Hacked account - worried about security

one of the significant "advances" in the hackers arsenal is the availability of tools to automate the exploitation of stolen credentials which may have been reused across multiple sites.

so if you are shown as having lost your user credentials on sony or adobe etc...then these credentials are likely being tried on other websites.

of course, your original password will have been stored hashed (and hopefully salted) - but there are ways e.g. rainbow table to derive the original password.

a quick word of caution, many companies do not disclose breaches - so a green light on haveibeenpwned.com only means that you are not on a known/disclosed list.

personally i don't quite trust lastpass etc. because they are themselves targets...and often rely on a single master-password which if ever compromised would give an attacker access to ALL your passwords.
 
personally i don't quite trust lastpass etc. because they are themselves targets...and often rely on a single master-password which if ever compromised would give an attacker access to ALL your passwords.
Does the free tier of LastPass have 2FA?
 
I'm on the fence about lasspass. I think it might be useful for less important passwords. But not to keep everything there.

Single Silo of data is not very secure.
 
How secure and trustworthy are these mobile phone apps that store your passwords? I always wondered if they store any details on their own servers which could be another breach point.
 
Back
Top Bottom