LastPass Hacked

Digerati

Digerati

Moderator
Hardware Expert
Microsoft MVP (Ret.)
Staff member
Joined
Aug 28, 2012
Posts
4,959
Location
Nebraska, USA
LastPass Hacked

LastPass' Statement
"We are confident that our encryption measures are sufficient to protect the vast majority of users"
Click to expand...
Vast majority? That's not good enough for me. So I will continue to use a password manager (Splash ID in my case) on my local systems and avoid the cloud.

Yeah, I cannot log into my password manager from anywhere in the world from any device. But neither can the badguys.
 
I use KeePass for that reason.

I don't even miss the cloud features. I keep a copy of the password database in my OneDrive along with a copy of KeePass portable. I have a mobile app for KeePass on my phone so that's not an issue either.
 
Fair enough, and I understand your reasoning for that.

For me the convenience of it is worth it since I am out and about a lot, moving between computers at school as well as accessing sites on phones and tablets
 
I sync the password manager on my PC with my phone and my notebook so if I am out and about, hopefully I have one or the other.
 
Let's not lose faith guys :P

Don?t let the LastPass hack destroy your faith in password managers | Optimal Security: The Lumension Blog

Personally, I changed my master password, but I already had 2FA enabled on LastPass along with 2FA on every accounts where I can enable it, so I'm not a risk (even if I hadn't changed my master password I would still not be at risk unless they have a way to bypass LastPass' 2FA). I also raised the hash cycles to 10,000 and only allowed connections to my LastPass from my country (since I never travel). I also enabled the option to be notified everytime a saved connection/form is being modified. So I'm still pretty secure and so is LastPass in my opinion.
 
Oh, I've not lost faith in password managers. I think everyone should use one. And I think everyone should use a unique password for every site they have an account with and only a good password manager can make that manageable. Unless you have a photographic or eidetic memory, you need something to keep track of your passwords, besides a sticky note under your keyboard or within arms reach of your computer chair.

so I'm not a risk
Click to expand...
I think that is an idealistic approach and certainly ONLY possible if your master password is unique and not the same as used anywhere else, AND you changed it in time. I am not saying you are totally exposed, but if your passwords are stored on-line, you are at risk. Period! Though it may be a minimal risk, badguys have proven over and over again that nothing on-line is 100% secure. And while you clearly have advanced expertise in this area, there are no doubts that well funded, well trained, well equipped (perhaps government backed!) badguys with more expertise than you or me are out there trying to hack these cloud services. And should they decide to focus on your accounts, they have proven they can get in. To think otherwise is not being realistic!

For sure, I am not saying my local passwords manger is any more secure. A badguy could certainly break into my home and steal my computer with my locally installed password manger and most likely eventually break my master password and gain access to all my accounts too. But as far as I know, badguys are not targeting me, and they don't have 24/7 access to my passwords either. But they are targeting cloud service and cloud stored password managers.

So again, I have not lost my faith in passwords manager. But this hack has, indeed, reinforced my lack of faith in cloud security. Because for sure, LastPass has some very smart security experts on staff, as well as security programs and protocols in place running job 24/7 with the sole job of preventing such hacks. Yet they failed! Just as happened at so many other financial and insurance and government networks too.

One of worst mistakes any of us can make is thinking we are smarter than the badguys.
 
you need something to keep track of your passwords, besides a sticky note under your keyboard or within arms reach of your computer chair.
Click to expand...


Not really practical when you need to use your passwords somewhere else sadly :P
I think that is an idealistic approach and certainly ONLY possible if your master password is unique and not the same as used anywhere else, AND you changed it in time. I am not saying you are totally exposed, but if your passwords are stored on-line, you are at risk. Period! Though it may be a minimal risk, badguys have proven over and over again that nothing on-line is 100% secure. And while you clearly have advanced expertise in this area, there are no doubts that well funded, well trained, well equipped (perhaps government backed!) badguys with more expertise than you or me are out there trying to hack these cloud services. And should they decide to focus on your accounts, they have proven they can get in. To think otherwise is not being realistic!
Click to expand...


I was stating that my account wasn't at risk in the recent hack, should have precised it.
For sure, I am not saying my local passwords manger is any more secure. A badguy could certainly break into my home and steal my computer with my locally installed password manger and most likely eventually break my master password and gain access to all my accounts too. But as far as I know, badguys are not targeting me, and they don't have 24/7 access to my passwords either. But they are targeting cloud service and cloud stored password managers.
Click to expand...


Or you could get infected with a malware allowing remote access and the database could be stolen that way as well. Not likely probably in your case since you're also an Expert, but it's a possibility.
So again, I have not lost my faith in passwords manager. But this hack has, indeed, reinforced my lack of faith in cloud security. Because for sure, LastPass has some very smart security experts on staff, as well as security programs and protocols in place running job 24/7 with the sole job of preventing such hacks. Yet they failed! Just as happened at so many other financial and insurance and government networks too.
Click to expand...


I think a lot of people's faith in Cloud security got affected by the iCloud Hack that happened where sensible pictures of celebrities were leaked :P

 
Not really practical when you need to use your passwords somewhere else sadly :P
Click to expand...
No but you would be surprise how many house calls I've been on where I found the client's list of passwords under the keyboard, mousepad, in their desk drawer or somewhere nearby and within arm's reach.

People think about computer security and wireless network security, but they have no concept of "physical" security. :(
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top