Bitcoin Forum
November 15, 2024, 09:28:22 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: LastPass Hacked  (Read 1366 times)
DarkHyudrA
Legendary
*
Offline Offline

Activity: 1386
Merit: 1000


English <-> Portuguese translations


View Profile
June 24, 2015, 11:20:18 AM
 #21

An online service to hold your passwords?
That's more stupid than keeping a file in your computer with all your passwords.

English <-> Brazilian Portuguese translations
Valanor
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


Look My eyes


View Profile
June 24, 2015, 11:55:53 AM
 #22

I know lots of you know about and use last pass, everytime the forum gets hacked more and more people from here begin to use it, well, im sorry but your account details have been hacked, email addresses, encrypted passwords and cleartext password reminder hints were all leaked,

http://cointelegraph.com/news/114652/lastpass-gets-hacked-time-for-passwordless-logins

I use it on mozilla but not for bitcoin site, only use for some social media, i use 2fa to make secure my acc , if he can acces my lastpass im not sure he can login to my acc Smiley

OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3668
Merit: 6447



View Profile
June 24, 2015, 12:05:52 PM
 #23

Wasen't that like 8 days ago or something ? anyway that's why I never use this password manager .
I personally use KeePass and I recommend it for a lot of people and they won a lot of awards : http://keepass.info/ , basically all your informations are stored in a simple file on your PC and not online , you need to remember one unique password and it's also Open source .

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
goosoodude
Hero Member
*****
Offline Offline

Activity: 584
Merit: 500



View Profile
June 24, 2015, 07:21:42 PM
 #24

It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager. 

What he said.  I think it's pretty common knowledge -- don't store your passwords online with a 3rd party.  That's a bad idea. Smiley

KeepassX works great.


Yes, its an incredible stupid idea to use a online password manager. If you use keepass2 then you can still use the cloud. Only your passwords are encrypted and no hacker can get them.

You will have your password file, which is encrypted with your pass, you can drop that in, for example your dropbox directory, then you can install the keepass app for android and dropbox app and you can use your passwords on your android phone too.

If you really want make 2 different password files if you have more risky passwords to protect. So that you dont need to open them all the time with the normal forum passwords and so on.






██████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████▄▄▄███████████████████████
███████████████████████████████████████████████████████████████████████▀▀▀████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████





...INTRODUCING WAVES........
...ULTIMATE ASSET/CUSTOM TOKEN BLOCKCHAIN PLATFORM...






Acidyo
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Will Bitcoin Rise Again to $60,000?


View Profile
June 25, 2015, 08:54:56 PM
 #25

Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login!
AJRGale
Hero Member
*****
Offline Offline

Activity: 767
Merit: 500



View Profile
June 26, 2015, 04:04:39 AM
 #26

im lol'ing on how many people dont understand how lastpass works..


What i know on how it works, is its not storing your passwords in the clear on their servers, its encrypted on your system, you can select how many times it hashes the password, and it hashes each and every password with a random salt, x amount of times you have told it, and then it blobs it into 1 single file, that it stores it online with your account, so when you sigh in on another system, using the main password and log in, it starts decrypting the blob, then once you go to a site it decrypts that file that is assigned to that site.

and just to add to it, they cannot reset your password online.

the hack may have scrapped the blobs for the accounts, but without them brute forcing each blob just to open it, only to find out and then brute forcing each file at who knows how many iterations its been encrypted, only to find that they have to work out which one is your email password.

if you have 2 factor authorisation (like yubikey), and never use your major password for anything website, guess what? you're safe, but just change your major password, for paranoia sake.
Balerion
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
June 26, 2015, 04:34:16 AM
 #27

I know lots of you know about and use last pass, everytime the forum gets hacked more and more people from here begin to use it, well, im sorry but your account details have been hacked, email addresses, encrypted passwords and cleartext password reminder hints were all leaked,

http://cointelegraph.com/news/114652/lastpass-gets-hacked-time-for-passwordless-logins
Lesson learnt never use password managers
marky89
Hero Member
*****
Offline Offline

Activity: 756
Merit: 502

CryptoTalk.Org - Get Paid for every Post!


