Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Los Dummelos Moronos (Score 1) 206 206

With an encrypted database, the old password still works with the old copy of the database. Changing it only works if they got your old password and want to use it on the newly encrypted database.

Except the attackers are not believed to have accessed any of the databases. In either case I set my master password on the assumption that it will be subjected to offline attacks, as should everyone.

Comment: Re:Los Dummelos Moronos (Score 1) 206 206

Guys, what is your problem? The only way these guys have ANYTHING is if you use your master password on an actual website other than just logging into your lastpass account.

Now, if your master paswoord is boobies, then, you're in trouble.

Until you change your master password. The threat here is that an attacker could use the email address and master password to retrieve the encrypted file from lastpass servers and then decrypt it using the master password. Two-factor Authentication alone protects against this. But if you have both a strong master password AND 2-Factor then you're not even close to being compromised.

Since the master password is used for encryption purposes it should always be as strong as you can make it in the first place.

Comment: Re:Who the fuck would use something like that? (Score 1) 206 206

In a lot of cases, I'd rather trust Lastpass's security over that of a native website,

If only one native website is broken though, then only one of your passwords has been taken.

You mean the one password that has been used on every other site.

Comment: Re:Who the fuck would use something like that? (Score 1) 206 206

I agree with the other posters, you'd have to be nuts to use LastPass for anything that was tied to financial transactions.

Why? I'd rather my banking credentials be leaked than my email or domain registrar credentials.

What can a person do with my bank account anyway? Nothing, that can't be traced and/or reversed.

Comment: We don't. (Score 1) 479 479

by Dan541 (#49912033) Attached to: Ask Slashdot: Dealing With Service Providers When You're an IT Pro?

IT people don't call tech support, we fix our own routers. If such a basic device is beyond your skill set then you really have no place calling yourself an "IT Professional".

The only time I called my ISP in the past 10 years was to upgrade my account, and twice for billing issues.

The universe is like a safe to which there is a combination -- but the combination is locked up in the safe. -- Peter DeVries