http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
LastPass Hacked, Change Your Master Password Now
Published
10 thoughts on “LastPass Hacked, Change Your Master Password Now”
You must log in to post a comment.
One of the reasons I didn’t go with last pass on the first place…
Jason Bunting for the record, LastPass offers several forms of two factor, from Google’s code generator to hardware keys.
Okay, good to know.
I use the open-source KeePass tool, with two-form and keep the file in DropBox in order to sync it across devices. It’s free and has never been a problem thus far. 🙂
omg Jason Bunting… in DropBox ? Horrible idea. When (not if) hackers get access to your encrypted data they have all the time in the world to offline attack the data. In the case of LastPass the encrypted “blob” was not stolen, just email addresses, salts and hashes. In the case of your “solution” your encrypted data is absolutely at more risk. When people roll their own solutions the risk increases. Stick with the pros and let them do the crypto and storage of the data.
Simon Cousins – my master password isn’t something simple, and I use two-form auth. Also, I wouldn’t call my solution “rolling my own” since it’s being done by many KeePass users. According to a couple of different password tools, my master password would require thousands of centuries to crack.
Besides, it’s a cat and mouse game for everyone. You just have to find the level of risk which is acceptable for you.
If anyone’s interested:
https://passfault.appspot.com/password_strength.html
https://howsecureismypassword.net/
I wouldn’t recommend typing your actual password into those, of course, but you can get an idea if you maybe do an off-by-one copy of one of your passwords, or something to that effect.
Cool links Jason Bunting. Check out my website on the whole question of passwords and length. It matters…. 😉
https://www.noxcivis.com/how-secure-is-my-password
Yes, I’m aware that password length matters.
Top reason for me to not use cloud based password managers.
Simon Cousins Like Jason Bunting I too am using KeePass with the data base file in one online storage and the key file in another. (Both the online storages have 2FA.). The key file is apart from the master passpharse.
So two online storage systems have to be compromised for anyone to access the KeePass database and key file. In addition there is the master passphrase.
By the way, if anyone is interested in generating great passphrases. (rather than passwords), check out Diceware http://world.std.com/~reinhold/diceware.html
The main hassle most have with KeePass is its working with Chrome (on Linux) for autofill which LastPass solves.. However, that inherently compromises the security