• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


Lastpass HACKED
#11
I usee keepassw which generates and stores passwords, just like lastpass but not stored online and there are many others. Passwordsafe, 1password.....

As far as the hashes being nicked and allen says they used a good hashing algorithm so even dictionary attacks will be slow and only the simplest hashes will be cracked in in a reasoable time if lastpass have done what they said.

If they have stolen the hashes and downloaded any users actual databases then they are sitting waiting for the hash to be cracked and then, yep, they have your passwords even if you changed your master password.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#12
(17-06-2015, 04:04 PM)WeAreScientists Wrote: If the hashes are out there many will be cracked from simple rainbow tables, but if it's only the passwords for Lastpass themselves that were stolen and not the passwords stored in the accounts then changing the master password would be enough. However in case the extent of the breach is being downplayed it is probably smart to change each password just in case.

(17-06-2015, 11:15 AM)King Wrote: Sorry can someone explain in layman a terms what this site does/ is /was used for?

It generates random passwords for your online accounts and stores those in an account at Lastpass itself. The idea is that having randomised passwords for each account makes them more secure, which is true if it's done right, but the problem here is that those passwords are stored on an online database which opens up a new threat.

Personally I just type up random passwords into my encrypted keychain stored locally, so I still have random passwords but they're only stored on my machine not a server somewhere.




Cool thanks a lot for your reply WAS
Reply
#13
Personally, I write them all down in a random notebook.....'Noooooooooooooo......' cry all the securatechs, 'yes yes' say I, who will only lose them in technology and no burglar/random will find my notebook amongst the clutter.....and anyway, I have little to lose chin
This.....is real life
Reply
#14
(17-06-2015, 10:39 PM)tralala Wrote: Personally, I write them all down in a random notebook.....'Noooooooooooooo......' cry all the securatechs, 'yes yes' say I, who will only lose them in technology and no burglar/random will find my notebook amongst the clutter.....and anyway, I have little to lose chin

They did a bit about this on QI and to be honest it's a good point. Burglars aren't after your passwords, and hackers can't get your passwords off your paper. As long as the notepad is stored separately from the computer you're probably alright. But full disk encryption can't hurt in case of theft regardless, just to make sure they won't snoop through your porn collection and whatnot. I'm surprised more computers don't come with full disk encryption on automatically considering that's the standard for smartphones nowadays.
Who the fuck is Psychoactive Substances Bill and why is he taking all my drugs?
Reply
#15
Is far safer than leaving them on your computer if they are at home. You manage to keep plenty of valuable pieces of paper safe every day. I hope.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#16
(17-06-2015, 10:46 PM)WeAreScientists Wrote:
(17-06-2015, 10:39 PM)tralala Wrote: Personally, I write them all down in a random notebook.....'Noooooooooooooo......' cry all the securatechs, 'yes yes' say I, who will only lose them in technology and no burglar/random will find my notebook amongst the clutter.....and anyway, I have little to lose chin

They did a bit about this on QI and to be honest it's a good point. Burglars aren't after your passwords, and hackers can't get your passwords off your paper. As long as the notepad is stored separately from the computer you're probably alright. But full disk encryption can't hurt in case of theft regardless, just to make sure they won't snoop through your porn collection and whatnot. I'm surprised more computers don't come with full disk encryption on automatically considering that's the standard for smartphones nowadays.

Porn collection?!! How very dare you! No, the passwords are nowhere near laptop, though if anyone dares to steal my phone, I'm pretty fucked, but  (famous last words), I'm pretty good/neurotic at preventing that happening and not leaving it lying around
This.....is real life
Reply
#17
Happy
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#18
No no I didn't buy a 64GB microSD just to put the entire contents of Kink.com on my phone don't be silly.
Who the fuck is Psychoactive Substances Bill and why is he taking all my drugs?
Reply
#19
No, you had to upgrade to 128GB so you could save some phone numbers in there as well.
"To fall in hell or soar angelic you need a pinch of psychedelic".
Humphry Osmond to Aldous Huxley (in a book)

https://www.youtube.com/watch?v=fxGqcCeV3qk
Reply
#20
(17-06-2015, 11:16 PM)Kompressor Wrote: No, you had to upgrade to 128GB so you could save some phone numbers in there as well.

I registered with them ages ago, and today, I had to get them to send me a hint for my password, but the hint did not help, so I had to go through thier recovery procedure, but it failed as I did not have lastapass plugin on this computer, so I installed it from mozilla as i use firefox.
Anyway, it let me choose a new password and when I tried to go through the recovery procedure for my old one, in case others can still hack that, I got this message from lastpass

"LastPass account recovery failed for [email protected]


Your current web browser did not save account recovery data on this computer.
Please try account recovery again with every browser and on every computer you have ever used LastPass on.

To protect your security and privacy, we do not know what your actual LastPass Master Password is.
If account recovery fails everywhere and you still can not remember your password,
then your only recourse is to delete your existing account and create a new one."


I am now worried that I have reregistered under same email, but old pwd can still be hacked, also,, I cannot  remember all the computers and phones i used lastpass on.

can anyone help pls?
Reply

Reddit   Facebook   Twitter  




Users browsing this thread:
1 Guest(s)

   
DISCLAIMER
Any views or opinions posted by members are solely those of the author and do not necessarily represent those of the UKCR staff team.