LastPass Vulnerability Exposes Account Details

Discussion in 'privacy problems' started by markedmanner, Feb 27, 2011.

Thread Status:
Not open for further replies.
  1. markedmanner

    markedmanner Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    134
    Details on this here: https://grepular.com/LastPass_Vulnerability_Exposes_Account_Details

    I have never really liked the whole idea of Lastpass anyway. The idea of my passwords encrypted or not being stored in a "cloud" = bad idea for me. I use keepass but I have my keepass database saved on a networked shared hard drive so that I can sync my passwords on all my computers easily. My question is is this safe? or should I be worried about an exploit that could access my passwords possibly? My home network is behind a firewall. Would I be better just saving the keepass database locally on my computer or is syncing with a network shared hard drive safe?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Wow, great that it's reported and fixed quickly.

    As for your KeePass question, make sure it's encrypted with a secure algorithm.

    I like LastPass, because it's very convenient for me, and works everywhere.
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I don't like the idea of keeping the password for your online bank account ( or some other important info) on a website that you can only access only if you have web access and what if you lose your job or some other thing and can't afford to pay for web access in todays economy this can happen.
     
  4. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    2011-02-27_221249.png

    Looks like you havent even used LastPass before, Please educate yourself by visiting the Lastpass website, your Data is also stored in an encrypted file on your Computer using 256-bit AES Encryption, they also have Portable versions you can install on a USB to work with Firefox Portable or Crome Portable..... The reason passwords are stored encrypted on their servers is so that you can access your passwords anywhere, and if your HD crashes and you dont Backup to an external drive then you always have a backup of your lastpass data you can access and or restore to another computer....

     
  5. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I use Lastpass and have been for a year or so. The best thing about Lastpass is that there are many options. I use multifactor authentication in Lastpass so that my data is protected if there are unfortunate eventualities in LP's security.

    There are multiple types of multifactor authentication that LP offers and they are all nice such as the usb key fob and the grid.
     
  6. senlamy

    senlamy Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    6
    Wow.. scary. That is why I use offline Sticky Password.
     
  7. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    How do you propose to do your online banking if you don't have web access?? :)
     
  8. wat0114

    wat0114 Guest

    I'd be lost without LastPass. It's a saviour for me :)
     
  9. tlu

    tlu Guest

    Yep, same here ;)

    They have implemented several security improvements. Nevertheless, as a Firefox user it's always wise to use Noscript with its XSS protection. BTW: Noscript adds HSTS to FF 3 whereas FF 4 supports that by default.
     
  10. wat0114

    wat0114 Guest

    Between home and work, just too many passwords for me to remember :)

    NoScript is working out great for me, as opposed to past usage where I gave up too quickly and uninstalled it. I make good use of the middle-click WOT lookup feature to aid me in my decision making :thumb:
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You don't have to use LastPass (or any other password manager) on those accounts.
     
  12. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I use keepass .
    @warlockz No I never have used LastPass before.
     
  13. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Me too. I have been using it for a while now and it has become one of my favorite Firefox addons.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Password service locks out hackers:
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I use Sticky Password as well. By far the most convenient password manager I have tried. You couldn't pay me to keep my passwords online.
     
  16. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    474
    I use it too... and there is a free limited version ..see if you like it.
    http://www.stickypassword.com/products
     
  17. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    me to love lastpass, email them of any issues they are great !. I love the fact i can go to any pc, install it and there is all my passwords!:D :D :D :D
     
  18. tlu

    tlu Guest

    Looks interesting, but unfortunarely it's not available for Linux which I'm using.

    Regarding the recent LastPass XSS hole and a comment by Steve Gibson see also this posting of mine.
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    http://krebsonsecurity.com/2011/05/lastpass-forces-users-to-pick-another-password
     
  20. GT7697C

    GT7697C Registered Member

    Joined:
    May 5, 2011
    Posts:
    2
    Thanks for posting this. Read it this morning and read the updates to it this afternoon. WOW. They are getting slammed, as everyone off loads their passwords.

    Wonder if they will post what their anomalies were? was or will just sweep it under the rug.

    ---

    So KeePass is the general consensus?
    How do you get it to autologin as sleekly as LastPass?
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  22. tlu

    tlu Guest

  23. GT7697C

    GT7697C Registered Member

    Joined:
    May 5, 2011
    Posts:
    2
    Having tried LastPass, there is no prompt from the program concerning what Password you select. In fact it will gleefully accept any password you put in it. While I know many that would know better I equally know many that wouldn't know a Strong Password from a Weak Password. So a prompt from the program itself would be a nice benefit going forward.

    Saw this link on another forum, CEO explains possible leak,

    http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html
     
  24. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    How about you "security experts / paranoid people" stop being lazy to type-in your passwords and stop using all sort of "unbreakable" password containers. Keep the password in your head, yes even if it is complicated to remember. If you are afraid of key-loggers, use onscreen keyboards. I never understood this concept of having 100+ security applications on a machine because some "NSA people" might want to inspect what kind of adult stuff you have on it and what pirated music you listen to, but when it comes to passwords then the paranoid ones find it sooo convenient to have something typing their passwords for them.
     
  25. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    +1. :thumb:
     
Loading...
Thread Status:
Not open for further replies.