|
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
rokkyroad
Legendary
 Offline
Activity: 1090
Merit: 1000
|
 |
June 24, 2015, 12:07:01 AM |
|
It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager.
|
" If you have to spam and shout to justify your existence then you are a shit coin." TaunSew
|
|
|
|
Envrin
|
|
June 24, 2015, 12:10:24 AM |
|
It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager.
What he said. I think it's pretty common knowledge -- don't store your passwords online with a 3rd party. That's a bad idea.  KeepassX works great. |
|
|
|
|
|
tzortz
|
|
June 24, 2015, 12:18:43 AM |
|
Online password manager? Cool stuff.  |
All is Mine!
1H7LUdfx9AFTMSXPsCBror3RDk57zgnc2R
|
|
|
|
snarlpill
|
|
June 24, 2015, 12:32:51 AM |
|
I'll have to read the article, but that's exactly why I don't and wouldn't use that site, or any 3rd party password keepers. It was just bound to happen and there's too much to lose. Either by hackers, or the gov. possibly somehow, I don't know.
I use a different password for everything now and the only copies I keep are written on paper and safely stashed away.
|
|
|
|
|
ticoti
|
|
June 24, 2015, 12:48:40 AM |
|
I have never used a password manager because of this reason,I would be screwed if manager password is hacked,and they show they can hack it...
|
|
|
|
|
Argwai96
Legendary
Offline
Activity: 1036
Merit: 1000
Thug for life!
|
|
June 24, 2015, 12:57:50 AM |
|
Having a password manager is like getting married with a gold digger just for your money she's bound to cash out any time, the article does point to a good path which is passwordless logins.
|
|
|
|
|
|
codenamethisNutz
|
|
June 24, 2015, 04:13:49 AM |
|
I've always had a shady feeling about lastpass, one entity with access to all of those passwords because lazy people simply volunteer them over due to convenience... Shame.
|
|
|
|
1FfmbHfnpaZjKFvyi1okTjJJu
Full Member
Offline
Activity: 164
Merit: 100
Im not 1FfmbHfnpaZjKFvyi1okTjJJusN455paPH
|
|
June 24, 2015, 04:17:31 AM |
|
“An attacker could try to guess your master password, then use your per-user-salt and authentication hash to determine if their guess was correct. […] If your master password is weak or if your password reminder makes it easy-to-guess, then the attacker could significantly reduce the number of attempts needed to guess it correctly.” im not use lastpass im use excel on local storage but this is seriously problem i hope all user read this news and change his password i want to ask if you have lastpass acc and you delete all your data in lastpass are hacker can't aces your data ? (because your data has been removed) ? |
|
|
|
|
|
bitbaby
|
|
June 24, 2015, 04:26:50 AM |
|
It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager.
What he said. I think it's pretty common knowledge -- don't store your passwords online with a 3rd party. That's a bad idea. KeepassX works great. Yup, KeepassX works great, but I only use it for websites which are not too important for me, for other sites I prefer to write the password down in a notebook in a way that only I can decrypt the message, the only way to steal the password from that would be if there was a robbery and the thief stole the book, which is very unlikely because a thief would generally look for things more precious than a note-book and even then S/He would not be able to understand the message. |
|
|
|
|
thebenjamincode
|
|
June 24, 2015, 06:00:39 AM |
|
thanks for the news i will never going to use a password manager again  |
|
|
|
|
|
RustyNomad
|
|
June 24, 2015, 06:06:16 AM |
|
Never trusted LastPass.
Never trust anything online i.e. the cloud and never upload anything there unless I encrypted it myself.
If you want better password security just get KeePass. You have control over the encryption and the database is always under your own control.
|
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
June 24, 2015, 06:08:07 AM |
|
thanks for the news i will never going to use a password manager again An offline password manager with a decent encryption like keepass2 is a good thing, but don't give out your master password only because it's convenient for you. |
Bitcointalk member since 2013!
