LastPass compromised – change your master password

And to think I was going to try using last pass a few days a to, but thought it was ultimately a big security risk.
 
LastPass is still one of the best password managers out there.

Security breaches is an eventuality for everything in today's world.

Change your master password, generate a new hash, and move on with your life.
 
Take note, my multifactor authentication had been disabled inside LastPass.
 
I'm using Keepass with the windows, linux and android clients along with dropbox+dropsync (for android) and it's working great.
 
I'm using Keepass with the windows, linux and android clients along with dropbox+dropsync (for android) and it's working great.

Dropbox also had been compromised in the past where Keepass (and other variant) databases had been exposed.
 
])ragon_\/oid;15425392 said:
And to think I was going to try using last pass a few days a to, but thought it was ultimately a big security risk.

All your passwords are decrypted client-side with your master password. The master password is never shared with LastPass. It's probably fine dude. They're asking people to change the master password as a precaution.
 
Dropbox also had been compromised in the past where Keepass (and other variant) databases had been exposed.

As long as you use a good password you're fine. You can also go one step further and place the db in a truecrypt container (or even nested truecrypt containers if it's necessary) with a different password. You can also combine the db password with a private key. Such a strategy can be far more secure than any online password service, and does not require you to trust Dropbox anyway.
 
I just started using lastpass a couple days ago. Ai, back to offline for me thx
 
Yeah, read the article.

As long as you haven't used your master password on any other site you should be fine.
 
Hehehe, many peeps so called this, a few months ago.
They've had scares before, but their response has always been top notch so not really worried.

Plus I don't have any hardcore passwords on there anyway...even if fully decrypted it can't cause more than a couple k damage.
 
1Password and 2FA on sites where it is supported.

http://www.macrumors.com/2015/06/17/ios-osx-cross-app-keychain-security-flaw/

'We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps'
The affected apps and services include iCloud, Gmail, Google Drive, Facebook, Twitter, Chrome, 1Password, Evernote, Pushbullet, Dropbox, Instagram, WhatsApp, Pinterest, Dashlane, AnyDo, Pocket and several others.
 
http://www.macrumors.com/2015/06/17/ios-osx-cross-app-keychain-security-flaw/

'We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps'
The affected apps and services include iCloud, Gmail, Google Drive, Facebook, Twitter, Chrome, 1Password, Evernote, Pushbullet, Dropbox, Instagram, WhatsApp, Pinterest, Dashlane, AnyDo, Pocket and several others.

I read that last night and thought :sick:. Well, let's hope that the apps we are running are not compromised. I think anyone who has a jailbroken their iOS devices should probably be more worried. I really only have a handful of apps on the various devices and I doubt that any of those are compromised/stealing information.
 
I read that last night and thought :sick:. Well, let's hope that the apps we are running are not compromised. I think anyone who has a jailbroken their iOS devices should probably be more worried. I really only have a handful of apps on the various devices and I doubt that any of those are compromised/stealing information.

I was actually thinking of buying 1password yesterday..:D

edit: response from 1password:
https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/
 
Last edited:
Back
Top