Bitcoin Forum>Other>Off-topic
Pages:
Author

Topic: LastPass - Notice of Recent Security Incident (Read 229 times)

Findingnemo
hero member
Activity: 2310
Merit: 757
Bitcoin = Financial freedom
LastPass - Notice of Recent Security Incident
August 28, 2022, 10:21:46 AM
#21
Quote from: NotATether on August 28, 2022, 08:14:14 AM
Quote from: Findingnemo on August 27, 2022, 11:18:03 AM
As a regular person I can't be able to remember 100s of passwords even 10s which is completely random combinations of characters so that is the reason why password managers exist. I do agree that storing password in an online server is not safe but what is the alternative? We need to learn encryption and decryption along with our own server to save all the data of us, and I am wondering is that thing is really possible?

LastPass premium user here. There's no way to export your passwords, so the only way to migrate to another platform is to copy and paste all the users and passwords - a tedious and error-prone process, and burns you out quickly if you have hundreds of passwords.

Copy paste is one of the unsecured way so it can't be a good choice however it there any real alternatives apart from trusting the third party service providers?

Like completely decentralized and offline something that can fit into this crypto era!
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: LastPass - Notice of Recent Security Incident
August 28, 2022, 08:14:14 AM
#20
Quote from: Findingnemo on August 27, 2022, 11:18:03 AM
As a regular person I can't be able to remember 100s of passwords even 10s which is completely random combinations of characters so that is the reason why password managers exist. I do agree that storing password in an online server is not safe but what is the alternative? We need to learn encryption and decryption along with our own server to save all the data of us, and I am wondering is that thing is really possible?

LastPass premium user here. There's no way to export your passwords, so the only way to migrate to another platform is to copy and paste all the users and passwords - a tedious and error-prone process, and burns you out quickly if you have hundreds of passwords.
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: LastPass - Notice of Recent Security Incident
August 28, 2022, 03:55:43 AM
#19
Quote from: Fivestar4everMVP on August 27, 2022, 07:02:35 PM
Well, I am guessing the email was not sent to every user of last pass as I personally did not receive any email from them , or maybe because my account have been dormant for quite some time now, I can't even remember the last time I logged in on the platform.
As TryNinja mentioned in his post, the email he received was marked as spam. Maybe your email landed in the spam folder as well and you simply deleted it alongside other spam emails. Check your deleted emails folder, maybe it's there.

Only a part of the database was allegedly breached. Maybe you are not on the list of potential victims. 
Fivestar4everMVP
legendary
Activity: 2226
Merit: 1049
Leading Crypto Sports Betting & Casino Platform
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 07:02:35 PM
#18
Well, I am guessing the email was not sent to every user of last pass as I personally did not receive any email from them , or maybe because my account have been dormant for quite some time now, I can't even remember the last time I logged in on the platform.

I will just hope that the issue isn't serious as they company said, and that users password database was not accessed by the hacker, otherwise, this could be very disastrous.
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 11:29:33 AM
#17
Quote from: Pmalek on August 27, 2022, 04:36:27 AM
That depends. What you just described is not as secure as it would be if you started with KeePass from scratch without using passwords that originate from other software. If LastPass stores passwords or vault information on a centralized server somewhere (encrypted or unencrypted), exporting and importing that data elsewhere would be like exporting your seed from a hot wallet and importing it into a cold wallet and considering it to be cold storage from now on. It isn't.
You can't simply stop using all those passwords at once because you will lose access to all your accounts.
That is why I said to import them all, and you can later change them one by one, if you think something is compromised with lastpass.
Data should be encrypted and not exposed but I would follow what happens next with lastpass case.

Quote from: ?? on ??
KeePassXC and KeePassDX aren't the only fork/modification of Keepass though. Keepass website also mention several fork at https://keepass.info/download.html.
Yeah sure, you can use any keepass fork you want, but it's best to pick something that is updated on regular basis.
Important thing that forks should be compatible with each other with file formats.
 
Findingnemo
hero member
Activity: 2310
Merit: 757
Bitcoin = Financial freedom
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 11:18:03 AM
#16
Quote from: DVlog on August 26, 2022, 01:55:54 PM
I think that is why I do not use a password manager. I keep my password in the safest place on earth(My mind). Though I do use an external device to keep my password safe in case I forget them which usually does not happens.

As a regular person I can't be able to remember 100s of passwords even 10s which is completely random combinations of characters so that is the reason why password managers exist. I do agree that storing password in an online server is not safe but what is the alternative? We need to learn encryption and decryption along with our own server to save all the data of us, and I am wondering is that thing is really possible?
Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 04:36:27 AM
#15
Quote from: hd49728 on August 26, 2022, 10:40:13 AM
A good password manager is not the one store your password on their servers.
...
However, if data stored on server, it can be breached.
All true, but if we can trust that the LastPass statement is true, the vault data is encrypted. Even if stolen, it still needs to be decrypted. But if/since there are better alternatives even to encrypted data storage, better use that.