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1073
|
|
June 24, 2015, 06:17:16 AM |
|
I cannot believe that there are still people who would trust online password managers.  Write it down on a piece of paper and laminate it. Keep it in a burnproof safe, if you are really paranoid. I used to use a standard password with different formats, and I remembered the standard password, but as you get older Alzimers Lite kicks in, and you start to forget the simple things. Now I use different passwords for every site and I write it down / laminate it / store it in a safe place. {Never store the site and the passwords together... Give the site a number and write this number and password together... then you write the site and the number on a seperate piece of paper, and store it in a different place.} This way, nobody could get into your safe and figure out, what password is for what site. {The site is not on the list, only the number} |
|
|
|
NorrisK
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
June 24, 2015, 06:30:44 AM |
|
Surprising its only posted here now, as the hack already happened last week.. Guess most people here use KeePass to have it all in their own control?
|
|
|
|
|
|
EternalWingsofGod
|
|
June 24, 2015, 07:20:42 AM |
|
The last password you will ever need as its the golden goose for all the accounts once hacked into and a persons Achilles Heel.
That said remembering a lot of unique sets of passwords is complicated so it does seem like an inevitable outcome, but like Bitcoin wallets best to keep passwords offline.
|
|
|
|
|
ThEmporium
|
|
June 24, 2015, 07:29:38 AM |
|
I know lots of you know about and use last pass, everytime the forum gets hacked more and more people from here begin to use it, well, im sorry but your account details have been hacked, email addresses, encrypted passwords and cleartext password reminder hints were all leaked,
I do not know why people buy the software to store the important email addresses, key, and passwords. They could use Note pad to note everything and then zip it with 7zip and protect with the strong encrypted passwords. This way they will keep their secret things with themselves in their pocket, laptop or mobile phones. |
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
June 24, 2015, 07:32:42 AM |
|
another reason why i'll never trust any service like, that i'm in fact saving all my password on paper, no hacker ccan even dream of hacking that  Surprising its only posted here now, as the hack already happened last week.. Guess most people here use KeePass to have it all in their own control?
they will hack that too one day, it is only a matter of time they should build a decentralized lastpass with cold storage for password, pretty much like a bitcoin cold storage wallet |
|
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
June 24, 2015, 09:57:54 AM |
|
Never store your passwords in other place than head, except not important password that you can store OFFLINE not online.
|
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10555
|
|
June 24, 2015, 11:14:17 AM |
|
i can never understand the need for services like lastpass.
it is not like i have 1000 different passwords that i need remembering. there is only a handful of important passwords that i can remember and write down on a piece of paper just in case i forgot.
besides, what i don't encrypt myself is not gonna be safe on the cloud anyways.
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
DarkHyudrA
Legendary
Offline
Activity: 1386
Merit: 1000
English <-> Portuguese translations
|
|
June 24, 2015, 11:20:18 AM |
|
An online service to hold your passwords?
That's more stupid than keeping a file in your computer with all your passwords.
|
English <-> Brazilian Portuguese translations
|
|
|
Valanor
Sr. Member
Offline
Activity: 252
Merit: 250
Look My eyes
|
|
June 24, 2015, 11:55:53 AM |
|
I use it on mozilla but not for bitcoin site, only use for some social media, i use 2fa to make secure my acc , if he can acces my lastpass im not sure he can login to my acc |
|
|
|
OmegaStarScream
Staff
Legendary
Offline
Activity: 3472
Merit: 6125
|
|
June 24, 2015, 12:05:52 PM |
|
Wasen't that like 8 days ago or something ? anyway that's why I never use this password manager . I personally use KeePass and I recommend it for a lot of people and they won a lot of awards : http://keepass.info/ , basically all your informations are stored in a simple file on your PC and not online , you need to remember one unique password and it's also Open source . |
|
|
|
|
goosoodude
|
|
June 24, 2015, 07:21:42 PM |
|
It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager.
What he said. I think it's pretty common knowledge -- don't store your passwords online with a 3rd party. That's a bad idea. KeepassX works great. Yes, its an incredible stupid idea to use a online password manager. If you use keepass2 then you can still use the cloud. Only your passwords are encrypted and no hacker can get them. You will have your password file, which is encrypted with your pass, you can drop that in, for example your dropbox directory, then you can install the keepass app for android and dropbox app and you can use your passwords on your android phone too. If you really want make 2 different password files if you have more risky passwords to protect. So that you dont need to open them all the time with the normal forum passwords and so on. |
|
|
|
|
Acidyo
|
|
June 25, 2015, 08:54:56 PM |
|
Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login! |
|
|
|
|
|
AJRGale
|
|
June 26, 2015, 04:04:39 AM |
|
im lol'ing on how many people dont understand how lastpass works..
