Rick_Head
Recycles dryer sheets
I guess us "amateurs" can learn as much from IT "experts" as we can from "financial [-]experts[/-] advisors".It was my understanding that LastPass was hacked in the last couple of months.
I guess us "amateurs" can learn as much from IT "experts" as we can from "financial [-]experts[/-] advisors".It was my understanding that LastPass was hacked in the last couple of months.
It was my understanding that LastPass was hacked in the last couple of months.
Thank you, I guess I'll continue to keep my passwords in a little inconspicuous notebook. I guess this is also why I've never felt comfortable using financial services sites like Mint that ask for all the passwords for one's financial life in order to aggregate the results.
I guess us "amateurs" can learn as much from IT "experts" as we can from "financial [-]experts[/-] advisors".
It seems that more than a few IT professionals parrot the talking points from the OS vendors without a lot of critical thought.
Kind of a well-paid, "information conduit" role.
Well, probably because the reporting on the story was hyped to sell magazines and get clicks.Exactly - I wondered why this didn't give anyone pause.
Well, probably because the reporting on the story was hyped to sell magazines and get clicks.
What they didn't report was that even if everything LastPass had was handed to hackers on a silver platter, the only risk to having your passwords compromised (i.e. decrypting a vault) would be to the silly person who didn't use a long and unguessable pass phrase. Everyone with a brain would still have all their passwords 100% secure. LastPass has information (email addresses) we'd rather not hand over to the hackers, but the breach was not as dire as presented by the hypemasters.
A few questions about a password keeper:
With 5 computers and a tablet, in three different locations, all synced with Chrome, how does this work? Separate on each computer?
LastPass keeps an encrypted file locally on each computer, there is also an encrypted file stored on the LastPass server. All the local LastPass files on your computers sync with the file stored on the LastPass server. So any web site login saved in LastPass on one computer will be shared on all your computers. LastPass is free for Windows but I believe there is a cost for tablets/phones (android).
Over 30 years, have signed on to many hundreds, maybe thousands of websites. Does a password keeper have to be changed for every website individually?
In short yes. When you log into a web site that isn't already stored in LastPass it will always ask you if you want to store it in LastPass, you're not require to. If you do LastPass will store whatever user name/password was used to log in to that site.
What kind of security does this provide when there are sites that have personal information, based on an email address where someone already has info on the original password... if I haven't gone back to that site for many years?
LastPass doesn't protect you from any website that gets hacked and the hackers get access to login information. It does make it easy to create and manage unique difficult passwords for each site so that no two sites use the same password, it's up to you to change the passwords frequently.
In simple terms, how does a password protector help protect from long forgotten, unvisited websites?
LastPass can't help you with old login accounts that aren't managed by LastPass. The key is to use LastPass to create unique difficult passwords for all sites that you do use.
As it stands today, I can go back and sign on to sites that I visited from AOL, back in 1985.
As stated above when you login to one of those sites after installing LastPass it will ask you if you want to store the login information in LastPass. It would be a very good idea at that time to not only save it but use LastPass password generator to create new passwords for you.
Emphasis added
Doesn't matter. It was still a breach. May have been "100% secure" this time but what about the next time. The "pause" it gave me was to confirm the decision I made when selecting a PM to go with KeePass, a PM not on any cloud anywhere.
See this for a nice list of the most recent sites people entrusted to ensure their data was 100% secure until it wasn't:
http://www.nytimes.com/interactive/...n-have-been-exposed-to-hackers-quiz.html?_r=0
Looks like very reasonable steps. Apparently from the limited research I've done there is no widely recommended virus scanning software for linux either.
KeePass is great too, but suffers from the same vulnerablility as LastPass...if they key a keylogger on your machine, the keys to the kingdom are lost. But that's a risk the KeePass and LasPass user have deemed acceptable for the convenience of having passwords at the ready.Emphasis added
Doesn't matter. It was still a breach. May have been "100% secure" this time but what about the next time. The "pause" it gave me was to confirm the decision I made when selecting a PM to go with KeePass, a PM not on any cloud anywhere.
See this for a nice list of the most recent sites people entrusted to ensure their data was 100% secure until it wasn't:
http://www.nytimes.com/interactive/...n-have-been-exposed-to-hackers-quiz.html?_r=0
KeePass is great too, but suffers from the same vulnerablility as LastPass...if they key a keylogger on your machine, the keys to the kingdom are lost.
...Your post implies that there is additional risk having the LastPass vault stored on LastPass' servers. We disagree on that point because I am as sure as I can be that even if 100% of the data that LastPass holds were handed over to hackers, the hackers would not be able to access my passwords. The system design is such that they (LastPass) simply do not have a way to decrypt the vault. So comparing a scheme where passwords are "protected" by a cloud service as opposed to LastPass who, with a gun to their head, could not produce my passwords, I think is not valid...
..
Reply in bold, this applies to LastPass only.
Reply in bold, this applies to LastPass only.
...nothing stored in the cloud is safe...
Hey. You. Get offa my clo-owd.It's clouds illusions I recall,I really don't know clouds at all...