LastPass hacked

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

 

LOL, this is getting embarrassing. I do wonder what type of security software they are using to protect their servers and data.

 

https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

 

I tried to change my master password and I got a message that the system was over loaded and to try again later so I deleted the account which took me 6-7 tries.

I keep all my passwords on a usb stick for emergencies.

 

I just hope they implement a better security strategy than what they have now, One that can hopefully prevent such thing's from happening.

 

This article gives some clues.

http://www.pcmag.com/article2/0,2817,2486089,00.asp

 

Password changed.

 

Any suggestions on alternatives?

Sans a good recommendation I'll move to KeePass.

 

Someday soon we'll just need a list of sites that have NOT been hacked. It'll be easier to keep track.

 

Funny that I already moved my important passwords to an offline platform... 2-Factor should be enough until I change the password.

 

Been trying Keepass for a few days. It's good with the Firefox plugin. Roboform is ultimate, and cheap at present. LastPass is.... Last. Too many incidents out of your control.

 

I was just trying it with Chrome and it's not a good experience with the extension I used. There is another to try.

 

chromeIPass

 

Any users of 1Password? I read good reviews on net but since it's time to move from lastpass I would like to know our forum member's opinions on this and other alternatives.

 

Thanks, I ended up using the other one though.- CKP. ChromeiPass requires a plugin?

Anyway KeePass does seem like a good option.

 

Been using Keepass for years and its really simple and easy to use. I highly recommend it.

 

password changed.

 

Good info here and why we should not be worried:

https://www.reddit.com/r/Android/co...s_was_breached_master_password_hashes/cs7o3k7

 

You don't need extensions, just forget the too easy way of LastPass and similar.
You can also sync with Keepass using Dropbox.

 

Good post - that's how I see it, too. Besides, I'm using 100,000 PBKDF2 rounds. There is simply no way right now how those intruders could decrypt my master password. Nevertheless, I've changed it as an additional safety measure using the Diceware word list.

 

And you really think that's on par with Lastpass security-wise? I don't.

 

I did too, but this morning I have increased to 130k.

 

Ditto!
My Keepass is also in an AppVM that is isolated from the network.

I always have mixed feelings about cloud services and things like that. I don't like storing sensitive data on servers I don't or might not have access to.

 

Hacked servers, including security companies are becoming daily news. Services like these are high value targets. It amazes me that the people who worry about the theft of personal info and data from other companies servers would put their most sensitive data (passwords) on a server outside of their control. There's no way I'd put my passwords online. I'd rather deal with a little inconvenience than take that risk.

 

Changed my password, however I am now looking into switching to 1password or Keepass as both are supposed to store passwords locally