LastPass, only getting worse

 

Quoting article, “…the attacker obtained the passwords of 30 million users and 85,000 companies from LastPass.

Best to change your password, if you haven’t done so already.

https://www.gizchina.com/2023/02/11/attackers-obtained-passw...

--
John from PA

Amazing

John from PA wrote:

Quoting article, “…the attacker obtained the passwords of 30 million users and 85,000 companies from LastPass.

Best to change your password, if you haven’t done so already.

https://www.gizchina.com/2023/02/11/attackers-obtained-passwords-of-30-million-users-and-85000-companies-in-lastpass-security-breach/

I'm always amazed and chagrined when a supposedly high tech company that specializes on data protection themselves get hacked. How do they let that happen and why do their users (me included) continue to use them.

Phil

--
"No misfortune is so bad that whining about it won't make it worse."

Amaziing

plunder wrote:
John from PA wrote:

Quoting article, “…the attacker obtained the passwords of 30 million users and 85,000 companies from LastPass.

Best to change your password, if you haven’t done so already.

https://www.gizchina.com/2023/02/11/attackers-obtained-passwords-of-30-million-users-and-85000-companies-in-lastpass-security-breach/

I'm always amazed and chagrined when a supposedly high tech company that SPECIALIZES in data protection themselves get hacked. How do they let that happen and why do their users (me included) continue to use them.

Phil

--
"No misfortune is so bad that whining about it won't make it worse."

Hopefully what they are

Hopefully what they are saying is true. If they don't store the master password on their system, it can't be stolen. I think that means encrypted passwords were stolen and can't be accessed without the master password. It all comes down to what kind of encryption are they using and how hard is it to break that encryption? I agree, it should have never of happened.

not me

plunder wrote:

I'm always amazed and chagrined when a supposedly high tech company that specializes on data protection themselves get hacked. How do they let that happen and why do their users (me included) continue to use them.

Phil

I'm not amazed that systems can be beat, I'm amazed it doesn't happen more often. The human mind can accomplish some amazing things when the determination is there.

The big push for everything to be paperless isn't to save some trees, it's to cut corporate costs. The trade off is someone out there right now is challenging themselves to break another unbreakable system. We've made it somewhat easy for them. No longer does a thief need a dark alley and a gun. A keyboard and some knowledge is all it takes now.

That said, I too, do a lot of things strictly online, mainly because it's all some places offer. I also use a password manager, but only because with all the letters, numbers, and symbols they make you use now it's impossible to remember them all.

I still prefer to pay in person with cash., which has the added bonus of helping to keep my debt down. I just stay away from the dark alleys.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

.

Agreed about avoiding dark alleys, but cash is too risky for me. If I lose cash, it’s gone forever. If a credit card disappears, it is the bank’s issue under the Fair Credit Billing Act.

Setup autopay full balance on the due date and no worries about debt or late fees.

to me

sunsetrunner wrote:

Hopefully what they are saying is true. If they don't store the master password on their system, it can't be stolen. I think that means encrypted passwords were stolen and can't be accessed without the master password. It all comes down to what kind of encryption are they using and how hard is it to break that encryption? I agree, it should have never of happened.

The architecture is, or it isn't.

I used to be administrator of a well known voicemail system, you know, the one whose voice is Audrey Audix. I could not see your password, nor change it without you knowing it, by design.

I no longer work on that stuff, but do you know a system I've seen today, an administrator can listen to your voicemails, without even breaking into it? Literally with a web browser. One can't do that with the old system. Hardly SOX compliant lol

So people who are against LastPass will say they have the passwords, LastPass will say their architecture doesn't allow them to use anything they could steal, it and they don't know customers' master password. At the end of the day, the average person needs something to be practical, or they can just write down 100+ passwords in a notebook.

But I get it. In the real world, people lie. At any rate, I do know when I lost my master password, I was just simply out of luck as I could not change the cell# for the 2 factor authentication, nor could I export my data without the master password. I found it and as mentioned, today, I don't even know it. Randomly generated by iOS.

At the end of the day, my employer has revenue in the billions and 18,000 employees and the corporation uses LastPass and our infosec chose it. Since I can get it free at home (familv version) I use it and will keep using it. I don't want to invent ways to spend x $ per month for something when i can get it for free, it all adds up....

Since the invention of the clipboard...

johnnatash4 wrote:

...
At the end of the day, the average person needs something to be practical, or they can just write down 100+ passwords in a notebook.

...

The spreadsheet I use has tabs for vendors, government, message boards, communications stuff, health stuff,,,. Since the invention of the clipboard...

It's easy, I control it, I can back it up, it's secure (security by obscurity) etc. I don't know if it is clumsy on a phone but I don't care: after you've used a real keyboard who'd want a phone with it's imitation keyboard?

Is anyone familiar with

Is anyone familiar with bitwarden, how it works, and what makes it unique?

Bitwarden

zx1100e1 wrote:

Is anyone familiar with bitwarden, how it works, and what makes it unique?

You might wish to review the content at https://www.pcmag.com/reviews/bitwarden. Also, review the content at https://www.pcmag.com/picks/the-best-password-managers for other contenders.

--
John from PA

I saw those earlier. Sorry,

I saw those earlier. Sorry, the pcmag articles didn't really address my questions.

I will review these videos when I get a chance.

https://www.youtube.com/watch?v=3Y8O0wyYsiQ

https://www.youtube.com/watch?v=vpVVq7S6lO4

Tom Lawrence does a number of videos on pfsense and IT concepts using open source projects.

From what i've gathered so far, bitwarden can be implemented using 'their' cloud, or your own. Of course if I go this route I'd be implementing my own cloud - just like I do with nextcloud (similar to onedrive, google drive, etc.). Hosting it locally myself on my own hardware.

I've been using Bitwarden

I've been using Bitwarden for a couple years now after using LP. It's been great. Has support for all my devices/browsers: macOS, windows, chrome, firefox, edge, iphone, android.

^^Self hosted?

^^Self hosted?

Dashlane!

using Dashlane... already deleted LP long back!

--
Garmin DS55 with Traffic