Quote from: DVlog on August 26, 2022, 01:55:54 PM
I keep my password in the safest place on earth(My mind).
Let's hope the safest place on earth doesn't stumble and fall down the stairs or grows old and starts forgetting things. Wink

Quote from: dkbit98 on August 26, 2022, 03:24:40 PM
KeePass allows importing of CSV files import (export it from LastPass); than you can keep KeePass database locally on all your devices, use your own server for hosting, or  some cloud for that (less secure).
Simple, secure and easy to use.
That depends. What you just described is not as secure as it would be if you started with KeePass from scratch without using passwords that originate from other software. If LastPass stores passwords or vault information on a centralized server somewhere (encrypted or unencrypted), exporting and importing that data elsewhere would be like exporting your seed from a hot wallet and importing it into a cold wallet and considering it to be cold storage from now on. It isn't. That data was still stored in LastPass' environment and we don't know in what form and if anyone might have accessed all or parts of it.
lovesmayfamilis
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 03:44:47 AM
#14
Quote from: DVlog on August 27, 2022, 12:27:41 AM
Quote from: dkbit98 on August 26, 2022, 03:24:40 PM


Quote from: DVlog on August 26, 2022, 01:55:54 PM
I think that is why I do not use a password manager. I keep my password in the safest place on earth(My mind). Though I do use an external device to keep my password safe in case I forget them which usually does not happens.
If your mind is your safest place than you are just a time ticking bomb waiting to explode, and it's impossible to remember hundreds of passwords, but maybe you are using one more revolutionary (bad) thing - one password for all websites  Tongue

It's not the same for all but a few have a similar password and I can remember all of them because I made them in such a pattern that only I can figure out what that password could be.

It is always important not to overestimate your strengths. Underestimating is a motivation for development, but being confident in one's own memory is really a bomb. A strong password is always one that a person cannot learn because of its complexity. You probably understand that using the brute method, hackers can quickly pick up a password that does not contain sufficient protection. 
But relying on your brain has been proven to be a  weak defense.

DVlog
full member
Activity: 476
Merit: 212
Tontogether | Save Smart & Win Big
Re: LastPass - Notice of Recent Security Incident
August 27, 2022, 12:27:41 AM
#13
Quote from: dkbit98 on August 26, 2022, 03:24:40 PM


Quote from: DVlog on August 26, 2022, 01:55:54 PM
I think that is why I do not use a password manager. I keep my password in the safest place on earth(My mind). Though I do use an external device to keep my password safe in case I forget them which usually does not happens.
If your mind is your safest place than you are just a time ticking bomb waiting to explode, and it's impossible to remember hundreds of passwords, but maybe you are using one more revolutionary (bad) thing - one password for all websites  Tongue

It's not the same for all but a few have a similar password and I can remember all of them because I made them in such a pattern that only I can figure out what that password could be.
NeuroticFish
legendary
Activity: 3500
Merit: 6205
Looking for campaign manager? Contact icopress!
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 03:54:23 PM
#12
Quote from: TryNinja on August 26, 2022, 09:59:08 AM
Meanwhile I received a "Failed login attempts detected" email warning from Bitwarden 2 days ago, maybe related to this? Sad

I didn't get any mails from Bitwarden, so I'd guess that somebody may have been indeed trying your account at Bitwarden.
So it's not related to OP issue. And I also recommend OP switching to Bitwarden.
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 03:24:40 PM
#11
Quote from: FatFork on August 26, 2022, 01:06:11 PM
Honestly, I have been thinking about alternatives to LastPass for some time. KeePass is a logical choice, but the only thing that's holding me back so far is the fact that I want to use LastPass on multiple platforms. I still have to explore reliable options to do this with a KeePass password manager.
KeePassXC for all desktop OS (LIN,MAC,win), KeePassDX for AndroidOS, there are extensions for Firefox and Chrome browsers, and you just need to remember (and backup) one master password.
KeePass allows importing of CSV files import (export it from LastPass); than you can keep KeePass database locally on all your devices, use your own server for hosting, or  some cloud for that (less secure).
Simple, secure and easy to use.

For all other open source alternatives you can check here:
https://alternativeto.net/software/lastpass/?license=opensource

Quote from: DVlog on August 26, 2022, 01:55:54 PM
I think that is why I do not use a password manager. I keep my password in the safest place on earth(My mind). Though I do use an external device to keep my password safe in case I forget them which usually does not happens.
If your mind is your safest place than you are just a time ticking bomb waiting to explode, and it's impossible to remember hundreds of passwords, but maybe you are using one more revolutionary (bad) thing - one password for all websites  Tongue
DVlog
full member
Activity: 476
Merit: 212
Tontogether | Save Smart & Win Big
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 01:55:54 PM
#10
I think that is why I do not use a password manager. I keep my password in the safest place on earth(My mind). Though I do use an external device to keep my password safe in case I forget them which usually does not happens.
FatFork
legendary
Activity: 1568
Merit: 2581
Top Crypto Casino
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 01:06:11 PM
#9
Quote from: dkbit98 on August 26, 2022, 09:56:13 AM
Quote from: FatFork on August 26, 2022, 08:14:24 AM
This morning, I received a notification to my email address about a security incident involving the LastPass password manager. Here is the notice in full
Compromised developer is the problem, but nothing was breached allegedly... sorry but I don't trust them Cheesy
Switch from LastPass to KeePass and you wont' receive any email ever, but you will be only responsible person if you lose your backup and login details.
KeePass is open source and it's available on all operating systems and for AndroidOS (keepassDX), they even accept Bitcoin and other crypto donations.

