Teams
Forum List
Toggle sidebar

Password Managers

charlie_B said:
Every time I see this thread, I think, "who got hacked?" And without fail, almost every time, it is LastPass. lol

On a more serious note, I also use Bitwarden and like it.
Click to expand...

In this case it's really one big hack, of which more details keep coming to light over an extended period of time. But for sure, Lastpass is really showing to be both technically deficient and not very forthcoming about what happened.
 
Trice said:
This just keeps getting worse. If I'm reading this correctly, a subset of Lastpass customers affected by this breach basically had the entire contents of their accounts stolen, including encryption keys - which would make available full access to all their accounts to the hackers with this info in their possession. I hope Lastpass is communicating to affected customers directly because they've been pretty dodgy with the media.

www.cnet.com

Still Using LastPass? You Need to Do These 5 Things

Spoiler alert: One of those things is to find a new password manager.
www.cnet.com www.cnet.com
Click to expand...
I’m not seeing the encryption keys piece, where do you see that?
 
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

 
  • Like
Reactions: Cyclonepride
simply1 said:
I’m not seeing the encryption keys piece, where do you see that?
Click to expand...

My bad, I had a couple tabs related to that story open and assumed they had pretty similar content. Here is another story that specifically references the encryption keys, but I read it too quickly yesterday and left out some context.

It isn't known specifically that LastPass encryption keys were taken. But encryption keys from some of GoTo's (LastPass' parent company) other products were taken. While LastPass has not been confirmed to be among them, some of its users have complained that passwords that resided in their vaults were accessed and used, which would suggest that LastPass encryption keys were also taken in order to access these vaults.

So probably, but not confirmed. Given the way LastPass has botched this response, we'll see if that gets confirmed in another month or two.
 
  • Like
Reactions: simply1
dmclone said:
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

Click to expand...


Can you give a quick summary? Curious if these things apply to Bitwarden specifically or all password managers.
 
Trice said:
Can you give a quick summary? Curious if these things apply to Bitwarden specifically or all password managers.
Click to expand...
Just little tips like
Turn off Chrome password
Turn off Save and Fill address in Chrome
Create Profile in Bitwarden to pre-fill things like name, address, etc.
Decide how often to make you put in master password or use PIN instead
Check for data breaches
Change vault timeout

Most of the other tips I was already doing

Oh, instead of filling out the fields when creating a new account, do it inside of bitwarden instead.
 
  • Like
Reactions: Trice
dmclone said:
Just little tips like
Turn off Chrome password
Turn off Save and Fill address in Chrome
Create Profile in Bitwarden to pre-fill things like name, address, etc.
Decide how often to make you put in master password or use PIN instead
Check for data breaches
Change vault timeout

Most of the other tips I was already doing

Oh, instead of filling out the fields when creating a new account, do it inside of bitwarden instead.
Click to expand...

All good suggestions. You really can use these as a personal database of sorts. Add photos of your driver's license, passport, personal info, etc. for easy reference at any time.
 
dmclone said:
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

Click to expand...

A good quote less than 30 seconds in: "it's long and something you've never used before" ;)
 
I switched from last pass family to 1password family and have been very pleased with the switch. 1password works a lot more smoothly on websites and the autofill.
 
Trice said:
My bad, I had a couple tabs related to that story open and assumed they had pretty similar content. Here is another story that specifically references the encryption keys, but I read it too quickly yesterday and left out some context.

It isn't known specifically that LastPass encryption keys were taken. But encryption keys from some of GoTo's (LastPass' parent company) other products were taken. While LastPass has not been confirmed to be among them, some of its users have complained that passwords that resided in their vaults were accessed and used, which would suggest that LastPass encryption keys were also taken in order to access these vaults.

So probably, but not confirmed. Given the way LastPass has botched this response, we'll see if that gets confirmed in another month or two.
Click to expand...
What is meant by “encryption keys” in this context? LastPass doesn’t have users master passwords and they can’t access people’s vaults even if they wanted to so I’m not sure what a hacker could get that would allow them immediate access. I think the danger is still just from brute force cracking. I guess the keys could be for data LastPass collects like names, addresses, credit cards, etc. but that was known already.
 
ricochet said:
What is meant by “encryption keys” in this context? LastPass doesn’t have users master passwords and they can’t access people’s vaults even if they wanted to so I’m not sure what a hacker could get that would allow them immediate access. I think the danger is still just from brute force cracking. I guess the keys could be for data LastPass collects like names, addresses, credit cards, etc. but that was known already.
Click to expand...

Honestly, I'm not sure of the answer to your question. The way I read the story at first was that if hackers had the encryption keys they would be able to use them to easily decrypt encrypted information in users' vaults rather than wait while attempting to access accounts via brute-force attacks. But I also can't square that with the question you raise about how Lastpass shouldn't be able to gain access to the vault in the first place.

And to repeat, as of the story I linked to above, encryption keys for Lastpass itself have not been confirmed to have been stolen. That story infers that they were, however, because users are complaining of their accounts being accessed.
 
  • Winner
Reactions: ianoconnor
Bader said:
*Heavy sigh* should probably finally migrate this **** to Bitwarden
Click to expand...

I should have pointed out, if it wasn't already clear, this is not a new breach but continued fallout from last year's breach.
 
I've tried all of the main ones over the years and Bitwarden seems the easiest to have a shared folder with my wife (and actually gets her to use the damn thing). LastPass was great back in it's early years.
 
Anyone use Proton Pass? Any thoughts?

proton.me

Proton Pass: Open Source Password Manager App | Proton

Proton Pass is an open source, end-to-end encrypted password manager app. Create and store passwords, email aliases, 2FA codes, and notes on all your devices
proton.me proton.me

I believe it is somewhat new.

Unlike browser-based password managers -- Safari, Edge, Firefox, Brave, Chrome, etc. -- it seems to work well (and more efficiently) and across all of these.
 
You must log in or register to reply here.

Help Support Us

Become a patron
Top Bottom
Back