Comment Re:Los Dummelos Moronos (Score 1) 206
The release says: "we have found no evidence that encrypted user vault data was taken"
Exactly, so changing you master password will defend against this.
The release says: "we have found no evidence that encrypted user vault data was taken"
Exactly, so changing you master password will defend against this.
IF they had the database, but we're not talking about that. We're talking about the current attack.
With an encrypted database, the old password still works with the old copy of the database. Changing it only works if they got your old password and want to use it on the newly encrypted database.
Except the attackers are not believed to have accessed any of the databases. In either case I set my master password on the assumption that it will be subjected to offline attacks, as should everyone.
How does changing the master password help anything.
It stops the attackers from logging into your account and accessing your database. Once you change the master password it doesn't matter if they crack your salt.
Guys, what is your problem? The only way these guys have ANYTHING is if you use your master password on an actual website other than just logging into your lastpass account.
Now, if your master paswoord is boobies, then, you're in trouble.
Until you change your master password. The threat here is that an attacker could use the email address and master password to retrieve the encrypted file from lastpass servers and then decrypt it using the master password. Two-factor Authentication alone protects against this. But if you have both a strong master password AND 2-Factor then you're not even close to being compromised.
Since the master password is used for encryption purposes it should always be as strong as you can make it in the first place.
Or you can simply change the one master password and your problem is solved.
In a lot of cases, I'd rather trust Lastpass's security over that of a native website,
If only one native website is broken though, then only one of your passwords has been taken.
You mean the one password that has been used on every other site.
ANYTHING on the internet is NOT secure
Use a local password manager.
A local password manager is just as vulnerable as LastPass, likely more so since few password managers take security as seriously as LasstPass does.
I agree with the other posters, you'd have to be nuts to use LastPass for anything that was tied to financial transactions.
Why? I'd rather my banking credentials be leaked than my email or domain registrar credentials.
What can a person do with my bank account anyway? Nothing, that can't be traced and/or reversed.
IT people don't call tech support, we fix our own routers. If such a basic device is beyond your skill set then you really have no place calling yourself an "IT Professional".
The only time I called my ISP in the past 10 years was to upgrade my account, and twice for billing issues.
I don't see Google hiring hitmen do you?
Still we're talking non-violent crimes....
Murder for hire is non-violent?
The president also needs an aircraft that can carry any and all staff that he may need. Air Force One needs to be equipped for all eventualities.
Yet, bows and arrows aren't.
Ah.... good points.
An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.
