Author

Topic: [Warning]: Password Manager LassPass has been breached, accessed customer data (Read 299 times)

hero member
Activity: 2562
Merit: 607
Another transcendent example of the issues of centralization, shows how Bitcoin's not your keys, not your coin expands to other things such as passwords.  Guess you can say the same for money in the bank, if you exceed the FDIC limit and the bank failed.
hero member
Activity: 2520
Merit: 952
I like that they are transparent  Tongue
sr. member
Activity: 1764
Merit: 260
Are password managers really safe to use?
If it is safe to keep our passwords in a password manager then which one is the best?
I usually keep my passwords in a personal diary, but it is very hard to find out a password next time.
How you keep secure your passwords?
It depends on what extent you are referring to the concept of being "safe". Logically, we should all be aware that all system can have their side which can be vulnerable for such attacks, so just like what we heard from a movie, "No System is Safe". Technology evolves. Security are becoming more secured. Meanwhile, hackers also becoming more skilled and knowledgeable.
So if you do not want your passwords being stored to service like this, then so be it, do not use the service.
hero member
Activity: 2520
Merit: 783
Never trust your important information on any platform even though they say they are totally secured from possible breach. Those incident recently happen to it is a reminder that no other more safer than storing your passwords or private key on offline storage like notebooks or any other things where you can write it safely. Although many says that it has possibilities that someone will stole it but if you are know how to safe keep those info's for sure you will not get compromised.
newbie
Activity: 2
Merit: 0
 Hi,
I use NordPass password manager to help me remember my passwords. So I thought you might find it helpful too.
You can try NordPass Premium for 1 month with my referral code: 9&!969
Get NordPass Premium https://join.nordpass.com/order/redeem/
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
Cloud storage is the worst of them all, either they claimed to be centralised or decentralised it doesn't matter, Cloud storage is not safe and anyone related to crypto must stay away from such projects.
Don't trust anyone.
Don't trust any third party service.

If you can backup your wallet, keys, seeds, passwords by yourself, offline without additional softwares, you should do it.

You believe in yourself and self secure your vulnerable information. Good enough to not share it to anyone, any third party service.

Cloud service is one of third party services and sure you can not trust them 100%.
sr. member
Activity: 952
Merit: 275
Cloud storage is the worst of them all, either they claimed to be centralised or decentralised it doesn't matter, Cloud storage is not safe and anyone related to crypto must stay away from such projects.

The only thing worth storing on cloud storage is music and videos
member
Activity: 1191
Merit: 78
Every password manager has its cons and pros. There are much more chances for account breaches on Chrome password manager because Chrome pass manager is linked to a Google account.
Firefox on the other hand. Your passwords are encrypted locally by Firefox. It utilizes a login directory in your user profile but a keylogger is enough to access your password.

The old-fashioned way as mentioned by Lucius is still the best.
legendary
Activity: 1596
Merit: 1288
Why do people need to use third-party password manager, Firefox has the ability to manage passwords and synchronize between them, and there are many open source methods, but I do not believe that these tools are useful.

Let's see the procedures they will use, but if there is no radical change in how passwords are managed, then I will accuse them of selling that data.
staff
Activity: 3332
Merit: 4117
not your keys… ah oops this time is with passwords! Roll Eyes
I would also add as a suggestion that it is always good practice to set up a 2FA two-factor authentication system, it's the best solution to avoid these issues even in case of data breach.
Another good point is a notification for any access + restoring data from keys (if allowed) + email for reset password.
Depends what's included in the data breach, and how two factor authentication is implemented. There's been leaks where the tokens which allow users to bypass two factor authentication have been leaked. This is generally not a good security practice in general, but it has been known.

As for two factor authentication, that also depends on how it's implemented. If you're relying on other online authentication methods, then you could be in the same boat if they were breached. Physical keys, which you can then use open source software to do a authentication request yourself is the way to go, but most services/websites don't support it.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
not your keys… ah oops this time is with passwords! Roll Eyes
I would also add as a suggestion that it is always good practice to set up a 2FA two-factor authentication system, it's the best solution to avoid these issues even in case of data breach.
Another good point is a notification for any access + restoring data from keys (if allowed) + email for reset password.
staff
Activity: 3332
Merit: 4117
P.S. This is not an advertisement. I am not agitating anyone to use the password manager I mentioned. As they say, DYOR.
Although, if someone does indeed want to use a password manager, please make sure it's a open source, verified, and offline password manager. The way Lastpass do it introduces additional risks compared to Keepass. That said, there are additional password managers out there that aren't Keepass, and satisfy the above criteria.

