LastPass is brilliant!
- Thread starter Hiro
- Start date
czc
Thread Killer Mk VIII
A don't you just love origin. It does not tell you what characters you can and can't use also no indication on how long it should be.
Well thats just bad design. Tell people why, not just that its incorrect.
DarthMol
New member
I used to use it a while back. Lately though I've developed a method of incorporating the site's name into my password in the form of a code plus my default password. So if my default password is password, my myGaming password would be something like myg4m!ngpassword, gmail would be gm4!lpassword (though it's not THAT easy- my code uses a different base numbering system + shifted alphabet
)
Does this make me paranoid?
I actually use the same system to remember my passwords! Except I use a word that is related to the site and not the site name itself. Although I've got a fair few remembered in Chrome but never the crucial ones such as email and banking.
Last edited:
Ser_Bunnylot
New member
So now all of your passwords have a single failure point? Why don't you just go the other way and use random passwords for everything and then reset the password everytime you need to log into it.
If I were to use a password collection app at some point, I will create my own one. There is very little chance that I'll download or buy a product of the shelf and use it, and even less of a chance that I'll use some website.
If I were to use a password collection app at some point, I will create my own one. There is very little chance that I'll download or buy a product of the shelf and use it, and even less of a chance that I'll use some website.
Hiro
New member
agreed, but i would prefer for my single point of failure to be a "secure" site, rather than the fact that i used the same password all over the show. The old system would mean that i have MULTIPLE points of failure.
Crzwaco
New member
This article sums it up really.But like it says nothing is 100% just look at the nude photo hacks.
Source: http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389
Not if you use the alternatives that I suggested. You have now provided all of your passwords to a third party that you don't know anything about in clear text- that's the CIA/NSA's wet dream. Rule nr 1 of passwords is don't give them to anybody else.
Heck, I guess I'm just paranoid, but I don't save any passwords. I type them all in manually.
Have you ever been a victim of hacking? I haven't.
The nude photo hacks were a combination of a failure on Apple's side to provide one of the most basic items of password security (limited number of attempts) and also passwords that were too simple. Have you ever been hacked?
It's all good and well that they claim that, but do you know anything of that as a matter of fact? The only way you could know that is if you write it yourself from scratch without using any third party libraries. I'd rather print all of my my passwords on a piece of paper and store it in my safe, than put it on a website. Heck even notepad on your desktop is better if your PC is secure.
Last edited:
Crzwaco
New member
Have not been hacked.
mottamort
Bargain Hunter
As far as I know the statistic is still true that the safest is to write down your password and keep it safe physically. At some point there used to be paranoia and it was "bad practice" to do this, but seriously, which person breaking into your house is not only going to take/read something like that, but see it beyond anything other than chicken-scratching...
My source for this info is QI
While lastpass does intrigue me, I get turned off at the very mention of "cloud-based".
czc
Thread Killer Mk VIII
As far as I know the statistic is still true that the safest is to write down your password and keep it safe physically. At some point there used to be paranoia and it was "bad practice" to do this, but seriously, which person breaking into your house is not only going to take/read something like that, but see it beyond anything other than chicken-scratching...
My source for this info is QI
While lastpass does intrigue me, I get turned off at the very mention of "cloud-based".
I think the "bad practice" came from office works writing their password on a post-it and sticking it to the side of the monitor.
VirtualForce
New member
Nice find, but not for me. I'm with Wyzak on this one...sort of
I've got a truecrypt volume with a nice big fat text file in it. TrueCrypt is protected by a loooooong ass passphrase.
Keep copies on multiple sources so if I loose one, I still have backups.
and yes, I have heard about TrueCrypt not being that secure, so I might move to something else later.
EDIT: And I use two factor authentication where ever avialable, GMail, STEAK, Origin, etc
I've got a truecrypt volume with a nice big fat text file in it. TrueCrypt is protected by a loooooong ass passphrase.
Keep copies on multiple sources so if I loose one, I still have backups.
and yes, I have heard about TrueCrypt not being that secure, so I might move to something else later.
EDIT: And I use two factor authentication where ever avialable, GMail, STEAK, Origin, etc
Last edited:
VirtualForce
New member
Hiro
New member
MissileToe
New member
You have a point about not giving your passwords out, but I don't think the CIA or NSA would even need to collect passwords to access someone's account anyway. They'd just demand to get in and the company the account is administered by would have no choice but to comply or face the consequences. So whether you save them with LastPass or not is irrelevant. If they want in, they'll get in. There's nothing you can do about that.
I don't provide all of my passwords to LastPass in any case. I keep the most important ones, like anything financial, out. Most of the passwords are just for forums and what I consider to be low level accounts, so it's fairly low risk.
If accounts I have are protected by some form of MFA, then I usually don't bother storing them with LastPass.
You haven't been hacked yet, or not as far as you know, anyway.
Things to remember with LastPass: passwords are encrypted and decrypted locally, so as Lifehacker stated in their reply, if LastPass were to be compromised, the passwords would be useless without the master password which LastPass doesn't store, and you should change it immediately if you learn that LastPass has been compromised in some fashion.
If someone tried to get into your account and they know your email and master password and/or security email, you should be using MFA, like the LastPass grid or Google Authenticator, or upgrade to LastPass Premium so you can use one of the other devices LastPass will work with. You can even use the virtual keyboard when signing in to LastPass to reduce the chances of your master password being captured by a keylogger.
Last edited:
Assuming that the CIA or NSA have backdoors yes, but if they don't on the actual providers, they might well have with LastPass. You are opening up another door which is firmly shut otherwise.
You haven't been hacked yet, or not as far as you know, anyway.
Yeah there is always that possibility, but no actions have been taken and nothing of value has disappeared inexplicably.
That's what they say anyway, whether that truly is the case you will never know. At least not until they confirm a hack or you realize that you've been hacked and they were the only custodians.
MissileToe
New member
Yes, it's annoying when websites do that. I have an account on a website where I was once allowed to have as many characters as I wanted, and then they lowered it to a 12 character limit and you now have to use letters and numbers only (no special characters allowed). I know I'm right in saying that this wasn't the case before because I can view the password history for the account in LastPass.
I don't go for 100 character passwords though. I would tend to agree with Hiro who claims that's a bit overkill, but I do think however one should have passwords with more than 10.
I considered using KeePass, but there is the issue of it not being very compatible with browsers, like LastPass is, which does mean points off for convenience. But there is another reason on top of that: it's because KeePass downloads seem to be hosted on Sourceforge, and I don't touch Sourceforge nowadays after they were exposed for bundling spyware with some of their downloads. Don't know if this applies to the KeePass download, but if it does, that's pretty bad. Just think: you imagine you're protecting your accounts and yet when you install the program you could potentially be compromising your PC and by extension your accounts as well.