I remember a very long time ago now it used to be debates between Keepass vs Lastpass and who was better.
Lastpass breach reddit password#
Lastpass just happened to come along at a time and become very successful as one of the first popular mainstream password programs anyone could easily use. None of the programs are immune to this, it's just human nature. The black hats are going to go where the people are, over time as all the other password manager programs build up the clientbase and gain numbers the target percentages to attack them increases. Lastpass screwed up, and there are frankly better alternatives. However, the Hacker has obtained the email address associated with your Laspass account, and assuming you use the same email address for the Coinbase account (which you are likely to do so), then the hacker can send you a targeted email pretending to come from Coinbase, with links that if clicked could result in giving access to the hacker. Thus, if you had an account with say, Coinbase (a crypto exchange), the hackewr can see this from the hack even though he does not know your Coinbase login details. The attacker though already has all the email addresses associated with Lastpass accounts, and this combined with the URL information is a disaster waiting to happen. Not encypting URLs, which 1Password and Bitwarden, was a majot failure by Lastpass because the hacker can use this information for targeted attacks even though though the hacker may be unable to decrypt the vaults. The two main reasons I left LastPass are that they were not transparent about the breach and also that they do not enctypt URLs. Hacks and Breaches seem to come a lot more often now and it could happen to another Password Manager so I just see it that we need to be as pro-active regarding our own security as we possibly can. This does not mean I am done with LP but I shall remain cautious and careful. I also have left the Last Pass Authenticator Disabled & I use YubiKey for my Default 2FA. As for Last Pass I am still subscribed but do not have anything of importance left there. However, from what I understand from some, even with that, I could have had info lifted from the Last Pass Vault. I had already had my Last Pass at 600000 iterations, I had 2FA with YubiKey and a strong Master Password.
I exported all my Last Pass to Bit Warden, changed my passwords on my financial sites and whatever sites I considered important and did not want to be compromised. I took cover to protect myself early on after finding out about the Breach.
0 kommentar(er)
