-
June 16th, 2015, 01:00 AM
#1
-
June 16th, 2015, 05:00 AM
#2
Oops.
LastPass said it discovered the digital break-in on Friday. It's still very early in its investigation, but if LastPass is right, hackers didn't manage to grab plain text versions of the all-powerful master passwords.
Umm, why are they storing plain text versions of passwords anyway? Sounds to me like they had lax security standards to begin with to have done that.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
June 16th, 2015, 09:49 AM
#3
fink: When I read your post, I thought that must be relating to the NBC link. They've been known to misrepresent some security things. But no! It the CNN story that's inaccurate.
My 10ยข ...
LastPass (LP) never stores a master password anywhere in plain text. LP's servers only store a hash of a master password that is sent from your device. So they don't even get the password in an encrypted state. All they get is the hash.
What was stolen were some "puzzle" pieces (my words) on how a LP user's encrypted passwords are accessed. The master password hash, the random factors (salt) that are used as part of the hashing, the users email addresses and master password hints/reminders (which likely were in plain text.)
As long as a user had a good master password (meaning use of upper and lower case letters, numbers, special characters and 20+ or more characters in length), only a weak password hint would be, IMO, cause for concern.
Am I happy they were hacked? Certainly not. But the methods that LP has employed to protect my passwords did not fail. LP responsibly reported the hack. They told us about any changes they were making to help stem any fallout from the breach. IOW, I think they have handled the issue well.
I'm no encryption expert. But I do know the math that modern encryption uses, works. So I changed my LP master password (can't hurt anything) and will continue to use it.
LastPass Blog about the breach https://blog.lastpass.com/2015/06/la...y-notice.html/
-
June 18th, 2015, 08:36 AM
#4
I'm glad they emailed me right away about the hack. I'm not going to change my master password as it is rated at 99% at lastpass site. My hint is "R". If someone could get my password from that and get the numbers from my grid to log in from a device I haven't registered, I'd be impressed.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|