Pages:
Author

Topic: LastPass hack - move your crypto assets to a more secure place right now! (Read 514 times)

legendary
Activity: 2590
Merit: 1022
Leading Crypto Sports Betting & Casino Platform

I'm also using bitwarden but I don't know how to use the self-host option Grin Grin.

And most people don't have to, since self-host usually costs more (due to cost of VPS or hosting service). But FYI, Bitwarden is kind enough to create tutorial about self-host option which can be seen at https://bitwarden.com/blog/host-your-own-open-source-password-manager/.

I'm even using their free version and what's even better is that with the free version Cheesy Cheesy, we also get sync to all devices, and unlimited storage...It can be said that if someone is looking for a free password management application to save money, bitwarden is the most perfect choice we have.
I see people mentioning KeepassXC a lot and I'm planning on switching to it, but I think I'll keep using Bitwarden. Thank you for your useful information about bitwarden.
sr. member
Activity: 658
Merit: 441
I deleted all my data as well as my Lastpass account as soon as I switched to another app, but I don't know if it was actually deleted from their servers, it's hard to know.
Deleting your information from your LassPass account does not mean that you're actually safe because they've cloud storage and everything is been backed up there. If you've important account login details stored on the app, my advice is for you to change your password immediately to avoid been locked out of your account by an intruder. Also, if you store your seed phrase or private keys on the app and you're lucky to still have your assets intact, quickly create a new wallet and move your funds.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
--snip--
I can't access that link either, but I just tried Google "Best password managers Reddit recommends in 2023" and it shows up to 4 to 5 similar topics and all both are recommended for Total Passwords. I've also never heard of it before, I think it might be paid promotional posts rather than reviews from real Reddit users. Aside from a brief introduction to the pros and cons of each app, those threads don't provide any evidence that Reddit users participated in the voting.

Nice find. It looks like someone perform SEO spam which target google search engine. In addition, all of them have similarity where they only include link to "total password". So i'm sure now that this password manager shouldn't be trusted. But FWIW, when using DuckDuckGo with same search keyword, the result is slightly better.

I'm also using bitwarden but I don't know how to use the self-host option Grin Grin.

And most people don't have to, since self-host usually costs more (due to cost of VPS or hosting service). But FYI, Bitwarden is kind enough to create tutorial about self-host option which can be seen at https://bitwarden.com/blog/host-your-own-open-source-password-manager/.
sr. member
Activity: 728
Merit: 388
Vave.com - Crypto Casino
There is nowhere else that's safer with your private keys and recovery seeds than you handling it yourself, some one stole the company's worker credential is just stupid, as you can all see, writing down your recovery seed in a paper is better than entrusting it on any platform, this is for people that can't do a thing themselves, either they are ignorant or they are too lazy to take the time responsibility.

Either the link OP dropped is sketchy or not, people still do this stupid things today, even if the password company is running on a block chain don't ever trust them, recovery seeds and private keys doesn't exists so that people can keep in the hands of strangers.

While I have used some trusted password mangers I still get some scam attempts on my accounts, pass code got sent to my email address when I am not trying to login, the only thing keeping me safe is they have no access to my email account.
legendary
Activity: 2590
Merit: 1022
Leading Crypto Sports Betting & Casino Platform



Which reddit community you're talking about? Anyway, without any detail i would assume most voted as most popular.



[1] https://bitcointalksearch.org/topic/warning-password-manager-lasspass-has-been-breached-accessed-customer-data-5424994

Like I said, I'm not a tech person and I don't know the difference between these apps other than that bitwarden and Lastpass are different in open source and closed source. So I tried searching the reddit community to see which apps were best recommended. This is an article I found on reddit and Totalpassword is actually a fairly new name to me. And I also see people here talking about keepassXC more.

https://www.reddit.com/r/passwordmanagerapps/comments/17004y6/best_password_manager_according_to_reddit_in_2023/

I'm not expert, but there are few things i notice after reading that reddit link you mentioned,
1. It only list online/cloud-based online password manager.
2. User who create that list has been suspended.
3. It's weird that user only provide link to "Total Password" while he also mention 4 different online password manager.
4. While checking the post, i accidentally refresh the page and saw message "Sorry, this post was removed by Reddit’s filters. " which replace the post.