I can't help but feel the same way. It will be interesting to see what an independent investigation will reveal at the end (of course, if there is one).

Honestly, I have been thinking about alternatives to LastPass for some time. KeePass is a logical choice, but the only thing that's holding me back so far is the fact that I want to use LastPass on multiple platforms. I still have to explore reliable options to do this with a KeePass password manager.
BitMaxz
legendary
Activity: 3234
Merit: 2943
Block halving is coming.
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 11:22:36 AM
#8
I never trust any of these extensions in my browser to auto-fill all sites that I always visit. If you have some sites that involve money always memorize your password because it's not safe if you let your password save to a plugin/extension like Lastpass I never trust any of these memorizing them is always safe.

If your reason is that you forgot the password why not make a backup by writing them on a piece of paper and put it in your wallet or anywhere safe? actually, most of the websites right now have "forgot password recovery" where you can able to reset your password through SMS or email verification so it won't be a problem if you forgot the password.
PowerGlove
hero member
Activity: 510
Merit: 3981
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 11:13:14 AM
#7
Remember, using a service like LastPass exposes you to risks that can be avoided by using a good offline password manager, like KeePassXC [1].

Different strokes for different folks and all that, but I would never trust a closed-source "online" password manager, especially when there are such great alternatives available.

Also worth noting that KeePassXC is a community fork of KeePassX (now unmaintained) which was a cross-platform port of the original KeePass.

It being included by default in a security-focused Linux distribution like Tails gives me some confidence that it's trustworthy.

[1] https://en.wikipedia.org/wiki/KeePassXC
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 10:51:38 AM
#6
Quote from: lovesmayfamilis on August 26, 2022, 10:29:47 AM
It is also interesting that the hack was about two weeks ago, but only today this information was launched in the news.

I wonder if people using the service were given warnings in advance of the news to try to mitigate any hacks before this was published in the news.

I'd assume they were trying to hide that the hack actually took place given these circumstances, although if they just didn't notice it, there might be more news to follow.
hd49728
legendary
Activity: 2044
Merit: 1018
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 10:40:13 AM
#5
Quote from: lovesmayfamilis on August 26, 2022, 10:29:47 AM
The most popular password manager has been subjected to technical data theft, but this will surely lead to an outflow of users due to a loss of trust. It is also interesting that the hack was about two weeks ago, but only today this information was launched in the news. Although there are no dangers to disclosing user data, this is unfortunately not the first story when the work of this manager has been called into question.
A good password manager is not the one store your password on their servers.

All should be stored in your devices and if you lose that device or you don't have backup, you lose your passwords. No one can hack your password from password manager if you don't let your device infected.

However, if data stored on server, it can be breached.
lovesmayfamilis
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 10:29:47 AM
#4
The most popular password manager has been subjected to technical data theft, but this will surely lead to an outflow of users due to a loss of trust. It is also interesting that the hack was about two weeks ago, but only today this information was launched in the news. Although there are no dangers to disclosing user data, this is unfortunately not the first story when the work of this manager has been called into question.

https://appleinsider.com/articles/21/12/28/lastpass-master-passwords-may-have-been-compromised
TryNinja
legendary
Activity: 2758
Merit: 6830
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 09:59:08 AM
#3
Thanks, somehow this email was market as a spam for me. Meanwhile I received a "Failed login attempts detected" email warning from Bitwarden 2 days ago, maybe related to this? Sad

(I haven't used LastPass for years, but my account is still there - inactive)
dkbit98
legendary
Activity: 2212
Merit: 7064
Cashback 15%
Re: LastPass - Notice of Recent Security Incident
August 26, 2022, 09:56:13 AM
#2
Quote from: FatFork on August 26, 2022, 08:14:24 AM
This morning, I received a notification to my email address about a security incident involving the LastPass password manager. Here is the notice in full
Compromised developer is the problem, but nothing was breached allegedly... sorry but I don't trust them Cheesy
Switch from LastPass to KeePass and you wont' receive any email ever, but you will be only responsible person if you lose your backup and login details.
KeePass is open source and it's available on all operating systems and for AndroidOS (keepassDX), they even accept Bitcoin and other crypto donations.
Pages:
Bitcoin Forum>Other>Off-topic
Jump to: