Potent LastPass Exploit Underscores the Dark Side of Password Managers

Archived From: Deal Discussion
  • Page :
  • 1
  • Text Only
rated:
https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

Ars Technica said: The vulnerability is the third one Ormandy has privately reported to LastPass this month.
 
Ars Technica said: Ultimately, password managers likely make the average user safer because they make it possible to use long, complex, and unique passwords. And that protects people in the event that their password is exposed in website breaches, which are much more common than real-world password manager exploits.

Previous posts:
Hack of Cloud-Based LastPass Exposes Encrypted Master Passwords 
LastPass Security Incident 

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Hmmm the 'binary' has some flaws. I wonder what it is.

I have a pretty good idea how they are doing it with the normal vault, but that way is normal theft and not anything 'special'

I love the irony that the most secure password manager is writing them all down on a piece of paper next to your keyboard.

Never considered using one. Excel file, on USB key stored in secure area, and printed several times a year. Passwords are all different. And secret answers are nonsensical like "First Car" might be "Fergo53#".

Lastpass was very buggy for me and I deleted it over a year ago.

Canary/Chrome...remembers you usernames and passwords...no problem and its free.

skarydrunkguy said:   I love the irony that the most secure password manager is writing them all down on a piece of paper next to your keyboard.
  It's me your cousin. I lost your address, mind sending it to me again?

Who would store all their passwords in a single place? One hack and you are done. The idea of Lastpass is stupid.

TheDealMaker said:   Who would store all their passwords in a single place? One hack and you are done. The idea of Lastpass is stupid.
  Really?  You don't store all your passwords in a 'single place'?  Damn it must be fun.

In a small ringed notebook they all go, sites are alphabetized. Change frequently so pages get torn out and shredded, requiring a new notebook every year that might be too much trouble for some.

I've never trusted services like that.

There is no great solution, every storage method has risks.

I skimmed a NY Times article tonight on their mobile site's front page (in relation to the law that is being changed about ISP data harvesting) about some things you can do to protect your data,
and I expected them to wheel out the same old recommendation about using a password manager service (like LastPass),
but instead, if I remember correctly, they said that the safest thing was actually to write down passwords on a post-it and keep it safe in your home, changing them frequently (I think they recommended bi-weekly).

There's no way I am going to change my passwords bi-weekly.
But I do have a system for creating my passwords so that they appear complex/random, yet which allows me to type a lot of my passwords from memory, even though I (try to) have unique passwords and email addresses for each account/situation. Where I do have to resort to my notes is when security questions come up (for which I make up unique, nonsense answers), or when the site in question has such restrictive password-creating rules that my generic password-devising system won't fit them, and I have to do a one-off (an example is a site I use where the password must begin with a punctuation mark).

Use a password manager that stores the data locally.

gremln007 said:   Use a password manager that stores the data locally.
  That doesn't matter, they are stealing it 'locally'.
 



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017