Teams
Forum List
Toggle sidebar

Password Managers

Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
charlie_B said:
Every time I see this thread, I think, "who got hacked?" And without fail, almost every time, it is LastPass. lol

On a more serious note, I also use Bitwarden and like it.
Click to expand...

In this case it's really one big hack, of which more details keep coming to light over an extended period of time. But for sure, Lastpass is really showing to be both technically deficient and not very forthcoming about what happened.
 
simply1

simply1

Rec Center HOF
SuperFanatic
SuperFanatic T2
Jun 10, 2009
45,711
34,456
113
Pdx
Trice said:
This just keeps getting worse. If I'm reading this correctly, a subset of Lastpass customers affected by this breach basically had the entire contents of their accounts stolen, including encryption keys - which would make available full access to all their accounts to the hackers with this info in their possession. I hope Lastpass is communicating to affected customers directly because they've been pretty dodgy with the media.

www.cnet.com

Still Using LastPass? You Need to Do These 5 Things

Spoiler alert: One of those things is to find a new password manager.
www.cnet.com www.cnet.com
Click to expand...
I’m not seeing the encryption keys piece, where do you see that?
 
dmclone

dmclone

Well-Known Member
Oct 20, 2006
21,580
5,929
113
50131
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

 
  • Like
Reactions: Cyclonepride
Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
simply1 said:
I’m not seeing the encryption keys piece, where do you see that?
Click to expand...

My bad, I had a couple tabs related to that story open and assumed they had pretty similar content. Here is another story that specifically references the encryption keys, but I read it too quickly yesterday and left out some context.

It isn't known specifically that LastPass encryption keys were taken. But encryption keys from some of GoTo's (LastPass' parent company) other products were taken. While LastPass has not been confirmed to be among them, some of its users have complained that passwords that resided in their vaults were accessed and used, which would suggest that LastPass encryption keys were also taken in order to access these vaults.

So probably, but not confirmed. Given the way LastPass has botched this response, we'll see if that gets confirmed in another month or two.
 
  • Like
Reactions: simply1
Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
dmclone said:
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

Click to expand...


Can you give a quick summary? Curious if these things apply to Bitwarden specifically or all password managers.
 
dmclone

dmclone

Well-Known Member
Oct 20, 2006
21,580
5,929
113
50131
Trice said:
Can you give a quick summary? Curious if these things apply to Bitwarden specifically or all password managers.
Click to expand...
Just little tips like
Turn off Chrome password
Turn off Save and Fill address in Chrome
Create Profile in Bitwarden to pre-fill things like name, address, etc.
Decide how often to make you put in master password or use PIN instead
Check for data breaches
Change vault timeout

Most of the other tips I was already doing

Oh, instead of filling out the fields when creating a new account, do it inside of bitwarden instead.
 
  • Like
Reactions: Trice
Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
dmclone said:
Just little tips like
Turn off Chrome password
Turn off Save and Fill address in Chrome
Create Profile in Bitwarden to pre-fill things like name, address, etc.
Decide how often to make you put in master password or use PIN instead
Check for data breaches
Change vault timeout

Most of the other tips I was already doing

Oh, instead of filling out the fields when creating a new account, do it inside of bitwarden instead.
Click to expand...

All good suggestions. You really can use these as a personal database of sorts. Add photos of your driver's license, passport, personal info, etc. for easy reference at any time.
 
charlie_B

charlie_B

Well-Known Member
Mar 21, 2017
332
476
63
dmclone said:
Just moved to bitwarden. I'd recommend watching a tips/tricks on it. There were 3 or 4 things I never thought of doing that make sense and I would have probably never used them if i hadn't watched a video. This is the one I watched but there may be better ones out there.

Click to expand...

A good quote less than 30 seconds in: "it's long and something you've never used before" ;)
 
jdcyclone19

jdcyclone19

Well-Known Member
Apr 14, 2017
3,548
4,876
113
Iowa
I switched from last pass family to 1password family and have been very pleased with the switch. 1password works a lot more smoothly on websites and the autofill.
 
R

ricochet

Well-Known Member
SuperFanatic
SuperFanatic T2
Sep 4, 2008
1,916
1,393
113
Trice said:
My bad, I had a couple tabs related to that story open and assumed they had pretty similar content. Here is another story that specifically references the encryption keys, but I read it too quickly yesterday and left out some context.

It isn't known specifically that LastPass encryption keys were taken. But encryption keys from some of GoTo's (LastPass' parent company) other products were taken. While LastPass has not been confirmed to be among them, some of its users have complained that passwords that resided in their vaults were accessed and used, which would suggest that LastPass encryption keys were also taken in order to access these vaults.

So probably, but not confirmed. Given the way LastPass has botched this response, we'll see if that gets confirmed in another month or two.
Click to expand...
What is meant by “encryption keys” in this context? LastPass doesn’t have users master passwords and they can’t access people’s vaults even if they wanted to so I’m not sure what a hacker could get that would allow them immediate access. I think the danger is still just from brute force cracking. I guess the keys could be for data LastPass collects like names, addresses, credit cards, etc. but that was known already.
 
Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
ricochet said:
What is meant by “encryption keys” in this context? LastPass doesn’t have users master passwords and they can’t access people’s vaults even if they wanted to so I’m not sure what a hacker could get that would allow them immediate access. I think the danger is still just from brute force cracking. I guess the keys could be for data LastPass collects like names, addresses, credit cards, etc. but that was known already.
Click to expand...

Honestly, I'm not sure of the answer to your question. The way I read the story at first was that if hackers had the encryption keys they would be able to use them to easily decrypt encrypted information in users' vaults rather than wait while attempting to access accounts via brute-force attacks. But I also can't square that with the question you raise about how Lastpass shouldn't be able to gain access to the vault in the first place.

And to repeat, as of the story I linked to above, encryption keys for Lastpass itself have not been confirmed to have been stolen. That story infers that they were, however, because users are complaining of their accounts being accessed.
 
Bader

Bader

Well-Known Member
SuperFanatic
SuperFanatic T2
Jul 25, 2007
7,570
4,660
113
Ankeny
  • Winner
Reactions: ianoconnor
Trice

Trice

Well-Known Member
Apr 1, 2010
7,315
12,173
113
Bader said:
*Heavy sigh* should probably finally migrate this **** to Bitwarden
Click to expand...

I should have pointed out, if it wasn't already clear, this is not a new breach but continued fallout from last year's breach.
 
Jer

Jer

CF Founder, Creator
Feb 28, 2006
23,580
23,427
10,030
I've tried all of the main ones over the years and Bitwarden seems the easiest to have a shared folder with my wife (and actually gets her to use the damn thing). LastPass was great back in it's early years.
 
C

Clone83

Well-Known Member
Mar 25, 2006
5,074
1,075
113
Anyone use Proton Pass? Any thoughts?

proton.me

Proton Pass: Free password manager with identity protection | Proton

Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.
proton.me proton.me

I believe it is somewhat new.

Unlike browser-based password managers -- Safari, Edge, Firefox, Brave, Chrome, etc. -- it seems to work well (and more efficiently) and across all of these.
 
You must log in or register to reply here.

Latest posts

Help Support Us

Become a patron
Top Bottom