10 thoughts on “LastPass Hacked, Change Your Master Password Now

  1. omg Jason Bunting…  in DropBox ?   Horrible idea.  When (not if) hackers get access to your encrypted data they have all the time in the world to offline attack the data.  In the case of LastPass the encrypted “blob” was not stolen, just email addresses, salts and hashes.  In the case of your “solution” your encrypted data is absolutely at more risk.  When people roll their own solutions the risk increases.  Stick with the pros and let them do the crypto and storage of the data.

  2. Simon Cousins – my master password isn’t something simple, and I use two-form auth. Also, I wouldn’t call my solution “rolling my own” since it’s being done by many KeePass users. According to a couple of different password tools, my master password would require thousands of centuries to crack.

    Besides, it’s a cat and mouse game for everyone. You just have to find the level of risk which is acceptable for you.

  3. Top reason for me to not use cloud based password managers.

    Simon Cousins  Like Jason Bunting I too am using KeePass with the data base file in  one online storage and the key file in another. (Both the online storages have 2FA.).  The key file is apart from the master passpharse. 

    So two online storage systems have to be compromised for anyone to access the KeePass database and key file. In addition there is the master passphrase.

    By the way, if anyone is interested in generating great passphrases. (rather than passwords), check out Diceware http://world.std.com/~reinhold/diceware.html

    The main hassle most have with KeePass is its working with Chrome (on Linux) for autofill which LastPass solves.. However,  that inherently compromises the security