Author Topic: After PSN. Who's next? (Read 20271 times)

Deozaan · « **Reply #25 on:** May 06, 2011, 05:03 PM »

I'm not happy with LastPass right now.

I just went out of town today to stay at my sister's house for the weekend. I tried to sign into LastPass so I could sign into my other accounts, but due to this recent anomaly they wanted me to verify that I was myself. They did this by sending me an e-mail.

How am I supposed to log into my e-mail account to get the verification e-mail when my 40 character password to my e-mail account is stored away in my LastPass account that I can't log in to until I verify my e-mail?

phitsc · « **Reply #26 on:** May 06, 2011, 05:18 PM »

How am I supposed to log into my e-mail account to get the verification e-mail when my 40 character password to my e-mail account is stored away in my LastPass account that I can't log in to until I verify my e-mail?

-Deozaan (May 06, 2011, 05:03 PM)

That's a 2.8E64 years brute force attack (according to the Excel sheet from here)

Lashiec · « **Reply #27 on:** May 06, 2011, 06:06 PM »

How am I supposed to log into my e-mail account to get the verification e-mail when my 40 character password to my e-mail account is stored away in my LastPass account that I can't log in to until I verify my e-mail?
-Deozaan (May 06, 2011, 05:03 PM)

And this why you should always know what the password to your e-mail account is, since it's your ID around the web. And a 40 character passphrase should be strong enough, I guess

Deozaan · « **Reply #28 on:** May 06, 2011, 06:41 PM »

But LastPass was supposed to be the last password I'd need to remember.

Ever.

Says so right on their website and Twitter profile.

cthorpe · « **Reply #29 on:** May 06, 2011, 11:41 PM »

I know it sucks that you can't access anything right now, but the fact that you can't actually points to LastPass doing its job. There is a chance, however slim that may be, that your encrypted password was accessed by a third party. You are trying to log in from an ip address outside of your home isp's block. From their end, you could very well be one of the hackers.

I'd take inconvenience over lax security.

tomos · « **Reply #30 on:** May 07, 2011, 03:48 AM »

But LastPass was supposed to be the last password I'd need to remember.

Ever.

Says so right on their website and Twitter profile.
-Deozaan (May 06, 2011, 06:41 PM)

I followed the suggestions in the link quoted below - & changed my email password yesterday to an easy to remember phrase (three words, a little quirky so it's not too easy).

Nobody dismisses '"brute force" cracking techniques as being impractical any more. Today's multicore CPUs make it an extremely workable crack for most passwords people are able to commit to memory.
-40hz (May 05, 2011, 09:55 AM)

Check this out concerning brute force cracking of passwords. Was posted just recently somewhere.
-phitsc (May 05, 2011, 10:12 AM)

I was trying to change my LastPass password yesterday and couldnt - I think it was overloaded...
[edit] Still overloaded $:-\$ - Sorry! We are a bit overloaded right now. Try again in a few hours. [/edit]

Deozaan · « **Reply #31 on:** May 08, 2011, 09:05 PM »

In retrospect, I do think that LastPass did the right thing. I just didn't like the method they used for verifying I was who I said I was, since I was stuck in a loop.

Luckily I had my phone with me (even though I no longer have phone service on it) and luckily it had the password to the wifi where I was, so I was able to access my e-mail on my phone and regain access to services while I was out of town.

Anyway, here's an article about how the Lastpass Disclosure Shows Why We Can't Have Nice Things.

Author Topic: After PSN. Who's next? (Read 20271 times)

Deozaan

Re: After PSN. Who's next?

phitsc

Re: After PSN. Who's next?

Lashiec

Re: After PSN. Who's next?

Deozaan

Re: After PSN. Who's next?

cthorpe

Re: After PSN. Who's next?

tomos

Re: After PSN. Who's next?

Deozaan

Re: After PSN. Who's next?