Hope none of yall use LastPass

winb83 · Dec 22, 2022

Some hacker has all the personal information LastPass had on you including your name and email account as well as an encrypted copy of your LastPass vault that has unencrypted data connected to it like all the web site URL address you have accounts for in the vault.

They can't get into your vault and get the passwords unless they brute force your master password successfully but they have far too much info on LastPass customers.

humminbird · Dec 22, 2022

i don't but that's awful

Bubba T · Dec 23, 2022

Absolutely unacceptable the way they disclosed this to customers, especially days before Christmas where people are traveling and don’t have their laptops/desktops.

Deltron · Dec 23, 2022

i use another pw manager

but these managers are both a gift and curse cause you never know how shytty their setups are

Fatboi1 · Dec 23, 2022

Damn I use Lastpass. I'm about to change all of my important accounts password ASAP.

winb83 · Dec 24, 2022

Grizzly · Dec 24, 2022

I see most LastPass people migrating to BitWarden. Hopefully the people over there learn from LP's mistakes and tighten the fukk up.

winb83 · Dec 24, 2022

Grizzly said:
I see most LastPass people migrating to BitWarden. Hopefully the people over there learn from LP's mistakes and tighten the fukk up.

If you put your password vault on a cloud service eventually it's going to have a security event. These companies are all targets. How secure you are on any of these services depends on you following best practices.

I've spent the last few hours changing all my major passwords. I'll probably over the next few weeks start getting new credit card numbers as well. My master password was decent but it's better to be safe than sorry. Still haven't decided if I'm going to leave Last Pass because I'm not going to fall for a fishing scheme and the vault passwords and account names are just as likely to be compromised on Last Pass as any other service.

The only real beef I have with LastPass is they did not encrypt what accounts you have. I'll be creating a new email address and migrating all my accounts to that. Last Pass can keep the email that is tied to them so my Last Pass email will be separate from my account emails.

Deltron · Dec 24, 2022

2FA, either via an app or physical security keys are good extra layers I can't emphasize enough

Rev Leon Lonnie Love · Dec 24, 2022

I use pass, the commandline passoword manager for linux. On top of that I have 2FA activared for things like email, and other important accounts that support it. I can generate the paaswords and OTP for those accounts using the same tool. Its really one of my most useful tools i use everyday.

winb83 · Dec 24, 2022

Deltron said:
2FA, either via an app or physical security keys are good extra layers I can't emphasize enough

The problem with the LastPass event is that hacker has the actual vault which is snapshot at the time of all the passwords and account names. Even If they are encrypted in a few years the encryption of today isn't as secure so while right now it's safe later it might not be.

I put 2FA on all accounts possible but in many respects it's a false security blanket. If they're sending you text codes it's trash. I don't think email codes are all that much better. Both your cell phone and email can be compromised.

It all comes down to this. The less convenient it is for you the more secure it is.

Deltron · Dec 24, 2022

winb83 said:
The problem with the LastPass event is that hacker has the actual vault which is snapshot at the time of all the passwords and account names. Even If they are encrypted in a few years the encryption of today isn't as secure so while right now it's safe later it might not be.

I put 2FA on all accounts possible but in many respects it's a false security blanket. If they're sending you text codes it's trash. I don't think email codes are all that much better. Both your cell phone and email can be compromised.

It all comes down to this. The less convenient it is for you the more secure it is.

yeah the text or email ones are garbage...app based ones like for adobe, MS, or the code generated ones are a little better.

but I roll with the physical key whenever possible

winb83 · Dec 24, 2022

Deltron said:
yeah the text or email ones are garbage...app based ones like for adobe, MS, or the code generated ones are a little better.

but I roll with the physical key whenever possible

I mean really what major sites allow a physical key outside of maybe Google? Most sites you're lucky if you can get a text or email 2FA method.

Brian O'Conner · Dec 24, 2022

I thought this was an Xbox joke until the 7th post :laff:

winb83 · Dec 24, 2022

My strategy in recreating a new master password was to make a sentence and then take that sentence and use the first letters of all the words in it. Then insert special characters and numbers into it.

I managed to create one that's like over 20 characters and while I can remember it it's also nonsensical because it doesn't have any real words in it at all. Unfortunately for me my last master password had a real word included in it hence I now need to reset all my passwords. While it had numbers and characters in it also still that's no longer enough.

Hope none of yall use LastPass

More options

winb83

52 Years Young

humminbird

Veteran

Bubba T

Superstar

Deltron

The Return

Fatboi1

Veteran

winb83

52 Years Young

Grizzly

Home Run Hitter

winb83

52 Years Young

Deltron

The Return

Rev Leon Lonnie Love

damned mine eyes, DAMNED mine eyes!!

winb83

52 Years Young

Deltron

The Return

winb83

52 Years Young

Brian O'Conner

All Star

winb83

52 Years Young