What i know on how it works, is its not storing your passwords in the clear on their servers, its encrypted on your system, you can select how many times it hashes the password, and it hashes each and every password with a random salt, x amount of times you have told it, and then it blobs it into 1 single file, that it stores it online with your account, so when you sigh in on another system, using the main password and log in, it starts decrypting the blob, then once you go to a site it decrypts that file that is assigned to that site.
and just to add to it, they cannot reset your password online.
the hack may have scrapped the blobs for the accounts, but without them brute forcing each blob just to open it, only to find out and then brute forcing each file at who knows how many iterations its been encrypted, only to find that they have to work out which one is your email password.
if you have 2 factor authorisation (like yubikey), and never use your major password for anything website, guess what? you're safe, but just change your major password, for paranoia sake.
|
|
|
|
|
Balerion
Newbie
Offline
Activity: 9
Merit: 0
|
|
June 26, 2015, 04:34:16 AM |
|
Lesson learnt never use password managers |
|
|
|
|
|
marky89
|
|
June 26, 2015, 04:38:22 AM |
|
online password manager? what could possibly go wrong?  |
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
June 26, 2015, 06:11:01 AM |
|
im lol'ing on how many people dont understand how lastpass works..
What i know on how it works, is its not storing your passwords in the clear on their servers, its encrypted on your system, you can select how many times it hashes the password, and it hashes each and every password with a random salt, x amount of times you have told it, and then it blobs it into 1 single file, that it stores it online with your account, so when you sigh in on another system, using the main password and log in, it starts decrypting the blob, then once you go to a site it decrypts that file that is assigned to that site.
and just to add to it, they cannot reset your password online.
the hack may have scrapped the blobs for the accounts, but without them brute forcing each blob just to open it, only to find out and then brute forcing each file at who knows how many iterations its been encrypted, only to find that they have to work out which one is your email password.
if you have 2 factor authorisation (like yubikey), and never use your major password for anything website, guess what? you're safe, but just change your major password, for paranoia sake.
Thank you for clearing this up. I think nobody got hacked yet because of this incident, it would be all over the internet by now. Seems to me that lastpass did their homework wrt security! |
Bitcointalk member since 2013!
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
June 26, 2015, 10:05:46 AM |
|
Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login! Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint. I would never put important passwords behind that. |
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
TECSHARE
In memoriam
Legendary
Offline
Activity: 3318
Merit: 1958
First Exclusion Ever
|
|
June 26, 2015, 10:22:27 AM |
|
Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login! Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint. I would never put important passwords behind that. All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies. http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands |
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
June 26, 2015, 01:56:29 PM |
|
Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login! Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint. I would never put important passwords behind that. fin All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies. http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-handsYes, or sellotape, superglue and a fingerprint someone would leave on a flat surface. Similar to crime scene investigation. So a thieve has every chance he wants. Cutting a finger is not even needed. |
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
|
AJRGale
|
|
June 26, 2015, 06:15:29 PM |
|
Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login! Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint. I would never put important passwords behind that. fin All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies. http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-handsYes, or sellotape, superglue and a fingerprint someone would leave on a flat surface. Similar to crime scene investigation. So a thieve has every chance he wants. Cutting a finger is not even needed. going down the finger print lines, mythbusters even worked out a easy way to do it with basic stuff, but they refused to release that information to the public, and it worked with most fingerprint readers. |
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
|
June 26, 2015, 06:36:55 PM |
|
It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager.
it is even more stupid than putting your wallet.dat in the cloud  |
|
|
|
foggyb
Legendary
Offline
Activity: 1666
Merit: 1006
|
|
December 23, 2022, 04:02:46 PM |
|
This thread aged quite nicely, and that's not sarcasm. Given the latest Lastpass hack revelation, criminals seem to have a copy of all your passwords. If you used a weak master password, you are in serious trouble.
|
I just registered for the $PLOTS presale! Thank you @plotsfinance for allowing me to purchase tokens at the discounted valuation of only $0.015 per token, a special offer for anyone who participated in the airdrop. Tier II round is for the public at $0.025 per token. Allocation is very limited and you need to register first using the official Part III link found on their twitter. Register using my referral code CPB5 to receive 2,500 points.
|
|
|
|
