• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


Lastpass HACKED
#1
http://www.techworm.net/2015/06/lastpass...posed.html

Strongly suggest anybody using it changes passwords on any site they use it with
Reply
#2
Thanks Renton, always had reservations aout lastpass.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#3
Not all that concerned, hearing about their encryption methods. Might change my master password though.
Reply
#4
I prefer keepass.
Reply
#5
I've always stored random encrypted passwords locally for exactly this reason.
Who the fuck is Psychoactive Substances Bill and why is he taking all my drugs?
Reply
#6
My concern exactly WAS. Encryption may be strong but it is not unvreakable, leave you pw database online and you've allowing someone to steal your kingdom and take their merry time to create a key to open it.

As for Allen suggesting he'll change his master password I don't see how that helps. If the attacker got the list of hashes, and the salts, and so I will assume this allows everythimg to be cracked offline and once it's cracked they have entire decrypted databases, meaning all of allens old passwords are now plaintext just allens own online database has a new master password.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#7
lastpass says only stuff like emails and password reminders were stolen and that all things in your vaults werent

i think ill just change my master password plus I never do password reminders
Reply
#8
Sorry can someone explain in layman a terms what this site does/ is /was used for?
Reply
#9
Quote: LastPass also said that though the hashed master passwords saved on the company servers may be compromised but there is no direct or evident proof that there was an attack against the password program service.

Change of password is definitely in order.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#10
If the hashes are out there many will be cracked from simple rainbow tables, but if it's only the passwords for Lastpass themselves that were stolen and not the passwords stored in the accounts then changing the master password would be enough. However in case the extent of the breach is being downplayed it is probably smart to change each password just in case.

(17-06-2015, 11:15 AM)King Wrote: Sorry can someone explain in layman a terms what this site does/ is /was used for?

It generates random passwords for your online accounts and stores those in an account at Lastpass itself. The idea is that having randomised passwords for each account makes them more secure, which is true if it's done right, but the problem here is that those passwords are stored on an online database which opens up a new threat.

Personally I just type up random passwords into my encrypted keychain stored locally, so I still have random passwords but they're only stored on my machine not a server somewhere.
Who the fuck is Psychoactive Substances Bill and why is he taking all my drugs?
Reply

Reddit   Facebook   Twitter  




Users browsing this thread:
1 Guest(s)

   
DISCLAIMER
Any views or opinions posted by members are solely those of the author and do not necessarily represent those of the UKCR staff team.