Personally i'd recommend you to forget what you've read since it seems shady.

P.S. For other reader, while Bitwarden have self-host option, i expect average people wouldn't bother setup one manually.

I can't access that link either, but I just tried Google "Best password managers Reddit recommends in 2023" and it shows up to 4 to 5 similar topics and all both are recommended for Total Passwords. I've also never heard of it before, I think it might be paid promotional posts rather than reviews from real Reddit users. Aside from a brief introduction to the pros and cons of each app, those threads don't provide any evidence that Reddit users participated in the voting.

I'm also using bitwarden but I don't know how to use the self-host option Grin Grin.
sr. member
Activity: 1400
Merit: 283
DGbet.fun - Crypto Sportsbook



Which reddit community you're talking about? Anyway, without any detail i would assume most voted as most popular.



[1] https://bitcointalksearch.org/topic/warning-password-manager-lasspass-has-been-breached-accessed-customer-data-5424994

Like I said, I'm not a tech person and I don't know the difference between these apps other than that bitwarden and Lastpass are different in open source and closed source. So I tried searching the reddit community to see which apps were best recommended. This is an article I found on reddit and Totalpassword is actually a fairly new name to me. And I also see people here talking about keepassXC more.

https://www.reddit.com/r/passwordmanagerapps/comments/17004y6/best_password_manager_according_to_reddit_in_2023/
hero member
Activity: 1246
Merit: 508
Leading Crypto Sports Betting & Casino Platform
I don't use LastPass. I don't even keep important passwords in my browser's password manager.
All the important passwords are stored in my head. Grin
If the website is actually important it should have a 2FA feature as well, at that point even if you have the password you can't do much about it. Not sure what kind of memory you have but if your password are actual words it's not safe at all. If you are capable to remember several passwords made with random letters, numbers and special characters then kudos to you, that's impressive.

That is not only impressive but also extraordinary and I believe that very few people can actually do that. Even when we remember phone numbers, we can only remember a few phone numbers of our loved ones, while like me, there are hundreds of passwords and extremely complex passwords such as capital letters, numbers, characters...I don't think anyone will remember such passwords. I don't know if he was joking or telling the truth, because it's extremely difficult and also very dangerous because if we forget, there will be no second way to get it back.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I believe the main difference between Bitwarden and KeePassXC is that the latter operates offline by default, while Bitwarden, just like LastPass, stores your data in the cloud. So the KeePassXC is more secure. The downside is that if you want to sync your data across multiple devices, you'll have to set up backup solutions and handle security on your own.

BitWarden can also be self-hosted. They provide installation scripts and a Docker image and all that. Preferably, if you have a server locally and a LAN, this is how you should be using BitWarden since it enables you to sync your passwords to all your other devices in the area, without even connecting to the internet in the process.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino

I deleted all my data as well as my Lastpass account as soon as I switched to another app, but I don't know if it was actually deleted from their servers, it's hard to know.

I did the same. But the thing is, if our data is already leaked (even if it's in encrypted form) it doesn't matter if LastPass deleted everything from their servers. The data is already out there!

Lastpass is also a reputable application, but the confusing thing is that in recent years they have been quite bad at protecting customer data. I say Lastpass is the worst because compared to other password managers, they are the most attacked. Currently I'm also using the free version of bitwardern but I see people mentioning kesspassXC quite a lot. Maybe I'll take the time to learn about it.

I believe the main difference between Bitwarden and KeePassXC is that the latter operates offline by default, while Bitwarden, just like LastPass, stores your data in the cloud. So the KeePassXC is more secure. The downside is that if you want to sync your data across multiple devices, you'll have to set up backup solutions and handle security on your own.
legendary
Activity: 2072
Merit: 1023
DGbet.fun - Crypto Sportsbook
Instead of relying on password managers or even an online note, find another option or way to keep your passwords or anything that is a credential to your accounts.

