Lastpass been compromised

Freefaller · 30 Aug 2022 at 15:45

visibleman said:
Isn't that susceptible to a dictionary attack though?

I would have thought throwing in a few uppercase, numeric and symbol characters in to that would increase the difficult against both brute forcing and dictionary attacks

I don't think any one is saying open source is any more secure but it is a lot easier to independently verify, pen test and in turn fix security vulnerabilities given the number of eyes looking at it, whereas you're completely reliant on the "creator" (or bug bounties) with close source and hoping they are doing adequate testing.

I don't believe so, but I'm not an expert by any stretch.

How does it know where one word starts and finishes?

Ocukoverclockingbmwfanboyforum

There's already a few combos...

Fan, boy, for, king, clock, an, rum, over, ver, in, lock, plust undoubtedly many more... I think how a dictionary attack works is that it throws all the words in the dictionary, in all the combinations, but the chance of it getting in the right order is slim?

This is what it seems to think it would take - with just the capital at the front.

Admittedly by adding an exclamation mark at the end it increases it a lot - but even 2 decillion years feels pretty secure to me...

Ice Tea · 31 Aug 2022 at 10:23

mrk said:
And this is why I keep my passwords/logons and payment card data etc in Mozilla Sync.

Mozilla Sync is a password manager without the fancy user interface or a web vault, it still encrypts your passwords with a local key and then uploads the data to a online server the same as all the other password managers?

The Future of Sync

Intro There's a new Sync back-end! The past year or so has been a year of a lot of changes and some of those changes ...

blog.mozilla.org

The good news is, now it is a backup service. Sync is more reliable now. We use a distributed database to store your data securely, so we no longer lose databases (or your data echos).

I'm not sure if they mean their own private servers or if they use a cloud service?

Broken Hope said:
Passkeys.

Passkeys - Apple Developer

Passkeys are easier to use than passwords and far more secure. Adopt passkeys to give people a simple, secure way to sign in to your apps and websites across platforms — with no passwords required.

developer.apple.com

Microsoft, Google etc are going to support them.

I'm glad big names are behind it as when i first saw it mentioned i wrongly thought it was going to be a iOS thing.

Chuk_Chuk said:
I have so far only encountered one website that does that. It also made a lot of sense as, it was the type of website you would visit very infrequently (time frame in months or even years.)

Yeah the only site i've come across is odysee.com, seems to be very little interest in it so i hope the big names like Microsoft and Google can push a pass-wordless internet.

ChrisD. · 1 Dec 2022 at 14:35

Bump.

NooBish AbbZ · 1 Dec 2022 at 17:25

BDEE said:
Easy. Just use the same password for every login. Something easy too... "KidsName1975", or the like. No need for any sort of pw manager then.

and then 90 days later its 'Kidsname 1976', another 90 days passes and it's now 'Kidsname1977'. Before you know it, no one can remember how old Little Martin actually is