Do not use same username and pw ANYWHERE

defxor

hero member

Activity: 530

Merit: 500

Quote from: lakingsfan12 on October 09, 2012, 04:20:25 PM

At some point you have to trust someone. It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex. According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."

Only your encrypted passwords are stored at LastPass. Since they don't have your key (the passwords are decrypted locally when you access them) it's impossible for someone to get your passwords from LastPass even if they hack their servers. They still need to somehow get your password from you.

Quote from: MaxSan on October 09, 2012, 04:24:50 PM

pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.

The password to the account was the same as a string visible in the leaked source code. That's extremely bad password management - of course your LastPass master password should be extremely secure and unique.

I'd also recommend using two factor authentication towards your LastPass account. Google Authenticator on an Android mobile is an easy and painless solution.

tl;dr: Use unique strong passwords everywhere. Never re-use passwords. LastPass helps you accomplish just that.

dirtycat

sr. member

Activity: 456

Merit: 250

so your saying I shouldn't use the same username / pass at all sites I register with?

cedivad

legendary

Activity: 1176

Merit: 1001

Quote from: RodeoX on October 09, 2012, 02:31:07 PM

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.

Try it and then tell me.
I know about the physics under the wood, but its still fantascientific.

MaxSan

sr. member

Activity: 369

Merit: 250

lol LastPass

pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.

Stupid idea, nice way to make it easy for people to rob you, only have to log a single passoword and they gain all access.. magic.

lakingsfan12

newbie

Activity: 4

Merit: 0

Quote from: pre4ead on October 09, 2012, 04:14:10 PM

Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?

At some point you have to trust someone. It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex. According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."

I have been using lastpass for at least 3 years now and have been very happy with it. The only problem I find is when I am away from my computer and want to log into a financial site or something - I have no idea of my password and have to do a little jumping around to their site to find it - but its worth it.

pre4ead

newbie

Activity: 12

Merit: 0

Are there potential vulnerabilities with LastPass? (eg if someone accesses your LastPass, they have all of your passwords). Is there a risk here?

Foxtra

newbie

Activity: 28

Merit: 0

I didn't know LastPass, I just tried. It's amazing thx a lot.
EDIT : By the way, get one month free premium account for free signing here : https://lastpass.com/f?728556

nobbynobbynoob

hero member

Activity: 784

Merit: 1000

Annuit cœptis humanae libertas

Quote from: RodeoX on October 09, 2012, 02:31:07 PM

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.

Electromagnetic shielding is available for the truly paranoid! (Probably only via the black market in some countries?)

Kontakt

sr. member

Activity: 266

Merit: 250

With the right hardware you can keylog by looking over the person's shoulder with a satellite.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

With the right hardware you can keylog just by reading the tiny amount of electromagnetic energy that bleeds off each time you strike a key. Even if your not connected to a network.

Kontakt

sr. member

Activity: 266

Merit: 250

It would be interesting to design a hardware solution to this; some sort of keyboard that transmits encrypted data that could be decoded by a plugin in the web browser that would print the cleartext in the fields selected.

ryann

member

Activity: 70

Merit: 10

Quote from: WorldOfBitcoin on October 09, 2012, 02:02:17 PM

Quote from: ryann on October 09, 2012, 01:56:00 PM

The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords

On screen keyboards can still be seen by a trojan. If they are recording your screen they will see which buttons you pushed.

WorldOfBitcoin

member

Activity: 102

Merit: 10

Quote from: ryann on October 09, 2012, 01:56:00 PM

The only way to stop a keylogger is by using key encryption software.

Or use on screen keyboard for important passwords

ryann

member

Activity: 70

Merit: 10

The only way to stop a keylogger is by using key encryption software.

Handle

newbie

Activity: 12

Merit: 0

This is very important! Some years back I found some databases of forums via google because the backup folders were not protected at all! One was from a forum with several thousand members. Sometimes it needs no uber-skilled crook to hack a site and steal their database, even admins of large sites can be lazy and / or careless so the best thing is always to expect the worst and choose a strong password you use only for that specific site. Tools for this (KeePass and so on) have already been mentioned here.

AwkwardSituation

newbie

Activity: 29

Merit: 0

Yeah two factor authentication would be nice to have everywhere, I use it for my gmail account myself. No I have never had a bad experience with this, but i have helped hundreds of people who have.

LastPass, KeePass, yeah good stuff. Use it people. Damn these forums get a TON of action, there probably aren't enough moderators man.....This is probably one of the busier forums I have seen.

nobbynobbynoob

hero member

Activity: 784

Merit: 1000

Annuit cœptis humanae libertas

Keyloggers are indeed pure evil, but good password management won't immunize one from those anyway, only multi-factor authentication (Yubikey, SMS verification, etc.) can do that.

RaTTuS

hero member

Activity: 792

Merit: 1000

Bite me

just get yourself a lastpass [free] account and use it

pekv2

hero member

Activity: 770

Merit: 502

lol.

I had a thread written up and was stickied, but members kept trolling it, I ended up clearing the OP and locking it. Lets see how many more threads like this one here pop up. You can thank the mods for not cleaning up the OT posts and trolls.

Belami

newbie

Activity: 5

Merit: 0

Did you have a bad experience with this?

Topic: Do not use same username and pw ANYWHERE (Read 1767 times)