Author Topic: LastPass (Read 1680 times)

Shuffler · « **Reply #15 on:** December 24, 2022, 02:53:56 PM »

AKIron · « **Reply #16 on:** December 24, 2022, 03:22:03 PM »

256 bit encryption will be hard to break. I'm guessing the hackers will have to break each users account individually. I use MFA for all my important accounts. Glad for that.

Of course the hackers don't have to break the encryption, just crack the Master Password.

Vulcan · « **Reply #17 on:** December 25, 2022, 12:22:14 AM »

You assume they didn't steal the private key for the encryption at the same time they stole the data. The thing is to use the data you need to have the key accessible, so it will all depend on their key management. If you lose the key, doesn't matter what encryption level you have.

AKIron · « **Reply #18 on:** December 25, 2022, 10:06:20 AM »

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

"The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client. For more information about our Zero Knowledge architecture and encryption algorithms, please see here.

There is no evidence that any unencrypted credit card data was accessed. LastPass does not store complete credit card numbers and credit card information is not archived in this cloud storage environment."

AKIron · « **Reply #19 on:** December 25, 2022, 10:33:07 AM »

There's a chance the hackers may learn something that will enable them to defeat LastPass' security in the future. Unlikely but possible. If you want to void that risk I suggest exporting your passwords to a csv. Them delete them all in LastPass. Then change your LastPass Master Password to something almost impossible to crack. Then, using that csv, change the passwords in all the accounts there. Updating the csv with the new passwords as you go. Probably oughta keep the old passwords in it too. Print it out and delete the csv or keep it on a secure flash drive.

Of course you don't want the recently changed passwords back in LastPass so uninstall it. Cancel the Last Pass account once it's empty if you're paying for it. No real need to if it's a free account provided it's empty.

Bizman · « **Reply #20 on:** December 25, 2022, 11:02:22 AM »

Guess you could encrypt the .csv and store it on your computer. 7zip can do that with 256-bit AES and it's free.

Vulcan · « **Reply #21 on:** December 25, 2022, 01:51:26 PM »

Quote from: AKIron on December 25, 2022, 10:06:20 AM

"and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Sweet, pretty robust system then.

Aces High Bulletin Board

Author Topic: LastPass (Read 1680 times)

Shuffler

Re: LastPass

AKIron

Re: LastPass

Vulcan

Re: LastPass

AKIron

Re: LastPass

AKIron

Re: LastPass

Bizman

Re: LastPass

Vulcan

Re: LastPass