ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Multiple LastPass Vulnerabilities Discovered Recently

<< < (2/5) > >>

mwb1100:
Just installed LastPass yesterday and deleted logins from my browser.  What now?
-fredemeister (March 21, 2017, 08:19 PM)
--- End quote ---

you could export your data from LastPass (https://lastpass.com/support.php?cmd=showfaq&id=1206) and put it into something else?

fredemeister:
Just installed LastPass yesterday and deleted logins from my browser.  What now?
-fredemeister (March 21, 2017, 08:19 PM)
--- End quote ---

you could export your data from LastPass (https://lastpass.com/support.php?cmd=showfaq&id=1206) and put it into something else?
-mwb1100 (March 21, 2017, 08:52 PM)
--- End quote ---

See on their forums they've fixed the problem with Chrome, and working on the FF version.  May just wait a while since I spent the effort and time migrating away from the browser this week.

wraith808:
Nothing about LessPass?  Surprisingly little activity on that thread, and that's what I'm looking at switching to.
-wraith808 (March 21, 2017, 08:11 PM)
--- End quote ---

LessPass uses very interesting ideas, but I don't plan to move to it because I have an old-fashioned password manager program that runs locally (though it does sync the encrypted database via dropbox - or maybe it's google drive). I manually copy/paste my passwords instead of using any browser integration.  I'm happy with that solution.  I believe it's safe enough for me because even though the database is in the cloud, it's not in a centralized database with a lot of users - anyone compromising it would be someone targeting me specifically rather than collecting passwords for thousands or millions of people.

Though I would be quite interested in hearing about anyone else's experience - maybe it'll convince me to switch.

-mwb1100 (March 21, 2017, 08:49 PM)
--- End quote ---

I have a different use case, wanting to share with my wife so that in case something happens to me, or I'm just incommunicado, she has access to all of them.  She's not technically inclined, nor does she switch things or like technology switches lightly.  I don't think that KeePass satisfies my needs from those requirements.  LessPass seems to do so, in a deceptively simple way.

Just installed LastPass yesterday and deleted logins from my browser.  What now?
-fredemeister (March 21, 2017, 08:19 PM)
--- End quote ---

you could export your data from LastPass (https://lastpass.com/support.php?cmd=showfaq&id=1206) and put it into something else?
-mwb1100 (March 21, 2017, 08:52 PM)
--- End quote ---

See on their forums they've fixed the problem with Chrome, and working on the FF version.  May just wait a while since I spent the effort and time migrating away from the browser this week.
-fredemeister (March 21, 2017, 10:17 PM)
--- End quote ---

Yeah, to say multiple vulnerabilities in this case seems a little less than forthright, considering that I don't think that anyone would be exposed to both.

Deozaan:
Yeah, to say multiple vulnerabilities in this case seems a little less than forthright, considering that I don't think that anyone would be exposed to both.
-wraith808 (March 21, 2017, 11:40 PM)
--- End quote ---

Just because they fixed it quickly doesn't mean it wasn't discovered recently.

And supposedly, even though the Chrome extension automatically updates, the vulnerable Firefox extension, even though it's older, is still the most widely used version (on Firefox, possibly). So it seems quite possible to me for someone to be exposed to both the Chrome and Firefox vulnerabilities if they haven't been keeping their software up to date.

KeePass or bust
-rgdot (March 21, 2017, 07:55 PM)
--- End quote ---

Would you care to expound on what, in your opinion, makes KeePass so great compared to the myriad other password managers out there?

rgdot:

Would you care to expound on what, in your opinion, makes KeePass so great compared to the myriad other password managers out there?
-Deozaan (March 22, 2017, 01:22 AM)
--- End quote ---

Certified/audited, open source, offline.

More generally, it really doesn't require a technical analysis or knowing the technology insideout to have reached the point that storing things online is a risk, this is not even paranoia at all, I am hardly paranoid, it's a fact of life. Even a service with a perfect security record is waiting to be the next to fall. We live in a world where there is interest to not only 'large scale' hacking ala Yahoo email but small scale too (I am member of at least two sites, not big sites really, whose database was stolen, the DB  would be of zero value other than if some users used same passwords elsewhere) ... my point being hackers are random and go after all sorts of targets, in such a scenario all are at risk and the domino will eventually fall.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version