Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
63580 posts

Uber Geek
+1 received by user: 14062

Administrator
Trusted
Geekzone
Lifetime subscriber

# 175057 16-Jun-2015 07:54
Send private message

According to the LastPass blog:

"We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

Interestingly I have just installed Intel's TrueKey on my laptop and  Android devices today...






View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
14788 posts

Uber Geek
+1 received by user: 2751

Trusted
Subscriber

  # 1325467 16-Jun-2015 08:09
3 people support this post
Send private message

Keepass 2. I keep the encrypted database on Dropbox, I can access it from home, work, or Android using this app (or the online app version).

4409 posts

Uber Geek
+1 received by user: 679

Trusted

  # 1325494 16-Jun-2015 09:23
One person supports this post
Send private message

timmmay: Keepass 2. I keep the encrypted database on Dropbox, I can access it from home, work, or Android using this app (or the online app version).


yeah +1.  Would rather my db as least if mostly controlled by me.  For a while I was putting in to SVN at home.  Where now I use dropbox, working on the theory they'd have to hack dropbox and keypass to get into it.




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


 
 
 
 


xpd

Chief Trash Bandit
9588 posts

Uber Geek
+1 received by user: 1634

Mod Emeritus
Trusted
Lifetime subscriber

  # 1325496 16-Jun-2015 09:26
Send private message

Little bit concerned about their system........ logged in to change my password - system says I last changed my password a year ago....but I only did it start of this year.
Changed the password anyway, and it comes up telling me I last changed my password 23 hours ago.

Not encouraging....

I would use a "local" system such as KeePass etc, but Im useless at keeping track of such things and would lose the file in my archives :-p





XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.     Now on BigPipe 100/100 and 2Talk


4409 posts

Uber Geek
+1 received by user: 679

Trusted

  # 1325499 16-Jun-2015 09:28
Send private message

xpd: Little bit concerned about their system........ logged in to change my password - system says I last changed my password a year ago....but I only did it start of this year.
Changed the password anyway, and it comes up telling me I last changed my password 23 hours ago.

Not encouraging....

I would use a "local" system such as KeePass etc, but Im useless at keeping track of such things and would lose the file in my archives :-p



That's why you put it on dropbox.  Means it's accessible everywhere, and you can get the smart phone app as well.




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


mdf

2230 posts

Uber Geek
+1 received by user: 686

Trusted
Subscriber

  # 1325500 16-Jun-2015 09:29
Send private message

Just deleted my (unused for a year) LastPass account.

I've been using PasswordBox for a while - Intel bought the company at the start of this year to make TrueKey. It's got a really clever way of dealing with passwords on mobile devices (although in hindsight I pretty seldom log on to anything password-y on mobile anyway). Also has a semi-creepy digital will thing - you can nominate someone to get all your passwords when you die.

1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  # 1325502 16-Jun-2015 09:30
Send private message

+1 for KeyPass (with DB stored on locally hosted OwnCloud server).

3281 posts

Uber Geek
+1 received by user: 984

Trusted

  # 1325503 16-Jun-2015 09:32
Send private message

Another vote for keepass combined with dropbox here.   There's even a windows phone app for it. 

 
 
 
 


12867 posts

Uber Geek
+1 received by user: 4305

Trusted
Lifetime subscriber

  # 1325510 16-Jun-2015 09:40
One person supports this post
Send private message

I use One Password and Drop box. Works very well across desktop Macs, laptop and iPhone.





