all these password managers have been breached in the last few years , so choosing 1 over the other is a waste.There is a list of +-4 well known products.Iam busy looking into azure key vault and see how it compares to these other products.
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Do you think Bafana Bafana will win tonight?
LastPass hacked and source code stolen
- Thread starter Hanno Labuschagne
- Start date
-
- Tags
- lastpass password manager
backstreetboy
Honorary Master
- Joined
- Jun 15, 2011
- Messages
- 49,397
- Reaction score
- 56,416
Until the dongle is gone / stolen / dies.
Vorastra
Honorary Master
Weird that there's people saying that this is no biggy.
Point of entry was a developer account that was compromised...
Point of entry was a developer account that was compromised...
Vorastra
Honorary Master
Weren't you the oke going on about perfect being the enemy of good.
Developers (usually) don't have access to production systems. Reads like the hacker got some git creds and downloaded some source code.
Vorastra
Honorary Master
I have no clue why we're giving any benefit of the doubt here.
LastPass have brought in a third-party company specialising in security to audit their systems due to this. I guess we should just handwave that away as well?
On top of that, the only reason LastPass is opening their mouth now was because tech journos caught onto it from an anonymous insider...A WEEK AGO, and asked for comment a few days ago.
3rd parties will always be called in for security. You can't really do an internal audit and save face as competency will be questioned.
You can't clear yourself type thing.
gregmcc
Honorary Master
While I'm a huge fan of open source (And run mostly open source software) , it's a myth that open source is more secure. With open source you are relying on the community to hunt through thousands or millions of lines of code looking for issues. How many people do you know with the skills and time to do this?
Look at what happened to TrueCrypt after they hired a 3rd party to audit their code.
Vorastra
Honorary Master
Exactly. I really wish people would stop saying this.
What happened to TrueCrypt? Googling just says that they were audited in 2015(?) and it was fine?
gregmcc
Honorary Master
They went through a round of audits then multiple vulnerabilites were found in their drivers. Just after that they closed shop.
Well the way I see it, you have the people going through the code, who can spot bugs if they come across them, and then you have regular audits like the closed source code also has.
Bitwarden Upholds High Security Standards with Annual Third-Party Audits | Bitwarden Blog
Bitwarden will continue to uphold high cybersecurity standards through annual third-party security audits of the Bitwarden product and service.
bitwarden.com
So its closed source compliance with more eyes.
No, its not perfect, but I prefer it.
I have backup o_0
OkPlankton
Well-Known Member
Snap, I just recently moved to bitwarden but had a lastpass account as backup. Officially nuked LP now.
not a very scalable solution.
dont worry Bitwarden will be soon.These password managers are prime targets for attacks.All of them have been breached in the past few years.
That's actually not true. The audit only found 4 vulnerabilities the worst was using a windows interface to generate random data. You'd still need access to the physical machine to exploit any of them and Truecrypt maintained throughout that their focus wasn't on placebo measures as with physical access an attacker would choose much simpler means than try to hack the program. The cryptography at rest was still secure and overall the results were described as surprisingly good. Truecrypt was in trouble due to other reasons way before the audit and eventually the project was forked to Veracrypt.
The point of open source is that vulnerabilities can be discovered. It's much better that relying on secrecy to hide any vulnerabilities that are discovered. Nobody has any idea how many there are in products like Bitlocker because any analysis would only be secondary. What's needed is a tool that can decompile code in a clear manner.
If open source isn't more secure then Truecrypt is a bad example to show it.
SauRoNZA
Honorary Master
The fact you didn’t use a plural is the problem there and why password generators and managers are magic.
SauRoNZA
Honorary Master
So let’s just leave the door wide open because they’ll just get in anyway?
Why not make them some tea and bake them a cake while at it to make them feel welcome.
Idiot.