Storing data “in the cloud” is not exactly new. It’s the modern version of mainframes with dumb terminals repackaged to sound somehow more futuristic. For data intensive activities – lets say storing a master backup of my hard drive – having it reside in the cloud (i.e. renting space in someone else’s server farm) works well enough for most purposes. It just hums along in the background making a faithful copy of everything I have stored on my home computer. The chances of that service and my computer both crapping out at the exact same time are remote enough to not cause a moment’s active worry.
With something like a password manager, though, you end up with a bit of a different story. For five hours today Lastpass, one of a handful of large and popular password managers, was offline. It’s probably not a crisis if you use relatively simple passwords, like 1-2-3-4-A-B-C-D. If you use this kind of service to manage a hundred or more passwords and each of those passwords is a unique 16+ character string, however, life is going to get inconvenient in a hurry if there happen to be sites you actively need to log in to on a daily basis.
For five hours today Lastpass failed me and I was effectively locked out of sites I use regularly, but that require a daily log in. Some passwords I had to reset manually (while taking note of the new password to sync later with the application that’s nominally in charge of managing my passwords). Others I was locked out of completely while waiting for the systems people to bring their website back online.
No online service will ever have a 100% availability. That goes with the territory. As a paying customer, though, I do expect some basic communication from the company about what’s happening and what is being done to restore services, and more specifically an ETA on when we can expect the repair to be completed. Today, unless you went digging on Twitter, it was a resounding silence from Lastpass. Not an impressive bit of performance… and something that’s got me reevaluating the balance between the security of a paid professional management site versus just keeping everything on a damned spreadsheet so I can use it when I need it.