Pages:
Author

Topic: {Warning}: Vulnerabilities found on password manager LassPass - page 2. (Read 426 times)

legendary
Activity: 2758
Merit: 6830
Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.
So you just repeat your passwords in most websites? This doesn’t seem like the best solution.

Just don’t use any web cloud hosted password manager. Keepass - as suggested above - is pretty good (open source, offline, old enough, etc). If anything, memorize your handful of services and use the password manager for those you don’t care. You don’t care anyways, but at least maintain some security.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
Is it unfashionable to say I don't trust any password manager?

There are only a handful of services where I need proper security and in that case they all have proper passwords that I've memorised. I couldn't care less about all the other ones.
legendary
Activity: 2506
Merit: 1394
Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.
And Password Safe also which open-sourced password manager same as KeePass.
I created a short tutorial/information before on KeePass password manager here and for Password Safe here.

If we really don't need a password manager or not really required then much better to avoid it, it is really risky especially when you are using those have subscription fees.
staff
Activity: 3500
Merit: 6152
Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.

Or, as a better solution, we can all stop using online services to store our passwords and use something like KeePass instead.
legendary
Activity: 2576
Merit: 1655
Google's project Zero recently revealed that anyone using LassPass is prone to vulnerabilites.



https://twitter.com/taviso/status/1173401754257375232

Good thing though, the people behind LassPass fixed the bug as confirmed here:

https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Quote

Our team recently investigated and resolved a bug affecting certain LastPass extensions. Tavis Ormandy, a security researcher from Google’s Project Zero, responsibly disclosed the issue to us. His report revealed a limited set of circumstances on specific browser extensions that could potentially allow an attacker to create a clickjacking scenario.

We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.  

Additionally, while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, we’ve deployed the update to all browsers.


https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Anyways for those LassPass users here who haven't heard about the potential exploit, it's better if you could change your password as a precaution. No need to update though, everything is automatic as per LassPass. But as I have said, better take a look at it and take safety measures.

Edit: Chrome and Opera are the only browsers being affected as per article.
Pages:
Jump to: