Before I review and test a password manager, I send a list of questions to the password management company inquiring about its privacy and security practices. I’ve included LogMeOnce’s responses to the questions below:
Have you ever had a security breach?
No, as of today, LogMeOnce has not experienced a security breach.
What unencrypted information does the password manager store in user vaults?
LogMeOnce password manager uses a zero-knowledge architecture: All sensitive vault data such as usernames, passwords, passkeys, secure notes, payment information, and files are encrypted on the device before they are stored or synced.
The only unencrypted information that may be stored in a user’s vault is limited to non-sensitive metadata needed for usability, for example: App/website names, App logos or icons. No actual login credentials, secrets, or personally identifiable information required to authenticate are ever stored unencrypted.
Multiple releases this summer delivered fixes to click-jacking vulnerabilities, showcasing LogMeOnce’s commitment to transparency and rapid remediation.
What is the company’s policy regarding selling or sharing customer data with third parties?
LogMeOnce does not share information with anyone including third parties.
How does your company respond to requests for user information from governments and law enforcement?
First and foremost, data in the user’s vault is encrypted by the user who holds their own encryption key. Thus, LogMeOnce does not have user data to furnish to anyone.
Most importantly, LogMeOnce adheres to applicable laws and regulations, subpoenas by the United States courts, Department of Justice, and law enforcement agencies. The company will only disclose user information when required to do so by the law which is limited as LogMeOnce does not have a user’s master password. LogMeOnce carefully evaluates each request to ensure compliance with privacy laws and user rights.
LogMeOnce’s answers to my questions were thorough and matched the product’s privacy policy on the website. I encourage anyone in the market for a new password manager to browse privacy policies to learn more about how companies collect, sell, or store user data.
Privacy Settings
(Credit: LogMeOnce/PCMag)
LogMeOnce offers a few interesting and helpful tools to protect your privacy while using the app. For example, within the Privacy tab on your dashboard, you can ask the app not to collect image data from any devices that attempt to log into your account. Keep in mind, though, that turning off image data collection within the app disables MugShot, Selfie 2FA, and PhotoLogin. You can also disable location data collection.
If you have credentials for extra-private websites or accounts that you don’t want to store in your vault, you can add those URLs to LogMeOnce’s “Never Remember” list. That way, LogMeOnce will not automatically store your username or password in the vault when you login to the websites on this list.
You can view a list of approved devices in your LogMeOnce vault. The device list was surprisingly detailed and included information like your devices’ physical location, IP address, operating system, and even screen resolution. If there’s a device on the list that you don’t recognize, delete it from the list to revoke access to your account, change your password, and report the incident to LogMeOnce.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
