Passwordstate COMPROMISED

[The_Librarian]

Anybody using Passwordstate to store passwords in should reset all their passwords and take the necessary precautions as Passwordstate got compromised.

Story on Ars Technicia.

As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app-maker told customers.


In an email, Passwordstate creator Click Studios told customers that bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers. The file, named “moserware.secretsplitter.dll,” contained a legitimate copy of an app called SecretSplitter, along with malicious code named "Loader," according to a brief writeup from security firm CSIS Group.

 

[SauRoNZA]

In guessing there are only 29,000 users because I’ve never even heard of this lot.

 

[The_Librarian]

In guessing there are only 29,000 users because I’ve never even heard of this lot.

Companies as well.

 

[backstreetboy]

 

[ArmatageShanks]

What? Never heard of it.

Just grab LastPass.

 

[ActivateD]

What? Never heard of it.

Just grab LastPass.

I left LastPass because of their analytics or "tracker" code that was sending data to the company. I do not want my password manager sending out any information.

Using 1Password currently but might try bidwarden later.

 

[The_Librarian]

Also never heard of these guys, but thought to give a headsup juuuuust in case somebody was using them.

For any ne'er-do-well, there's more than one way to skin a cat.

 

[airborne]

BitWarden all the way, sadly only dropped LastPass recently after their free tier was removed. BitWarden slays LastPass, LastPass was surprisingly useless.

 

[Foxhound5366]

BitWarden all the way, sadly only dropped LastPass recently after their free tier was removed. BitWarden slays LastPass, LastPass was surprisingly useless.

This sounds like Donald Trump calling Twitter boring, lol. Sour grapes much?

 

[RedViking]

Can happy to any of them. But yeah, never heard of it.

 

[ArmatageShanks]

I left LastPass because of their analytics or "tracker" code that was sending data to the company. I do not want my password manager sending out any information.

Using 1Password currently but might try bidwarden later.

If you do not want the provider to know exactly what they are providing you then no manager wil do, you'll have to create your own custom manager, like a notebook for example.

 

[PsyWulf]

If you do not want the provider to know exactly what they are providing you then no manager wil do, you'll have to create your own custom manager, like a notebook for example.

Security by simplicity,stickynotes folded in half

 

[The_Librarian]

Security by simplicity,stickynotes folded in half

And hidden in strategic places.

 

[NeonNinja]

Oh the irony...

 

[SauRoNZA]

What? Never heard of it.

Just grab LastPass.

No, it’s also shite.

Bitwarden.

Although I would much prefer iCloud Keychain if it simply supported sharing and/or folders.

 

[SauRoNZA]

BitWarden all the way, sadly only dropped LastPass recently after their free tier was removed. BitWarden slays LastPass, LastPass was surprisingly useless.

Yeah been on Bitwarden for years and work forces me to use Lastpass and I can’t believe how utterly kak it is.

People opting to use it for free is even more bizarre.

 

[rustypup]

Just grab LastPass.

You are aware LP was breached multiple times?

 

[ArmatageShanks]

You are aware LP was breached multiple times?

I am not.

 

[lowriderza]

I'm currently using Kaspersky's Password Manager. Not too bad for my needs and not too expensive. Will have a look at Bitwarden As some of you here seem to like it.

 

[Lord Flacko]

Using 1 Password. Works like a charm across all my devices.