LastPass hacked

Discussion in 'other security issues & news' started by Nanobot, Jun 15, 2015.

  1. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    I'd much rather plug-in a specialized thumb drive or use a keyfile as a second layer over using my mobile device. I don't use two factor authentication myself as I tend to create separate accounts for each of my devices. For example, my Google account on my android smartphone is the same as my main google account on my desktop. I maintain unique pseudo identities for each device and don't connect to the same networks. But I'm a-typical. The average consumer would benefit from two-factor authentication and I agree it should be a mandatory. Though, I'd like to see more options.

    I store mine on a portable medium and only access my password manager when absolutely necessary. Otherwise, I try not to keep stuff stored locally. I think air-gap measures are still important to security, even if some hypothetical governmental agency has figured out how to get passed certain air gap measures. But I'd image that a lot of folks feel safe keeping it stored locally, especially since they can setup a long passphrase and/or keyfile to further restrict access. Coming from an information security perspective, physical access to a system and password database is never a good idea. No matter how secure your think the encryption and setup might be. But to each their own I guess.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    An update on the hack that I have not seen published in here.

    https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I assume they want to further secure the data that was accessed in the hack with dedicated hardware more resilient to tampering. These devices can be configured for that. I am not sure we will ever discover the "what" and the "how", for obvious reasons. :) No, I don't see how this can be a solution for individuals.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.