Personally, I use a password manager. It's convenient not having to remember passwords or use weak ones I can actually recall.  But I know everyone has their own system and not all are created equal from a security standpoint. I'm curious what your preferred method is and any password wisdom you'd share! How do you balance security and convenience when it comes to managing credentials?


If we only have a few passwords then we won't need a password manager but if we have hundreds of passwords to remember, then I don't believe anyone would not use any password manager. That's really hard to believe, and what's more, not every password manager is as vulnerable to hacking and as insecure as Lastpass. As some people have suggested like protonpass, bitwarden, KeepassXC...all are safe and worth using. But it's also important to note that extremely important things like seed phrases should absolutely not be stored there, avoid storing them online.
legendary
Activity: 2380
Merit: 2369
I don't use LastPass. I don't even keep important passwords in my browser's password manager.
All the important passwords are stored in my head. Grin
If the website is actually important it should have a 2FA feature as well, at that point even if you have the password you can't do much about it. Not sure what kind of memory you have but if your password are actual words it's not safe at all. If you are capable to remember several passwords made with random letters, numbers and special characters then kudos to you, that's impressive.
full member
Activity: 1302
Merit: 129
Vaccinized.. immunity level is full.
I am just coming across this news right now, and need i say that this is absolutely shocking? This is indeed shocking, as I myself have been a very active user of LastPass all through 2018 to (i think 2021), and even up until now, some of the passwords to my email addresses are still passwords obtained from LastPass.

I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.

I'm also a fan of Lastpass but this isn't the first time they've been hacked and their customer data stolen. Almost every year I hear about this password manager being hacked and I have given up on it since 2020 until now. It's the worst app I've ever used.

Well, I wouldn't exactly say LastPass is the worst app I've ever used, because it did many things right.  Their password generation and seamless integration with browsers was great.  But that's worthless if your private info gets compromised.

If you still use this password manager (or did in the past but reuse those passwords), the best course of action would be to switch to something like KeePassXC or KeePass2.  And change all the passwords LastPass saved, like right now.  If this news about hacked wallets connects to LastPass's hack last year there's no telling what other info could get exposed later.  Things may look okay today but your credentials are still at risk.


I deleted all my data as well as my Lastpass account as soon as I switched to another app, but I don't know if it was actually deleted from their servers, it's hard to know.

Lastpass is also a reputable application, but the confusing thing is that in recent years they have been quite bad at protecting customer data. I say Lastpass is the worst because compared to other password managers, they are the most attacked. Currently I'm also using the free version of bitwardern but I see people mentioning kesspassXC quite a lot. Maybe I'll take the time to learn about it.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
<...>
I'm curious what your preferred method is and any password wisdom you'd share! How do you balance security and convenience when it comes to managing credentials?


Turn on two-factor authentication (2FA) anywhere you can.  It doesn't take much time to set up but gives you way more security.  Also, regularly review and update your passwords. That's a good practice, imho.
member
Activity: 234
Merit: 50
Instead of relying on password managers or even an online note, find another option or way to keep your passwords or anything that is a credential to your accounts.

Personally, I use a password manager. It's convenient not having to remember passwords or use weak ones I can actually recall.  But I know everyone has their own system and not all are created equal from a security standpoint. I'm curious what your preferred method is and any password wisdom you'd share! How do you balance security and convenience when it comes to managing credentials?
full member
Activity: 1484
Merit: 136
★Bitvest.io★ Play Plinko or Invest!
That's why I don't ever trust even once in an online password manager. As an IT professional, I know the risk and danger of storing passwords or seed phrases in password managers. First,  of course, the application or website is being managed by other people; it of course has the risk of being breached or hacked. It is a common sense, especially now that hacking and scamming are prominent.


