Lastpass been compromised

“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
 
Even though they only got to a developer computer i dare say we'll have to put up with those people that carry their entire life on a USB stick preaching "told you so".

:)
 
These online password management systems are a terrible idea. They are such an attractive target for attacks, corrupt insiders, or penny pinching (as no-one actually wants to pay for it), its just a matter of time before they get compromised. They are literally dangling the crown jewels infront of every state actor and criminal.

The old joke of passwords being on a post-it note on a monitor as being an example of lack of security is kinda hollow these days. I'd trust a post-it note in my home office before I'd touch a cloud password system.
 
Haze said:
Yeah, I had one from plex
Click to expand...

I deleted my accounts as I rarely use Plex anymore.

Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset
Click to expand...
 
Loagi said:
These online password management systems are a terrible idea. They are such an attractive target for attacks, corrupt insiders, or penny pinching (as no-one actually wants to pay for it), its just a matter of time before they get compromised. They are literally dangling the crown jewels infront of every state actor and criminal.

The old joke of passwords being on a post-it note on a monitor as being an example of lack of security is kinda hollow these days. I'd trust a post-it note in my home office before I'd touch a cloud password system.
Click to expand...
If someone got into mine, they'd have my passwords and nothing else. They wouldn't know which website they're used on or the usernames associated with them because I don't save that info on there.
 
Loagi said:
These online password management systems are a terrible idea.
Click to expand...

We no longer live in the 90's where one person sits behind a single PC so big it was hard to move we now live in a internet connected society with various computers at Home, work, laptops, tablets, mobile phones , socializing and traveling abroad.

How does someone got about accessing and managing all their passwords in a simple convenient way (that can be used by all age groups and technical ability) without an online password manger?
 
Ice Tea said:
We no longer live in the 90's where one person sits behind a single PC so big it was hard to move we now live in a internet connected society with various computers at Home, work, laptops, tablets, mobile phones , socializing and traveling abroad.

How does someone got about accessing and managing all their passwords in a simple convenient way (that can be used by all age groups and technical ability) without an online password manger?
Click to expand...
Easy. Just use the same password for every login. Something easy too... "KidsName1975", or the like. No need for any sort of pw manager then.
 
Loagi said:
These online password management systems are a terrible idea. They are such an attractive target for attacks, corrupt insiders, or penny pinching (as no-one actually wants to pay for it), its just a matter of time before they get compromised. They are literally dangling the crown jewels infront of every state actor and criminal.

The old joke of passwords being on a post-it note on a monitor as being an example of lack of security is kinda hollow these days. I'd trust a post-it note in my home office before I'd touch a cloud password system.
Click to expand...

100% agree.
 

People online like reddit are freaking out as if the entire password database has been stolen and decrypted, followed by everyone screaming run for Bitwarden, followed by Bitwarden is open source so anyone can see the code to hack it, followed by everyone run for keepassXC, followed by i'm not using that it's too complicated. :D

Though they have a point about KeepassXC, flick through the video above and see how much piddling about there is just for browser integration.

 
Loagi said:
These online password management systems are a terrible idea. They are such an attractive target for attacks, corrupt insiders, or penny pinching (as no-one actually wants to pay for it), its just a matter of time before they get compromised. They are literally dangling the crown jewels infront of every state actor and criminal.

The old joke of passwords being on a post-it note on a monitor as being an example of lack of security is kinda hollow these days. I'd trust a post-it note in my home office before I'd touch a cloud password system.
Click to expand...

Bad take along with everyone who agreed with you. That's not how this works.

Even if they managed to compromise vault storage locations, they would still need your master password to get access to anything, as the vaults are encrypted on the servers. Lastpass has been compromised a few times over the years, yet not once have attackers been able to access actual vault data. Use a strong master password with sufficient 2FA (like a yubikey) backup and you are completely fine.
 
Gigabit said:
1Password is the best. Not been compromised to the best of my knowledge. Data based in the EU etc
Click to expand...

Disagree. Bitwarden is superior to 1Password. It does everything 1Password does and more, and as it is all open source, you can actually trust what it says. 1Password is closed source and very much a 'trust us' company. No need for that when Bitwarden exists.
 
You must log in or register to reply here.
Back
Top Bottom