Aces High Bulletin Board
General Forums => The O' Club => Topic started by: AKIron on December 23, 2022, 07:32:35 AM
-
They were hacked. An encrypted database was stolen. The hackers will be trying to guess/crack master passwords. If they do they can access your user names and passwords.
My master password is pretty good and unlikely to be cracked but I'm changing the passwords on my accounts stored there.
-
What is Last Pass?
-
Keeps your passwords, a password vault. It was considered one of the best. I think that just changed.
-
If you are letting your browser remember your passwords then it's doing the same thing. If you use Google Chrome and let it remember them then know that by default they are synced to the cloud. Or at least last time I checked. That makes them as vulnerable to hackers as LastPass was.
-
What a PIA. Mine are probably protected by my long master password but I'm not taking any chances and changing all my passwords. I was long overdue anyhow.
-
Yepp... It's convenient to let a program remember your passwords with you only having to remember one that should be strong enough and then some. It's also convenient if the passwords are in the cloud, migrating to a new computer will be just that much faster. But... If it's man made, it's man hackable.
The only fool proof way to store passwords from hackers is a tiny book where you write them down and keep the book updated. Even that isn't 100% safe as the services you use can be hacked but if you use good password hygiene and never use the same in other services, only one service at a time is endangered.
Hope you're safe behind that long master password. Changing that might suffice but as you can't tell whether they've already figured that out it's safest to change them all.
-
I don't trust that the thieving hackers won't be able to find a way around the master passwords. I've already changed about 20, the more important ones.
-
Lastpass was always a handy idea, but I just never trusted using those type sites.
Hope yall are not messed with in any way.
-
It is convenient for keeping passwords made from long strings of characters/symbols/numbers. I'm not giving up on it just yet but no accounts stored even remotely tied to money. I was already pretty careful in not doing that.
-
Yepp... It's convenient to let a program remember your passwords with you only having to remember one that should be strong enough and then some. It's also convenient if the passwords are in the cloud, migrating to a new computer will be just that much faster. But... If it's man made, it's man hackable.
The only fool proof way to store passwords from hackers is a tiny book where you write them down and keep the book updated. Even that isn't 100% safe as the services you use can be hacked but if you use good password hygiene and never use the same in other services, only one service at a time is endangered.
Hope you're safe behind that long master password. Changing that might suffice but as you can't tell whether they've already figured that out it's safest to change them all.
I use Last Pass precisely because I can't take the chance on a hard copy of all my passwords being found. I'm in the unique situation of having a narcissistic sociopath in the house with me. That should be changing soon but until it does...no way I'm making a hard copy.
My long master password is really a sentence. Try guessing that. ;)
-
My long master password is really a sentence. Try guessing that. ;)
Johnhasalongmoustache
-
Dang, now I gotta change mine.
-
theLlamaisaquadroped
Sent from my SM-G991U using Tapatalk
-
Johnhasalongmoustache
The chair is against the wall, the chair is against the wall.
See? I knew you couldn't guess it.
-
My long master password is really a sentence. Try guessing that. ;)
Ialw@ysforgeTMyp@55w0rd
-
:rofl :rofl :rofl :rofl :rofl :rofl :rofl :rofl :rofl :rofl
-
256 bit encryption will be hard to break. I'm guessing the hackers will have to break each users account individually. I use MFA for all my important accounts. Glad for that.
Of course the hackers don't have to break the encryption, just crack the Master Password.
-
You assume they didn't steal the private key for the encryption at the same time they stole the data. The thing is to use the data you need to have the key accessible, so it will all depend on their key management. If you lose the key, doesn't matter what encryption level you have.
-
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
"The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client. For more information about our Zero Knowledge architecture and encryption algorithms, please see here.
There is no evidence that any unencrypted credit card data was accessed. LastPass does not store complete credit card numbers and credit card information is not archived in this cloud storage environment."
-
There's a chance the hackers may learn something that will enable them to defeat LastPass' security in the future. Unlikely but possible. If you want to void that risk I suggest exporting your passwords to a csv. Them delete them all in LastPass. Then change your LastPass Master Password to something almost impossible to crack. Then, using that csv, change the passwords in all the accounts there. Updating the csv with the new passwords as you go. Probably oughta keep the old passwords in it too. Print it out and delete the csv or keep it on a secure flash drive.
Of course you don't want the recently changed passwords back in LastPass so uninstall it. Cancel the Last Pass account once it's empty if you're paying for it. No real need to if it's a free account provided it's empty.
-
Guess you could encrypt the .csv and store it on your computer. 7zip can do that with 256-bit AES and it's free.
-
"and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.
Sweet, pretty robust system then.