If you are a cryptocurrency holder and are storing seed phrases and passwords online, this is a wake-up call thanks to the topic, and op he discovered this news and posted it here immediately, so if you do that, then stop it right now, any minute, or anytime. We never know your passwords or valuable keys can be stolen by those who take advantage of the technology. Instead of relying on password managers or even an online note, find another option or way to keep your passwords or anything that is a credential to your accounts.
sr. member
Activity: 406
Merit: 443

A password manager selling its own vaults which leads to major losses for its own customers? That's a bit far fetched if you ask me, because if that were true, it would certainly mean the end of LastPass (if not already).
The code is closed source, so I can make any claim and it will be difficult to prove otherwise. Facebook has sold user data and still has growth in its user base. I am certain that if FTX returns to work, you will find some people willing to trust them again, and this is not the first time lastpass has been hacked may not be the last one


https://bitcointalksearch.org/topic/warning-password-manager-lasspass-has-been-breached-accessed-customer-data-5424994
Even opensouce option, you may need to add  a second layer of encryption
hero member
Activity: 1932
Merit: 535
Leading Crypto Sports Betting & Casino Platform
I remember someone in the forum suggesting Lastpass to use to secure their password way back years ago.   Luckily, I did not follow that suggestion.  For me, any online storage has a high possibility of getting hacked.  If it is secure today, we don't know if it is still secure in the next years.  Hackers are getting smarter by the day, if the security does not evolve then it is more likely that it can be breached one day.  Just like what happens in LastPass.

One lesson should be learned here, storing anything in cloud services is susceptible to hacking so we shoul avoid using this kind of service if we can.

I have always been a conscious person when it comes to online password backup. This is never a good option for anyone because the consequences can be bigger than what we ever seen. I don't even back up any of my important password or whatever on any password backup store or even on an email. If everything get hacked, we might lose access to our important accounts and portfolios that could worth so much than what we expected. The LastPass hacked had don an outrageous reactions to people that was affected and I hope those who knew this earlier would have transfer their funds from their actual wallets.

If you don't use any password storage apps, how can you remember all your passwords? How can you use it when you're on a business trip, vacation, or away and need to access a few personal accounts? I think very few people wouldn't use a password manager, and using them isn't necessarily a bad thing. It is important that we choose open source, trustworthy applications...and apps from Keepass are among the password managers worth using. Not all is bad.
sr. member
Activity: 1008
Merit: 262
Vave.com - Crypto Casino
I remember someone in the forum suggesting Lastpass to use to secure their password way back years ago.   Luckily, I did not follow that suggestion.  For me, any online storage has a high possibility of getting hacked.  If it is secure today, we don't know if it is still secure in the next years.  Hackers are getting smarter by the day, if the security does not evolve then it is more likely that it can be breached one day.  Just like what happens in LastPass.

One lesson should be learned here, storing anything in cloud services is susceptible to hacking so we shoul avoid using this kind of service if we can.

I have always been a conscious person when it comes to online password backup. This is never a good option for anyone because the consequences can be bigger than what we ever seen. I don't even back up any of my important password or whatever on any password backup store or even on an email. If everything get hacked, we might lose access to our important accounts and portfolios that could worth so much than what we expected. The LastPass hacked had don an outrageous reactions to people that was affected and I hope those who knew this earlier would have transfer their funds from their actual wallets.
sr. member
Activity: 588
Merit: 253
Yes, the last pass was really hacked last year in the month of December. But even though that happened, LastPass was still able to protect their customers' data using strong encryption, and it was not compromised as far as I know.

Maybe if there are still users who will use their last pass despite the events of the issue last year, it would be better for them to update their last pass accounts to the latest version. But if I'm the only one who can follow you, find someone else because there's already been a hole or it's still damaged somehow.

If Lasttpass can protect user data and it is not compromised then is the article the OP is referring to fake? If that article is not true, I believe Lastpass will object and even sue because it will ruin their reputation. There is no need to update to the latest version, but people using laspass should delete their account and all data on that app. To avoid worse accidents in the future. Lastpass is showing its weaknesses in the same area as other applications.
full member
Activity: 938
Merit: 108
OrangeFren.com
Yes, the last pass was really hacked last year in the month of December. But even though that happened, LastPass was still able to protect their customers' data using strong encryption, and it was not compromised as far as I know.

Maybe if there are still users who will use their last pass despite the events of the issue last year, it would be better for them to update their last pass accounts to the latest version. But if I'm the only one who can follow you, find someone else because there's already been a hole or it's still damaged somehow.
Pages:
Jump to: