Hello all, until now, I resisted making the jump to a password manager for different reasons, the main ones being that I can't be quite sure of their true security and I may need to get access to a given website on a computer where I may just couldn't install or run any software. I can't do much about the latter except using a net-synchronizable software, typically paid-for, which still brings me back to the first question. As much as I like open-source, it seems that the most praised password managers (LastPass and 1Password) are closed-source and as such, considering their waxing popularity will probably expose them to attacks themselves, with potentially much more serious consequences than an attack against a given website. As closed-source applications, how can a prospective user be so sure about their boasted security? I am especially concerned about the ones that do sync passwords with secure servers, as these servers may be located in countries that don't provide any legal protection for privacy. I just remembered about Skype, claiming to be encrypted... unless someone high enough requests a tap. On the other hand, there's SpiderOak. Ok, it's not a password management software, but even with a warrant, they claim they would be completely unable to decipher what a user has stored, as they don't hold the keys... So, how can we know is these managers are as secure as they claim?