Another LastPass Security Incident

Demon said:
I found a year ago, Bitwarden's implementation as a phone app in autofilling passwords not that great, but it's absolutely improved immensely in the last 12 months.. It might finally be good enough for the Mrs to use (We tried it once, she forgot her master password and couldn't figure out how to switch between apps smoothly when it couldn't auto-fill and my patience ran out.)
Click to expand...
Use cases may differ of course but I usually do most stuff from the PC. When using mobile devices I do not think I have ever used auto-fill; I just copy and paste between apps as required.
 
www.bbc.co.uk

South Staffs Water reveals data hack

Account numbers used for direct debit payments could have been hacked, South Staffordshire PLC says.
www.bbc.co.uk

*recent example*

A water company targeted by hackers says the bank details of customers could have been accessed and potentially leaked on the dark web.
South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, said it had started informing customers involved.
The firm serves more than 1.7 million people, but has not revealed how many of those are affected.
Click to expand...

Our personal information is now on so many computers and being stolen from unusual places that Keepass or Bitwarden self hosting is not going to stop hackers getting personal information, at least lastpass is being honest at the first opportunity ( can the same guarantee be given for others? ) and it's easier to change online passwords than it is your home address, phone and national insurance number from the data leaks.

And considering the vast majority of the internet uses openssl for encrypted links nothing is going to protect us from the ongoing ssl exploits that started with heartbleed even if you manually enter your passwords from memory.
 
Last edited:
I switched to BitWarden years back when Lastpass had a breach. On desktop the chrome extension has the same functionality as Lastpass. On mobile, it's better. Maybe they're more equal now after a few years, but at least back then it was better.

A major upside to BitWarden is if you have a server, you can host the BitWarden server API yourself and store your own stuff.
 
Last edited:
kindai said:
Having tried most of them, the answer is usually no, I end up going back to lastpass...
Click to expand...

pCloud Pass - Encrypted Password Manager

pCloud Pass helps you keep your passwords and gives you Instant SECURE access to all of them on all your devices. Log in to sites and fill out forms with a single click.
www.pcloud.com www.pcloud.com

pCloud - About us

pCloud is the most secure encrypted cloud storage, where you can store your personal files or backup your PC or share your business documents with your team!
www.pcloud.com www.pcloud.com

I've not tried it yet but pCloud Pass is new one that just been released and still under development, They are a massive Swiss cloud storage service that has been around for about 10 years.
 
Last edited:
2nd Lastpass breach in 12 months. Just a joke. Looks like state actors breached goto (Logmein) in order to access Lastpass.

They've got MCIRT in which will help, but at what cost?
 
Dashlane seems to be getting some good reviews, not the cheapest but I don't begrudge $40 for a service i entrust all my passwords to tbh.

Not tried it yet but am getting a bit concerned at these Lastpass breaches
 
Not my area of expertise and I haven't used Lastpass myself (I have for work systems previously) so no axe to grind, but if these hacks give zero access to passwords, what is the real risk of them?
 
I suppose it just shows they are a real target and although they say they've not not given away access to passwords I don't think they mention what other information may have been breached including account names and addresses etc? I like the way they are open and honest, I'm more concerned that little by little the bad guys are getting access to the Lastpass systems.

To be far I'm equally fed up with the number of sites/companies and services which seem to be breached on a regular basis losing our personal detail and then just seem to shrug their shoulders with an email which say "sorry" leaving consumers at the risk of ID and financial fraud. It's about time companies were held to account if they choose to be the custodians of customer data given they seem happy enough to monetarise that info for advertising etc
 
Last edited:
Macro said:
Not tried it yet but am getting a bit concerned at these Lastpass breaches
Click to expand...

Quantify the alarmism.

Its a security company, and much like many other companies they will be under constant attack vectors.

The only difference between this and others, is they inform you about it.
 
Macro said:
Dashlane seems to be getting some good reviews, not the cheapest but I don't begrudge $40 for a service i entrust all my passwords to tbh.

Not tried it yet but am getting a bit concerned at these Lastpass breaches
Click to expand...
I’ve been using Dashlane for the past couple of years and not had any issues. I got the family account to encourage my wife and kids to stop using the same passwords for sites and to have unique passwords per site.
 
Ice Tea said:
It doesn't seem to be on their current roadmap either.
Click to expand...

Thats a dealbreaker for me unfortunately.

Ever since Google decided that time to block transferring of authenticator codes to new devices and left me manually having to unattach and re-attach ~50 2fa codes, never again.
 
Anyone tried Keeper? A couple of local IT companies roll it out with their support packages so was considering giving it a go
 
Just got the email, they basically tried to downplay the fact they have everything about you but passwords now.

No warning about phishing emails or anything from other companies either, just themselves.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom