Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 01-19-2016, 01:41 PM   #21
Thinks s/he gets paid by the post
nash031's Avatar
 
Join Date: Jun 2013
Location: Coronado
Posts: 1,488
After reading this, I checked out Sean Cassidy's page and then dug a little bit more into the preferences and tools on LastPass. There are a few other recommendations I gleaned from the various places that weren't specifically mentioned:

- Use Firefox. It's tougher to spoof, though not impossible, since it uses operating system looks/feels instead of browser-specific ones. While a code could probably determine which OS you're on and spoof it, it's a more complex problem. (This is all about being a harder target for this stuff).

- Inside LastPass, you have the option to turn off all notifications in the browser bar, thus if you turn them off (uncheck them all under preferences), and something pops as a notification, you know it's bogus.

- Only access and/or log in to LastPass using the button on your browser, not through a website.
__________________

__________________
"So we beat to our own drummer in the sun;
We ask for nobody's permission to run.
I just wanna live in a world like that;
Now I'm gonna live in a world like that!" - World Like That, O.A.R.
nash031 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-19-2016, 02:39 PM   #22
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by nash031 View Post
...
- Inside LastPass, you have the option to turn off all notifications in the browser bar, thus if you turn them off (uncheck them all under preferences), and something pops as a notification, you know it's bogus.
Wouldn't this mean that LastPass cannot ask you if you want to include a recent new login/pw in your LastPass account? In Firefox one gets a green strip across the top of the window asking if you want to include the most recent new login/pw. This is very convenient and I do not think it is a security issue.
Quote:
- Only access and/or log in to LastPass using the button on your browser, not through a website.
If you did this as a practice, then maybe the change to preferences would not be necessary?
__________________

__________________
Lsbcal is online now   Reply With Quote
Old 01-19-2016, 02:47 PM   #23
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by Lsbcal View Post
Wouldn't this mean that LastPass cannot ask you if you want to include a recent new login/pw in your LastPass account? In Firefox one gets a green strip across the top of the window asking if you want to include the most recent new login/pw. This is very convenient and I do not think it is a security issue.
Yes, I believe this is correct, you have to add new sites manually. The convenience of that strip plays into the hackers' hands as it can apparently be "spoofed".
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-19-2016, 02:50 PM   #24
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 894
Quote:
Originally Posted by nash031 View Post
- Only access and/or log in to LastPass using the button on your browser, not through a website.

This is what I will make sure to do going forward. I appreciate threads like this because they remind me not be lazy, especially when entering passwords.

In practice, I rarely enter my Lastpass password. On my PC it stays logged in and on my iOS devices I use Touch ID. I do this so infrequently where at one point I was logged out and couldn't remember my password. I eventually figured it out (thankfully), but it had me worried for a bit.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 01-19-2016, 03:48 PM   #25
Thinks s/he gets paid by the post
nash031's Avatar
 
Join Date: Jun 2013
Location: Coronado
Posts: 1,488
Quote:
Originally Posted by Alan View Post
Yes, I believe this is correct, you have to add new sites manually. The convenience of that strip plays into the hackers' hands as it can apparently be "spoofed".

Exactly. That handy notification banner is an example of what this guy is talking about spoofing, except it is a login notification. That means by turning all notification banners off, anything that pops up isn't from last pass. I'd rather click once or twice more and have the added security, personally.
__________________
"So we beat to our own drummer in the sun;
We ask for nobody's permission to run.
I just wanna live in a world like that;
Now I'm gonna live in a world like that!" - World Like That, O.A.R.
nash031 is offline   Reply With Quote
Old 01-19-2016, 07:02 PM   #26
Dryer sheet aficionado
 
Join Date: Apr 2013
Posts: 43
Quote:
Originally Posted by nash031 View Post
- Inside LastPass, you have the option to turn off all notifications in the browser bar, thus if you turn them off (uncheck them all under preferences), and something pops as a notification, you know it's bogus.
Thank you for posting this option. I have been using LastPass for the last 5 to 6 years and like it very much. I had planned on only using the button on my browser, but now that I have turned off all of the notifications, I don't even need to be tempted to click on anything.

.
__________________
Many people take no care of their money till they come nearly to the end of it, and others do just the same with their time. -- Johann Wolfgang von Goethe
ClockWatcher is offline   Reply With Quote
Old 01-19-2016, 07:55 PM   #27
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by ClockWatcher View Post
Thank you for posting this option. I have been using LastPass for the last 5 to 6 years and like it very much. I had planned on only using the button on my browser, but now that I have turned off all of the notifications, I don't even need to be tempted to click on anything.

.
I agree, it was great advice and only a small inconvenience to the user for added security.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-19-2016, 08:39 PM   #28
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by Alan View Post
Yes, I believe this is correct, you have to add new sites manually. The convenience of that strip plays into the hackers' hands as it can apparently be "spoofed".
Generally the strip appears only after one is logging out of a new site. So it would seem to me that the timing indicates it is not a spoof. But that is maybe a small quibble and I guess I have to reluctantly agree that the best thing is manually setting up a new login.

Also sometimes that green strip has not worked for me or has worked in an incorrect fashion on some sites. So I have to correct the entry manually anyway.
__________________
Lsbcal is online now   Reply With Quote
Old 01-19-2016, 08:42 PM   #29
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Since we are talking about Lastpass, I want to mention one thing. I've set up my Lastpass so that if I want to see the password for an entry, I have to re-enter my Lastpass login. This is because should someone be able to see my Lastpass open vault, all the passwords won't be visible. For a phone with a fingerprint reader, this is easy to live with.

To do this: under Alerts in Advanced Settings, in "Re-prompt for your LastPass master password before you:" check the box for "Access a Site's password"
__________________
Lsbcal is online now   Reply With Quote
Old 01-19-2016, 08:54 PM   #30
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by Lsbcal View Post
Since we are talking about Lastpass, I want to mention one thing. I've set up my Lastpass so that if I want to see the password for an entry, I have to re-enter my Lastpass login. This is because should someone be able to see my Lastpass open vault, all the passwords won't be visible. For a phone with a fingerprint reader, this is easy to live with.

To do this: under Alerts in Advanced Settings, in "Re-prompt for your LastPass master password before you:" check the box for "Access a Site's password"
Good advice. This is something I have done from the start. I've only just disabled the in-browser window as a result of this thread.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-20-2016, 12:03 AM   #31
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 894
Great advice on this thread. Limiting show password is a good idea. I'm glad it was mentioned.

I've also disabled notifications and I'm not going to miss it one bit. A lot of sites that I visited where I already had a username/password would cause Lastpass to post a notification. I ignore it, but it's always annoyed me (and I've been too lazy to figure out how to get rid of it). Now I have the perfect solution: disable notifications completely.
__________________
tulak is offline   Reply With Quote
Old 01-20-2016, 12:05 AM   #32
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 894
Another security feature I've used since day one is to limit from what country my account can be accessed. It's always set for the US and when I travel, I enable countries that I'll be visiting and disable them when I get back. It probably isn't a lot of protection, but I figure everything helps.
__________________
tulak is offline   Reply With Quote
Old 01-20-2016, 08:31 AM   #33
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Good idea. I have it set to US too. No need to give those Eastern European hackers any advantages.
__________________
Lsbcal is online now   Reply With Quote
Old 01-20-2016, 10:16 AM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,337
Quote:
Originally Posted by kiki View Post
Another security feature I've used since day one is to limit from what country my account can be accessed. It's always set for the US and when I travel, I enable countries that I'll be visiting and disable them when I get back. It probably isn't a lot of protection, but I figure everything helps.
+1

I do the same thing. Given that many of these criminals operate from overseas, this makes perfect sense.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 01-20-2016, 10:29 AM   #35
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by kiki View Post
Another security feature I've used since day one is to limit from what country my account can be accessed. It's always set for the US and when I travel, I enable countries that I'll be visiting and disable them when I get back. It probably isn't a lot of protection, but I figure everything helps.

I also do this. Nice feature.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-20-2016, 10:38 AM   #36
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 894
Quote:
Originally Posted by Chuckanut View Post
+1

I do the same thing. Given that many of these criminals operate from overseas, this makes perfect sense.

True, but it's pretty easy to go through a VPN. I'm sure the people doing this are technical enough to figure that out, so the added protection is most likely limited.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 01-20-2016, 10:47 AM   #37
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by kiki View Post
True, but it's pretty easy to go through a VPN. I'm sure the people doing this are technical enough to figure that out, so the added protection is most likely limited.
True, but every little helps.

When we go to the UK and Europe in April it will be for 6 months so I'll turn off access from US ip addresses while we are over there.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-20-2016, 10:57 AM   #38
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by Alan View Post
True, but every little helps.

When we go to the UK and Europe in April it will be for 6 months so I'll turn off access from US ip addresses while we are over there.
Quick question for you or anyone who has been in Europe for an extended period. We were in Italy in September and my Nexus 7 tablet went a little wonky. It did a system update which I did not want but went through anyway while there possibly because I did not cancel the notification. In the future I would cancel any such notification until home. When I got home it was still acting up even with a patient Google engineer's assistance. So did a factory reset and reinstall. Actually the factory reset helped a bit in other ways but it was a pain to go through all this.

Pretty much stayed off wifi with the Nexus 5 phone and it had no problems.

Anyone have problems after using various hotel wifi in Europe?
__________________
Lsbcal is online now   Reply With Quote
Old 01-20-2016, 11:00 AM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,337
Quote:
Originally Posted by kiki View Post
True, but it's pretty easy to go through a VPN. I'm sure the people doing this are technical enough to figure that out, so the added protection is most likely limited.
Added protection is usually limited. Nothing new there.

A determined professional thief can get into my house no matter how well I lock it up. That doesn't mean I leave the front door unlocked and the back windows open for any lesser skilled criminal to enter my house.

Like my old grandpappy used to say "Never let the perfect become the enemy of the good."
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 01-20-2016, 11:04 AM   #40
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,132
Quote:
Originally Posted by Lsbcal View Post
Quick question for you or anyone who has been in Europe for an extended period. We were in Italy in September and my Nexus 7 tablet went a little wonky. It did a system update which I did not want but went through anyway while there possibly because I did not cancel the notification. In the future I would cancel any such notification until home. When I got home it was still acting up even with a patient Google engineer's assistance. So did a factory reset and reinstall. Actually the factory reset helped a bit in other ways but it was a pain to go through all this.

Pretty much stayed off wifi with the Nexus 5 phone and it had no problems.

Anyone have problems after using various hotel wifi in Europe?
In 2013 we spent 5 months in Europe, 9 different countries, and used the wifi in hotels and cafes a lot. Never had a problem with with my iPad, but I don't believe I did an O/S upgrade in that time.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Reply

Tags
lastpass, password, phishing


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LastPass hacked MichaelB Other topics 25 06-19-2015 01:54 PM
WSJ: 'Target' Funds Vulnerable to Rate Rise SumDay FIRE and Money 4 04-24-2013 06:19 PM
Heat Attack Grill Spokesman Dies of Heart Attack easysurfer Other topics 1 02-13-2013 04:55 AM
Potentially Devastating Social Security Offsets walkinwood FIRE and Money 12 11-09-2009 12:42 PM
Vulnerable Retiree Stories mickeyd FIRE and Money 7 12-21-2007 01:03 PM

 

 
All times are GMT -6. The time now is 12:34 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.