Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
I recommend anyone trying BitWarden. Run them side by side if you have too.
Much more secure.
Much more secure.
Another LastPass Security Incident
- Thread starter Ice Tea
- Start date
So for disclosure - i used to architect and sell quantum safe cryptography into UK defence and financial institutions globally. That included a technology demonstrator to the current international space station for the next space station.
My take is simple - apple/amazon/google/microsoft spend many, many times the operational budget of the likes of one pass or other smaller players in securing keys/authentication - so use them. (Apple/amazon as a preference).
The large players are working on delivering quantum safe (ie the next generation) whereas the existing smaller players are jumping on the bandwagon before it’s mature enough to be secure.
My take is simple - apple/amazon/google/microsoft spend many, many times the operational budget of the likes of one pass or other smaller players in securing keys/authentication - so use them. (Apple/amazon as a preference).
The large players are working on delivering quantum safe (ie the next generation) whereas the existing smaller players are jumping on the bandwagon before it’s mature enough to be secure.
Last edited:
South Staffs Water reveals data hack
Account numbers used for direct debit payments could have been hacked, South Staffordshire PLC says.www.bbc.co.uk
Cambridge Water: Chief apologises for customer bank details leak
Customers received letters saying their names, addresses and contacts had appeared on the dark web.www.bbc.co.uk
Would moving to a different area and a different water company suddenly make the customer data safe (and will the new company be as transparent) and if the company had been open source would that have stopped the hackers when it's been proven beyond doubt via the ongoing exploits of OpenSLL that open source code doesn't do jack **** for security?
All password mangers are a target and all password managers store the data on cloud unless you self host so now as the bitwarden user base grows it will become a higher value target to hackers and open source code exploits.
In my opinion.
Whats OpenSSL got to do with anything?
A utility provider supplies you utility and whilst they should be keeping your data safe that isn't their primary business.
A password manager DOES have security and privacy as thier primary business. You cant draw parallels between the two.
You seem to be confusing my point and ignoring other parts of it. The bottom line is data can be stolen and, as we have seen, does get stolen. LastPass made assurances about ZeroKnowledge encryption of user data and that wasnt that case. Thats the biggest issue here.
But yes - Moving from LastPass to another provider SHOULD make them more transparent and if not at least change their working practices.
As would everyone leaving one water conpany to another following a failing.
WTF!
Another WTF! moment.
That was just an example of how easy it is for hackers to get personal information that is of high value and hard to change, you have no control of all the computers that hold your personal information (apart from GDPR which doesn't tell you what companies are holding your details) but you do have some control over a password manger by changing your passwords in a timely manner when a company like lastpass informs users at the first legal opportunity.
Last edited:
I was debating about moving everything to Keychain as one option, although I also have secure notes in LastPass as well.
I wonder how safe the secured option is in the Apple Notes app?
Main problem is I do use Windows as well and the integration isn’t very good so I’ve heard.
WTF!
Another WTF! moment.
That was just an example of how easy it is for hackers to get personal information that is of high value and hard to change, you have no control of all the computers that hold your personal information (apart from GDPR which doesn't tell you what companies are holding your details) but you do have some control over a password manger by changing your passwords in a timely manner when a company like lastpass informs users at the first legal opportunity.
Found the LastPass shill it seems. Im not going to waste more time articulating how this is more than a data loss issue for LastPass. The headlines are that they lied about ZeroKnowledge encryption and then spent 4 months determining and/or publishing the full extent of the breach.
This isn't about control and it certainly isnt about OpenSSL which we all know about, but for some reason you think is pertinent to LastPass storing key customer data in unecrypted forms.
So you think latpass URL's not being encrypted is worse than the OpenSSL Heartbleed exploit that stole millions of our passwords that we will never know about as there was no logs?
I think data and passwords being stolen has everything to do with data and passwords being stolen, not sure why you're trying to differentiate or why you would even think it was shilling?
I think that Yubikeys with WebAuthn can be a great addition to a secure password management solution. I have enabled WebAuthn with a number of my critical accounts, and use support for WebAuthn as a barometer for whether that company has good security practices or is stuck in the stone age, like many companies here in the USA that still only support SMS or email based 2FA.
What. Are. You. Talking. About!?
Encrypted URL?!??
I'm out. You dont read, nor comprehend.
Last edited:
Caporegime
- Joined
- 21 Nov 2005
- Posts
- 41,250
- Location
- Cornwall
Changed all of my financial passwords yesterday, tried logging in to my Scottish Widow app today on my iPhone and it kept saying wrong password unless I used my old password. New password works fine on the web, just not on mobile, and the reviews on the app store confirm the issue.
Do these companies not care or is it just incompetence?
Do these companies not care or is it just incompetence?
Soldato
- Joined
- 21 Oct 2011
- Posts
- 22,381
- Location
- ST4
Halifax are also severely lacking in the password dept. Can't use my usual formula to create a password as it's too long and uses characters that Halifax don't allow. Why the **** is prohibiting certain characters even a thing?
Last edited:
Soldato
- Joined
- 18 May 2010
- Posts
- 23,010
- Location
- London
I use keepassxc
Their antique systems literally can't handle special characters and it would be expensive to upgrade them.
Because they're dumb.
Some idiot in IT decided on some arbitrary rules just because and then they got stuck with them.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
That’s not the case. Some systems can’t handle special chars and haven’t been coded to handle them yet.
Yeah iirc it's under my account settings, did mine a couple of weeks ago as it was left dormant.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
You all need to make sure that accounts that are not used is deleted and removed from systems. Go through websites you used to use and remove/delete/close dormant accounts as soon as possible.
Eh? How is that not the case? For what reason can't they handle special characters other than by design?
Reset master password, now some incredibly large number of years to guess.
120 odd sites updated. About a third the way through.
Closed some accounts where the option was obvious.
Joy.
Will finish over the next few days then look at options to migrate away.
A refund would be nice too lol
120 odd sites updated. About a third the way through.
Closed some accounts where the option was obvious.
Joy.
Will finish over the next few days then look at options to migrate away.
A refund would be nice too lol
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
BitWarden