ventrabit (OP)
Newbie
 Offline
Activity: 22
Merit: 0
|
 |
April 09, 2013, 03:37:26 AM |
|
I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.
My bitcoins are scattered over several online wallets and trading accounts.
LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.
KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.
Is this safe? Can my LastPass account be compromised.
If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.
Thanks
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
DarkPunk
Member
Offline
Activity: 182
Merit: 10
|
|
April 09, 2013, 03:44:12 AM |
|
I use LastPass and have found it very useful but I am now concerned about security with the increase of btc value.
My bitcoins are scattered over several online wallets and trading accounts.
LastPass is used to store all login details including additional fields such as pins etc. and I never store or save the data anywhere else.
KeePass is used to store LastPass password. The LastPass password is very strong but I rarely need to use KeePass as I use the save password function for LastPass.
Is this safe? Can my LastPass account be compromised.
If it can be, what can I do to help boost my security? Any tips will be appreciated and may help others too.
Thanks
Short Answer: If you trust LastPass, and your certain your PC won't be compromised in any other way, then your good. A PC can always be compromised, and cookies/session can always be hijacked. But both of those are inherent flaws of using any online wallet, LastPass or not. |
|
|
|
|
|
Sage
|
|
April 09, 2013, 03:48:51 AM |
|
HELL NO!
LastPass has already been hacked.
I use it, but only for websites of little consequence. Never for anything vital.
|
|
|
|
|
Berghoff
Newbie
Offline
Activity: 28
Merit: 0
|
|
April 09, 2013, 03:55:57 AM |
|
That's your first mistake right there. I transfer all coins off of those wallets immediately as soon as I can.
As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string. The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.
So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass. I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.
Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.
And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.
|
|
|
|
|
Berghoff
Newbie
Offline
Activity: 28
Merit: 0
|
|
April 09, 2013, 03:56:54 AM |
|
HELL NO!
LastPass has already been hacked.
I use it, but only for websites of little consequence. Never for anything vital.
They found odd behavior and immediately took steps to correct it. I'm not aware of anyone who reported any accounts compromised. |
|
|
|
|
segfault88
Newbie
Offline
Activity: 42
Merit: 0
|
|
April 09, 2013, 04:00:23 AM |
|
I like last pass, I trust it fairly well. The important rules are: - Use a STRONG master password.
- Turn on the "Require password reprompt" feature for important/valuable sites.
- Set the auto log off when idle feature.
A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use. The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know). |
|
|
|
|
ventrabit (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
April 09, 2013, 11:58:35 PM |
|
That's your first mistake right there. I transfer all coins off of those wallets immediately as soon as I can.
As for LastPass, I use it to store 1/2 of password, which is a 15-25 digit string. The other half is one of several phrases that only I know which are indicated as a bit of text/numbers embedded in the stored password that get substituded out.
So even if lastpass was broken into, they'd still have between 62^5 and 62^10 combinations to try to get to the completed pass. I store the back-up wallet in a cloud drive using a variation of the password scheme I just told you.
Ideally, I should also be storing this methodology (along with wallet back-ups) with a family member or lawyer in case I die, and keep the lastpass passwords in another location on a piece of paper that you would know but wouldn't make sense to others (or a bank vault like most people) in case lastpass goes kerplut - and my half of the pass phrases with someone I trust.
And to be honest, with the amount of coins I have right now, a crook could get more money by surprising me with a pipe-iron.
Thanks. I have a lot to think about. I like how you store half the passwords, very clever. I know storing in online wallets is not so good. I do have a paper wallet with a % there but I like to have some in online wallets and trading accounts for quick access and don't want all in one trading account just in case. I suppose i just have to keep minimal in online wallets/trade accounts and get more serious as btc and even ltc is big bucks now. I'm lazy and get used to the way I do things but yeh i really have to make some changes. Thanks again!!! |
|
|
|
|
ventrabit (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
April 10, 2013, 12:02:21 AM |
|
I like last pass, I trust it fairly well. The important rules are: - Use a STRONG master password.
- Turn on the "Require password reprompt" feature for important/valuable sites.
- Set the auto log off when idle feature.
A nice thing about last pass is that your passwords don't actually make it to their servers - your vault get decrypted on the client side and only with the master password. I like using a unique 32 character password (letters, numbers and special characters) for every site I use. The only danger is if you get a keylogger, but I'm not too worried about that since I keep my computers secure (hardened linux everywhere - not invulnerable I know). Thanks for your info. Why do you set the auto log off when idle? can someone access your pc and control it from their end? I understand about keyloggers and how a hacker can export files etc but can they do more? |
|
|
|
|
rtgornik
Newbie
Offline
Activity: 20
Merit: 0
|
|
April 24, 2013, 04:04:00 AM |
|
Although I use lastpass, I do not use it for any financial transactions.
Having a totally centralized password database doesn't sit right with me.
|
|
|
|
|
Fluxbit
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 24, 2013, 05:36:49 AM |
|
Steve Gibson knows his crypto and explains how LastPass works on his podcast: Security Now. The review is on episode 256. A link to the podcast: http://twit.tv/sn256A link to the transcript: http://www.grc.com/sn/sn-256.htmSpoiler: Gibson has nothing but positive things to say about LastPass. |
|
|
|
|
zedicus
Legendary
Offline
Activity: 966
Merit: 1004
CryptoTalk.Org - Get Paid for every Post!
|
|
April 24, 2013, 05:49:50 AM |
|
^^ + 1 for Steve he an old school assembly guru! hehe  Lass pass is great.. I trust it but its just a layer of many. Dont use the default generated passwords.. daisy chain a few so you have long 50-100 passwords.. There are plenty of ways to secure youre pc dont depend on one. |
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
April 24, 2013, 05:53:40 AM |
|
Remember to use 2FA with last pass.
|
|
|
|
|
BitFred
Member
Offline
Activity: 96
Merit: 10
|
|
April 24, 2013, 06:09:24 AM |
|
I recommend KeePass Password Safe.
keepass.info
|
|
|
|
|
|
