{Warning}: Vulnerabilities found on password manager LassPass - page 2.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: gentlemand on September 18, 2019, 05:11:31 AM

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.

So you just repeat your passwords in most websites? This doesn’t seem like the best solution.

Just don’t use any web cloud hosted password manager. Keepass - as suggested above - is pretty good (open source, offline, old enough, etc). If anything, memorize your handful of services and use the password manager for those you don’t care. You don’t care anyways, but at least maintain some security.

gentlemand

legendary

Activity: 2590

Merit: 3014

Welt Am Draht

Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.

GreatArkansas

legendary

Activity: 2338

Merit: 1354

Quote from: OmegaStarScream on September 18, 2019, 03:06:31 AM

Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.

And Password Safe also which open-sourced password manager same as KeePass.
I created a short tutorial/information before on KeePass password manager here and for Password Safe here.

If we really don't need a password manager or not really required then much better to avoid it, it is really risky especially when you are using those have subscription fees.

OmegaStarScream

staff

Activity: 3500

Merit: 6152

Quote from: Baofeng on September 18, 2019, 03:00:14 AM

Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.

Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.

Baofeng

legendary

Activity: 2576

Merit: 1655

Google's project Zero recently revealed that anyone using LassPass is prone to vulnerabilites.

https://twitter.com/taviso/status/1173401754257375232

Good thing though, the people behind LassPass fixed the bug as confirmed here:

https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Quote

Our team recently investigated and resolved a bug affecting certain LastPass extensions. Tavis Ormandy, a security researcher from Google’s Project Zero, responsibly disclosed the issue to us. His report revealed a limited set of circumstances on specific browser extensions that could potentially allow an attacker to create a clickjacking scenario.

We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.

Additionally, while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, we’ve deployed the update to all browsers.

https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.

Topic: {Warning}: Vulnerabilities found on password manager LassPass - page 2. (Read 408 times)