286 posts

Ultimate Geek
+1 received by user: 70


  # 1325533 16-Jun-2015 09:49
3 people support this post
Send private message

I'm sticking with Lastpass. After an (admittedly difficult) setup learning process, I have everything in a manner that works best for me and is easier for me to use and maintain than Keepass (because I suck at syncing anything or maintaining too many things). This ended up being;

 

  • Lastpass + YubiKey 2FA + vault is set so it cannot be accessed on unapproved devices/locations. The paid last pass account also allows for yubikey used on android via NFC.
  • I only know the master password and that is made from random letters numbers and wild chars, I do not know any other password stored as they are all max length available with wild chars (have fun brute forcing that or any associated hash) e.g. KdL3hPJTx@nOh*x?(8o/)NWgQ8W2-~~s9#ZuwOT>gXSG\vzTCBg_ZMD:b)mV5^c
  • any password stored requires the master pass to be viewed or used, this prevents the auto enter at the end of password population, which in turn allowed me to use a 'pin code' on each password so even if you somehow got my vault and decrypted everything...and got my password..you're still missing a bit I had to type in (that's even before you get to whatever 2FA I have on that service you are trying to log in to)
  • I dont store any bank account or financial login details in lastpass, those I am willing to remember and use SMS and an RSA token for 2 and 3FA.

Though it was a pain to figure out how to get to that point, once achieved it is a very easy and fast system to use which is secure enough for me (even if various parts are breached). Using Yubikey's second memory allocation allows for storing the main segment of any unstored password to allow for those to be sufficiently complex to prevent brute force.





Amanzi
921 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 1325541 16-Jun-2015 09:58
Send private message

I'm a long time LastPass user but am not particularly worried about this as my master password was fairly strong and not guessable. As a precaution I changed my account password and vault master password this morning anyway and I recommend that you do too, as well as take a look through the additional security settings available such as multi-factor authentication, geo-restrictions, trusted devices, etc...

For those suggesting switching to another cloud provider (even using Dropbox), you're no safer there than using LastPass. Any cloud system can get hacked and so your security for any of these systems is really only as good as your master password.

(btw - I posted this topic in the Cloud, SaaS forum, but guess I need to pay closer attention to the off-topic forum too?)


ojo

100 posts

Master Geek
+1 received by user: 10


  # 1325549 16-Jun-2015 10:13
Send private message

At least users have gotten the message





277 posts

Ultimate Geek
+1 received by user: 57


  # 1325550 16-Jun-2015 10:15
Send private message

I stopped using Lastpass a wee while ago (by letting my subscription lapse) - in favour of 1Password. Nonetheless I diligently logged on to change my password but received the message about servers being overloaded.  Currently looking at how to "delete all" passwords as a precaution.  Can't see how to do that or how to delete entire account, including all passwords.  It would seem that this is obscure on purpose so people might come back to using Lastpass.  I seriously annoyed at Lastpass.  Clearly their brand reputation is in tatters - or at least I hope so.

*Update*. Found the Delete Account page - by reading the manual(!) - See https://lastpass.com/delete_account.php  Hopefullly my account really is now deleted.




Tinshed
Wellington, New Zealand


xpd

Chief Trash Bandit
9588 posts

Uber Geek
+1 received by user: 1634

Mod Emeritus
Trusted
Lifetime subscriber

  # 1325551 16-Jun-2015 10:15
Send private message

sidefx: Another vote for keepass combined with dropbox here.   There's even a windows phone app for it. 


Which app ? Ive just tried 2 (WinKee and 7Pass) and both failed miserably - WinKee just kills my phone, and 7Pass uses "Skydrive", and dosent work.






XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.     Now on BigPipe 100/100 and 2Talk


4123 posts

Uber Geek
+1 received by user: 842
Inactive user


  # 1325639 16-Jun-2015 11:01
Send private message

I would change it if only I could remember what it was....

xpd

Chief Trash Bandit
9588 posts

Uber Geek
+1 received by user: 1634

Mod Emeritus
Trusted
Lifetime subscriber

  # 1325647 16-Jun-2015 11:16
Send private message

ojo: At least users have gotten the message




Saw that, Ive logged in and out multiple times today with no issues at all :)




XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.     Now on BigPipe 100/100 and 2Talk


 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28


Orcon first to trial residential 10Gbps broadband
Posted 28-May-2019 11:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.