Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#175057 16-Jun-2015 07:54
Send private message

According to the LastPass blog:

"We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

Interestingly I have just installed Intel's TrueKey on my laptop and  Android devices today...






Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
timmmay
20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #1325467 16-Jun-2015 08:09
Send private message

Keepass 2. I keep the encrypted database on Dropbox, I can access it from home, work, or Android using this app (or the online app version).



davidcole
6029 posts

Uber Geek

Trusted

  #1325494 16-Jun-2015 09:23
Send private message

timmmay: Keepass 2. I keep the encrypted database on Dropbox, I can access it from home, work, or Android using this app (or the online app version).


yeah +1.  Would rather my db as least if mostly controlled by me.  For a while I was putting in to SVN at home.  Where now I use dropbox, working on the theory they'd have to hack dropbox and keypass to get into it.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server
Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 


xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #1325496 16-Jun-2015 09:26
Send private message

Little bit concerned about their system........ logged in to change my password - system says I last changed my password a year ago....but I only did it start of this year.
Changed the password anyway, and it comes up telling me I last changed my password 23 hours ago.

Not encouraging....

I would use a "local" system such as KeePass etc, but Im useless at keeping track of such things and would lose the file in my archives :-p





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 




davidcole
6029 posts

Uber Geek

Trusted

  #1325499 16-Jun-2015 09:28
Send private message

xpd: Little bit concerned about their system........ logged in to change my password - system says I last changed my password a year ago....but I only did it start of this year.
Changed the password anyway, and it comes up telling me I last changed my password 23 hours ago.

Not encouraging....

I would use a "local" system such as KeePass etc, but Im useless at keeping track of such things and would lose the file in my archives :-p



That's why you put it on dropbox.  Means it's accessible everywhere, and you can get the smart phone app as well.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server
Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 


mdf

mdf
3512 posts

Uber Geek

Trusted

  #1325500 16-Jun-2015 09:29
Send private message

Just deleted my (unused for a year) LastPass account.

I've been using PasswordBox for a while - Intel bought the company at the start of this year to make TrueKey. It's got a really clever way of dealing with passwords on mobile devices (although in hindsight I pretty seldom log on to anything password-y on mobile anyway). Also has a semi-creepy digital will thing - you can nominate someone to get all your passwords when you die.

  #1325502 16-Jun-2015 09:30
Send private message

+1 for KeyPass (with DB stored on locally hosted OwnCloud server).

sidefx
3711 posts

Uber Geek

Trusted

  #1325503 16-Jun-2015 09:32
Send private message

Another vote for keepass combined with dropbox here.   There's even a windows phone app for it. 




"I was born not knowing and have had only a little time to change that here and there."         | Octopus Energy | Sharesies
              - Richard Feynman


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Geektastic
17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #1325510 16-Jun-2015 09:40
Send private message

I use One Password and Drop box. Works very well across desktop Macs, laptop and iPhone.





fizzychicken
313 posts

Ultimate Geek


  #1325533 16-Jun-2015 09:49
Send private message

I'm sticking with Lastpass. After an (admittedly difficult) setup learning process, I have everything in a manner that works best for me and is easier for me to use and maintain than Keepass (because I suck at syncing anything or maintaining too many things). This ended up being;

 

  • Lastpass + YubiKey 2FA + vault is set so it cannot be accessed on unapproved devices/locations. The paid last pass account also allows for yubikey used on android via NFC.
  • I only know the master password and that is made from random letters numbers and wild chars, I do not know any other password stored as they are all max length available with wild chars (have fun brute forcing that or any associated hash) e.g. KdL3hPJTx@nOh*x?(8o/)NWgQ8W2-~~s9#ZuwOT>gXSG\vzTCBg_ZMD:b)mV5^c
  • any password stored requires the master pass to be viewed or used, this prevents the auto enter at the end of password population, which in turn allowed me to use a 'pin code' on each password so even if you somehow got my vault and decrypted everything...and got my password..you're still missing a bit I had to type in (that's even before you get to whatever 2FA I have on that service you are trying to log in to)
  • I dont store any bank account or financial login details in lastpass, those I am willing to remember and use SMS and an RSA token for 2 and 3FA.

Though it was a pain to figure out how to get to that point, once achieved it is a very easy and fast system to use which is secure enough for me (even if various parts are breached). Using Yubikey's second memory allocation allows for storing the main segment of any unstored password to allow for those to be sufficiently complex to prevent brute force.





amanzi
Amanzi
1292 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1325541 16-Jun-2015 09:58
Send private message

I'm a long time LastPass user but am not particularly worried about this as my master password was fairly strong and not guessable. As a precaution I changed my account password and vault master password this morning anyway and I recommend that you do too, as well as take a look through the additional security settings available such as multi-factor authentication, geo-restrictions, trusted devices, etc...

For those suggesting switching to another cloud provider (even using Dropbox), you're no safer there than using LastPass. Any cloud system can get hacked and so your security for any of these systems is really only as good as your master password.

(btw - I posted this topic in the Cloud, SaaS forum, but guess I need to pay closer attention to the off-topic forum too?)


ojo

ojo
167 posts

Master Geek


  #1325549 16-Jun-2015 10:13
Send private message

At least users have gotten the message





Tinshed
278 posts

Ultimate Geek


  #1325550 16-Jun-2015 10:15
Send private message

I stopped using Lastpass a wee while ago (by letting my subscription lapse) - in favour of 1Password. Nonetheless I diligently logged on to change my password but received the message about servers being overloaded.  Currently looking at how to "delete all" passwords as a precaution.  Can't see how to do that or how to delete entire account, including all passwords.  It would seem that this is obscure on purpose so people might come back to using Lastpass.  I seriously annoyed at Lastpass.  Clearly their brand reputation is in tatters - or at least I hope so.

*Update*. Found the Delete Account page - by reading the manual(!) - See https://lastpass.com/delete_account.php  Hopefullly my account really is now deleted.




Tinshed
Wellington, New Zealand


xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #1325551 16-Jun-2015 10:15
Send private message

sidefx: Another vote for keepass combined with dropbox here.   There's even a windows phone app for it. 


Which app ? Ive just tried 2 (WinKee and 7Pass) and both failed miserably - WinKee just kills my phone, and 7Pass uses "Skydrive", and dosent work.






       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


kiwitrc
4123 posts

Uber Geek
Inactive user


  #1325639 16-Jun-2015 11:01
Send private message

I would change it if only I could remember what it was....

xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #1325647 16-Jun-2015 11:16
Send private message

ojo: At least users have gotten the message




Saw that, Ive logged in and out multiple times today with no issues at all :)




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.