

    Clouds are cold and wet. I have walked through a few, so know from personal experience.

    1. Anonymous Coward
      Anonymous Coward

      Re: Clouds

      "Clouds are cold and wet. I have walked through a few, so know from personal experience."

      ...And the point is...?

  16. Arkhanist

    Lastpass stores and decrypts the password db locally. It uses the online sync only for backup of the db and syncing changes between different computers. It's not a cache, you can set it to never go online at all right from the start.

    The online service can't decrypt the pw db at all either, it's stored as an encrypted blob which only your master pw unlocks. The web-based login on the lastpass website actually uses a javascript version of the client that downloads and decrypts the pw db on your local pc.

    Where it will fall over when the cloud service is offline is using the web client (as opposed to the plugin), on a new machine, or syncing changes automatically, unsurprisingly. It's no different in principle than using a keepass db with dropbox or the like, just wrapped up a bit prettier, easier to use but admittedly a more obvious target.

    The only reason I noticed it was down was when I added a new password to it on one PC, then it didn't automagically sync it to another.

  17. steviebuk Silver badge

    That explains...

    ...why Lastpass was being annoying the other day. Thought it was just me. Lucky for me it fell over to the local login.

    Lastpass also has a REALLY bad issue of form filling that has fuck all to do with a password and user name box. Namely Ebay. Setup an Ebay listing and it will silently slap in a big bit of script. You get a warning after you post the listing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like