{Warning}: Vulnerabilities found on password manager LassPass

[bitmover]

If it is of a specific brand that enables encryption of data by allowing us to put up a password before any of the data of that USB be used, and the password is an extremely complex one, will it still be possible for someone getting my USB to crack that password and/or encryption and take away all the data in that USB?

It depends. Is it open source software that uses a tried and true method of encryption, or does it use a proprietary algorithm?

Keep in mind that a USB is also inconvenient. If you're using a non personal computer and needed to access your accounts, you likely wouldn't be able to connect the USB to your phone to find your passwords. Most password managers have apps that you can use.

For me, being able to sync my passwords with my phone and computer is very important. Additionally, if you manage your passwords in a Notepad or USd or whatever, you are not going to be able to generate new passwords for every website.

The main problem of repeating passwords through websites is that if one website is hacked and passwords leaked, your other accounts may also be compromised.

This is why password managers are good, because they can generate good and unique passwords with a single click.

For years I have used Firefox password manager, but it lacks this feature. Therefore, I am now moving to Bitwarden (the best option for me, because I need my passwords on the cloud).

I read somewhere something very interesting: The only password that you should know is the password of your password manager. All others should be automatically generated. To prevent losing more than one account if a service is hacked.

[magneto]

Don't use online password generators/holders, it's like the same argument of centralization vs decentralization again, where Lastpass is an application that has all of your information, and could randomly go bust one day and start hacking into their customer's accounts (because we all know they can do that). Using another system that is offline, or even going super old school and generating your old password and writing it down on a piece of paper gives you control over everything and is the safest, and is the bet I'd recommend most people to go with.

To be honest, just make your own passwords by mashing the keyboard (eg 087asf*)&G), and then write it down a piece of paper, that's 100 percent the safer bet.

I wouldn't say mashing the keyboard and then writing it down is necessarily the best way, given the fact that it's prone to physical theft and flood/fire damage. At that point, if that does happen, then you'd have no chance of recourse. Leaving yourself exposed to having no backups for the sake of "security" simply isn't worth it.

It depends on the situation. I wouldn't discount these password managers completely if you are just using them for relatively benign tasks without much at stake, like gaming or stuff like that.

If it's sensitive financial information, then you'd probably have to reconsider for sure.

[Stedsm]

It depends. Is it open source software that uses a tried and true method of encryption, or does it use a proprietary algorithm?

Keep in mind that a USB is also inconvenient. If you're using a non personal computer and needed to access your accounts, you likely wouldn't be able to connect the USB to your phone to find your passwords. Most password managers have apps that you can use.

Sorry for the late response.
Actually, I use Kingston's DT Locker+ G3 Secure USB Flash Drive with Cloud Backup which gives me top-notch security with their DataVault Security password protection software where, once set, you cannot derive the data without entering the password because it encrypts all the data inside the USB and only allows you to see it if you know the password. The only catch is that you need to remember the password because if you lose it, you lose the entire data as if you try to set up a new password (and even if someone who stole your USB tries to do it), it will immediately wipe off all the data inside and open the USB with a completely new session for the sake of maintaining security of the data in USB.

[judeafante]

After finding this, I ask my friend if he is ok with his LastPass account and he told me that everything works find he is using two anti virus to make sure that nothing gets in his computer, LastPass has a huge subscribers I don't think they will neglect or become irresponsible in  securing their clients security I hope everything is ok now but this update is good I'm sure those Lastpass holders will read this issue about Lastpass.

[dunfida]

It depends. Is it open source software that uses a tried and true method of encryption, or does it use a proprietary algorithm?

Keep in mind that a USB is also inconvenient. If you're using a non personal computer and needed to access your accounts, you likely wouldn't be able to connect the USB to your phone to find your passwords. Most password managers have apps that you can use.

Sorry for the late response.
Actually, I use Kingston's DT Locker+ G3 Secure USB Flash Drive with Cloud Backup which gives me top-notch security with their DataVault Security password protection software where, once set, you cannot derive the data without entering the password because it encrypts all the data inside the USB and only allows you to see it if you know the password. The only catch is that you need to remember the password because if you lose it, you lose the entire data as if you try to set up a new password (and even if someone who stole your USB tries to do it), it will immediately wipe off all the data inside and open the USB with a completely new session for the sake of maintaining security of the data in USB.

This might be an old response but i would like to thank you about on sharing this up.I didnt expect that Kingston do have this kind of USB drive which do had that kind of feature.
Unluckily i havent able to find this usb on my local marketplace.This is what im looking for in regards with extra security where i do love that auto-wipe feature when someone do tend to bruteforce it out.