I generally think password managers are good for specific needs, but not for storing everything that's for sure.
legendary
Activity: 2212
Merit: 7064
Just a heads up for those who are using LastPass as Password Manager, this is the second time that they have been breached though, so that is not a good record to begin with.
I hope everyone switched from LassPass last time they had breach like this, since there are so much better options that are open source, like KeePass for example.
Hacks like this are certain to happen to any centralized websites, it's just matter of time when, even if LassPass could claim that everything is encrypted and safu, I don't trust them.
Few more open source alternatives other than KeePass are Bitwarden, KeeWeb, LessPass, Buttercup, and few KeePass forks.
Some of this alternatives are accepting Bitcoin (and other coins) donations, and that is always good to hear,

 
staff
Activity: 2436
Merit: 2347
Are password managers really safe to use?
If it is safe to keep our passwords in a password manager then which one is the best?
I usually keep my passwords in a personal diary, but it is very hard to find out a password next time.
How you keep secure your passwords?

I have been using KeePass password manager for fifteen years now, and I have never had a problem with keeping my passwords and important data secure. It is an open-source password manager.

P.S. This is not an advertisement. I am not agitating anyone to use the password manager I mentioned. As they say, DYOR.
newbie
Activity: 3
Merit: 0
Are password managers really safe to use?
If it is safe to keep our passwords in a password manager then which one is the best?
I usually keep my passwords in a personal diary, but it is very hard to find out a password next time.
How you keep secure your passwords?
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
I don't understand why we have to spend money and use password manager software with risk of leaking our passwords.

We don't like centralized services because we don't control our keys, our seeds or we have access to them but we are not only one who have that access.

So why do we like to give another company with many staffs access to our password?

LastPass is available at no cost, and all essential functions are available in the free version (for a limited number of devices). Besides, read how LastPass works and what the "Zero Knowledge" architecture means. Neither the company nor any third party has access to your passwords. (Not that I condone any kind of data leakage from centralized services like this.)



Honestly, I've been thinking about alternatives to LastPass for some time. KeePass is a logical choice. It's a free, open source password manager, and it has a lot of great features and security. But KeePass has some downsides too. It's not perfect and it's not as easy to use as LastPass. The interface is unintuitive, and I worry that it will take too much time to learn. It has basic support for syncing with a cloud service (with some caveats), but nothing as advanced as LastPass. But, you won't have to worry about being hacked by bad actors or losing access to your data if the company goes out of business.

sr. member
Activity: 1400
Merit: 273
I don't understand why we have to spend money and use password manager software with risk of leaking our passwords.
I also do not understand it. I imagine people specially the older ones that are less tech-savvy which includes business owners, CEOs, and managers are alarmed when a marketing from a password managing company informs them of the hazards and perils associated with having their devices compromised. It is all about the marketing. Thanks to them, Lastpass had a revenue of $200 million last year.

We don't like centralized services because we don't control our keys, our seeds or we have access to them but we are not only one who have that access.

So why do we like to give another company with many staffs access to our password?

No one in bitcointalk is probably a subscriber to these password management programs. How peculiar it would be if a bitcoin enthusiast paid for it.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
I don't understand why we have to spend money and use password manager software with risk of leaking our passwords.

We don't like centralized services because we don't control our keys, our seeds or we have access to them but we are not only one who have that access.

So why do we like to give another company with many staffs access to our password?
legendary
Activity: 3472
Merit: 3217
Happy New year 🤗
I never used such software or plugins that save password or any sensitive information that's riskier than memorizing your password and use it daily or making a paper backup and putting them in your wallet is always the safest.

I always use a browser in incognito mode or a firefox private browser to avoid leaks of my sensitive info and password because screen recording or print screens are blocked even in my phone browser you can't screenshot in incognito mode.

Like others said all sensitive information like passwords shouldn't be saved to other software like last pass or the built-in password manager in chrome.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
Keeping your passwords to yourself and not trusting other programs is more profitable than regularly being nervous about such stories, which are already very often repeated.
At the very least, you will only blame yourself if you miss something in your saves.
But as for LastPass, it is probably enough to trust this office, which not only does not care about its security but also lies to its customers. Today, they claim that the leak was due to the August events. Although in August they assured everyone that they double-checked everything.
Will they tell clients what they lost this time, or will they come up with an excuse again, afraid that people will no longer trust them?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Someone may call me old-fashioned, but the only password manager I used was the one in the browser, but I gave it up because I simply don't believe that such sensitive information should be accessible to hackers - and as we can see, it happens all the time. Paper and multiple copies of passwords are still much safer for me, with of course the constant vigilance of not infecting the computer with a keylogger or becoming a victim of phishing.
hero member
Activity: 1526
Merit: 555


https://twitter.com/LastPass/status/1598047380305104896

Just a heads up for those who are using LastPass as Password Manager, this is the second time that they have been breached though, so that is not a good record to begin with.

Quote
We are working diligently to understand the scope of the incident and identify what specific information has been accessed. In the meantime, we can confirm that LastPass products and services remain fully functional.

https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/

So again, it's better to make sure that we will not be affected specially if we are user of this product, change your password specially on our crypto related wallets or our master password.


Jump to: