Lastpass hacked? dont panic yet.

[spinkick-pro]

LastPass recently followed a string of breadcrumbs that pointed to an anomaly in its network traffic on Tuesday. Though such anomalies aren't unusual, LastPass found a matching anomaly in one of its databases. Unable to identify a root cause for either anomaly, the company made the decision to assume the worst--that some of its data had been hacked.

LastPass forcing members to change passwords | Security - CNET News

LastPass : The last password you'll have to remember: LastPass Security Notification

I tried to change my master pass, it didn't work. My old one still works. Don't bother trying now. They're overloaded. They also said if you haven't been asked to change your pass you should be fine. I think it may be people over reacting to the whole playstation incident. ​

 

[DomboCom]

^^^ why I stick with KeePass

 

[Lithium.]

Everything and anything can be hacked, you just have to help prevent it and make it less vulnerable.

 

[-Matt-]

^^^ why I stick with KeePass

Yup.

 

[Diplex]

Meh, changed password this morning, not really worried tbh.

 

[Sonny Forelli]

in other news acclaimed privacy author J.J. Luna nearly asphyxiates on coffee this morning while LOLLING that so many people would trust an unknown entity with the majority/ALL of their vital passwords.

 

[Lithium.]

Of course, because Sonny manages to remember all of his several hundred different 15 character passwords mentally.

 

[DanWesson]

If money is exchanged with it (bank, Paypal, affiliate network) I don't put it in Lastpass. Everything else is captured. Sure I could suffer data loss, but I've got backups and I'm really not worried If I can't get back into some web 2.0's and whatnot.

So, what's different about keepass? How is it unhackable?

 

[-Matt-]

So, what's different about keepass? How is it unhackable?

KeePass stores it's database on your own computer, so all your passwords aren't on some webserver - even if encrypted. Plus with keepass you can control how many rounds of encryption you want for your database, the more the safer however it also adds to the time it takes to open.

 

[kingfish]

KeePass stores it's database on your own computer, so all your passwords aren't on some webserver - even if encrypted. Plus with keepass you can control how many rounds of encryption you want for your database, the more the safer however it also adds to the time it takes to open.

All that and the bonus that if your house burns down you lose them all.

Honestly it looks like they're handling this extremely well from reading their blog. They are taking the extreme paranoia route for what most companies would ignore which is the right way for them to go.

 

[DanWesson]

Yep, the post on their blog did not alarm me at all, and I haven't been contacted to change my password.
Storing all the passwords on one machine defeats the purpose of why I use Lastpass in the first place, so I won't be switching.

 

[-Matt-]

All that and the bonus that if your house burns down you lose them all.

Only if you're retarded enough to not keep multiple mirrored backups. This goes for all your data - keep regular (at least daily) backups. This is easily automated.

Personally, I set high encryption rounds on my databases then store them in a truecrypt container which syncs with Dropbox since I need access to my passwords on several devices. Still much safer than storing them with lastpass or 1password.

 

[cardine]

"Do you want Iron to remember your password?"

Why make it any harder than it needs to be?

All that and the bonus that if your house burns down you lose them all.

Honestly it looks like they're handling this extremely well from reading their blog. They are taking the extreme paranoia route for what most companies would ignore which is the right way for them to go.

A company that's entire business is keeping your information safe better be taking a paranoid approach to a potential data breach.

 

[lschmidt]

Of course, because Sonny manages to remember all of his several hundred different 15 character passwords mentally.

All of my passwords are 15+ characters containing upper and lower case letters, numbers, and symbols. No two passwords are the same, because the password is partially derived from the domain name the password is for. That makes it easy to remember...you just remember a "password template." Most of the characters are static, and only a few characters change depending on the domain name. Problem solved.

 

[amateursurgeon]

This is why I just use "password1234" for all my passwords. That way I don't have to write it down anywhere where someone might hack in and see it.

 

[webtrend]

Rule #1: Don't use any dictionary words as your master password
Rule #2: Use 2-factor authentication (LastPass supports several, I use Yubikey)

 

[o hai guyz]

This is why I just use "password1234" for all my passwords. That way I don't have to write it down anywhere where someone might hack in and see it.

looololololol

I write down my important passwords on a post-it note stuck on my bulletin board next to a bunch of other post-it notes. For important shit like PayPal and bank accounts I just remember them.

 

[juntao65]

This is why I just use "password1234" for all my passwords. That way I don't have to write it down anywhere where someone might hack in and see it.

Bullshit. I tried getting into your WF account to post a tits thread without tits. Missing a 5 or something?

 

[Spinefisher]

Personally, I set high encryption rounds on my databases then store them in a truecrypt container which syncs with Dropbox since I need access to my passwords on several devices. Still much safer than storing them with lastpass or 1password.

This is gonna be perfect for me. I've been using Lastpass for about a year but after that possibly-hacked shit happened I grew irretrievably apprehensive. At least fewer will attempt to hack Dropbox primary in search of a password thing.

 

[lukep]

All of my passwords are 15+ characters containing upper and lower case letters, numbers, and symbols. No two passwords are the same, because the password is partially derived from the domain name the password is for. That makes it easy to remember...you just remember a "password template." Most of the characters are static, and only a few characters change depending on the domain name. Problem solved.

^This. I know all my passwords, hundreds of them.

Basically I have two password templates, one for financial accounts and the other for everything else. Naturally it'll be harder to crack my financial accounts, it's about twice as long, and of course there are no dictionary words in any of them. -Yet I've got them all memorized.