View Profile
June 26, 2015, 04:38:22 AM
 #28

online password manager? what could possibly go wrong? Roll Eyes

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
June 26, 2015, 06:11:01 AM
 #29

im lol'ing on how many people dont understand how lastpass works..


What i know on how it works, is its not storing your passwords in the clear on their servers, its encrypted on your system, you can select how many times it hashes the password, and it hashes each and every password with a random salt, x amount of times you have told it, and then it blobs it into 1 single file, that it stores it online with your account, so when you sigh in on another system, using the main password and log in, it starts decrypting the blob, then once you go to a site it decrypts that file that is assigned to that site.

and just to add to it, they cannot reset your password online.

the hack may have scrapped the blobs for the accounts, but without them brute forcing each blob just to open it, only to find out and then brute forcing each file at who knows how many iterations its been encrypted, only to find that they have to work out which one is your email password.

if you have 2 factor authorisation (like yubikey), and never use your major password for anything website, guess what? you're safe, but just change your major password, for paranoia sake.

Thank you for clearing this up. I think nobody got hacked yet because of this incident, it would be all over the internet by now. Seems to me that lastpass did their homework wrt security!

Bitcointalk member since 2013! Smiley
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
June 26, 2015, 10:05:46 AM
 #30

Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login!

Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint.

I would never put important passwords behind that.

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
TECSHARE
In memoriam
Legendary
*
Offline Offline

Activity: 3318
Merit: 2008


First Exclusion Ever


View Profile WWW
June 26, 2015, 10:22:27 AM
 #31

Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login!

Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint.

I would never put important passwords behind that.

All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies.

http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands
SebastianJu
Legendary
*
Offline Offline

Activity: 2674
Merit: 1083


Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
June 26, 2015, 01:56:29 PM
 #32

Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login!

Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint.

I would never put important passwords behind that.
fin

All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies.

http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands

Yes, or sellotape, superglue and a fingerprint someone would leave on a flat surface. Smiley Similar to crime scene investigation. So a thieve has every chance he wants. Cutting a finger is not even needed. Cheesy

Please ALWAYS contact me through bitcointalk pm before sending someone coins.
AJRGale
Hero Member
*****
Offline Offline

Activity: 767
Merit: 500



View Profile
June 26, 2015, 06:15:29 PM
 #33

Such a dumb idea to let an online service hold your password. Thanks god for new advancements in this space. www.GetClef.com - passwordless login!

Doesnt sound like the best idea either. You are recognized by your fingerprint and then all your passwords are open? Fingerprints of that level can be faked so easily, its nearly funny. You only need to find or get a fingerprint on a glass or something and you already can authenticat as the owner of that fingerprint.

I would never put important passwords behind that.
fin

All you need is a sufficiently high resolution camera and a picture of someones fingertips to get their fingerprint, then from there you can easily reproduce it for scanners using standard office supplies.

http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands

Yes, or sellotape, superglue and a fingerprint someone would leave on a flat surface. Smiley Similar to crime scene investigation. So a thieve has every chance he wants. Cutting a finger is not even needed. Cheesy

going down the finger print lines, mythbusters even worked out a easy way to do it with basic stuff, but they refused to release that information to the public, and it worked with most fingerprint readers.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
June 26, 2015, 06:36:55 PM
 #34

It was bound to happen. I'm sure no one here was stupid enough to use them or any other online password manager. 


it is even more stupid than putting your wallet.dat in the cloud  Grin

foggyb
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
December 23, 2022, 04:02:46 PM
 #35

This thread aged quite nicely, and that's not sarcasm. Given the latest Lastpass hack revelation, criminals seem to have a copy of all your passwords. If you used a weak master password, you are in serious trouble.

Hey everyone! 🎉 Dive into the excitement with the Gamble Games Eggdrop game! Not only is it a fun and easy-to-play mobile experience, you can now stake your winnings and accumulate $WinG token, which has a finite supply of 200 million tokens. Sign up now using this exclusive referral link! Start staking, playing, and winning today! 🎲🐣
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!