ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Lastpass hacked proper

<< < (2/3) > >>

mouser:
If they don't have the hash, and it's correctly secured with 256-bit AES, you're still safe, right?
--- End quote ---

Assuming everything was coded well, and that you used a sufficiently strong master passphrase to encrypt your password collection.  But if you did not use a strong master password...

x16wda:
Note there are some threat actors that are harvesting possible high value encrypted files to hold onto until the tech is fast enough to do the breaking.

wraith808:
Note there are some threat actors that are harvesting possible high value encrypted files to hold onto until the tech is fast enough to do the breaking.
-x16wda (December 24, 2022, 08:12 PM)
--- End quote ---

Yeah, I'm planning to change - already using Bitwarden, but just haven't gotten everything over yet. And planning to change passwords. Just wanted to know how credible the threat is right now to prioritize.

4wd:
I've never trusted password managers, but I've started using KeePass. It has no requirement to sync to the cloud, so I don't.
-daddydave (December 23, 2022, 06:37 PM)
--- End quote ---

Been using Keepass for years, it syncs to iDrive Cloud Drive, (mainly as a backup but also so I have access to the database file via browser/app if needed), and via OneDrive sync plugin which the Android app uses as the database, (syncing any local changes back to it which then propagate to computers).

rjbull:
What's insane is all of these password managers are absolutely fanatical about convincing you to put your passwords on the web -- ostensibly so that you can sync to multiple devices, but perhaps more importantly so they can sell subscription software as a service regular fees.
-mouser (December 23, 2022, 04:50 PM)
--- End quote ---

That's what I thought, too...

Roboform has been pathological about forcing people to move to their roboform "everywhere" plan where your all of your sensitive password data is stored on their servers.
-mouser (December 23, 2022, 04:50 PM)
--- End quote ---

I find their hyping of "Everywhere" tiresome.  Yet they still allow you to use RoboForm "Free," if you are content not to sync and not to have the other extra features in "Everywhere" (such as 2FA).  Comparison of "Free" and "Everywhere" is here: https://www.roboform.com/en/everywhere  Presumably they genuinely value their cloud storage.  I don't; I think there's some kind of principle here.  I don't intend to generate important things like passwords, hand them to someone else for storage, then hire back their use.  But, I've reinstalled RoboForm Free, because it still seems better than e.g. Sticky Password for complicated form-filling.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version