Last Pass exploit allows hackers to steal passwords and execute code

[kasugatei]

2 hours ago, Sakkura said:

That password is too short. Probably already in the rainbow tables. A decent password would look more like this:

 

G)N"5v0>oB=$zi}.doCZ=9O"0`kv

Why are you complicating your life with those passwords. It is difficult to memorize. As someone with IT security background I can not agree more with this one:

 

 

I have those difficult passwords generated for me by KeePass and the master password is a really long passphrase. 

[Doobeedoo]

I used these though I just started to remember later on

[Lurick]

1 hour ago, Niksa said:

-Snip-

Except those are all dictionary words, and it's been shown many times that what's shown in the comic isn't any closer to being correct either. Machines can easily get those passwords decrypted.

[kasugatei]

26 minutes ago, Lurick said:

Except those are all dictionary words, and it's been shown many times that what's shown in the comic isn't any closer to being correct either. Machines can easily get those passwords decrypted.

 

Well, comic is just showing it simpler than it should be. Passphrases are still much better solution for humans when used correctly but that discussion is for some other topic since we are already in the offtopic.

 

[Taf the Ghost]

KeePass works good.

 

You can also use LastPass in Offline Mode for the time being.  It's actually a Browser Plugin Attack.

[Taf the Ghost]

As for password entropy, you just need to make sure you have part of the entire character set in your password.  A 24+ letter phrase with a few l33t speak choices and an odd character or two will keep you covered.

[Urishima]

12 hours ago, hey_yo_ said:

Not to mention it's only $12 every year. So I'll disable the Chrome extension at the moment and stick to the app, which is ugly by the way on Windows. 

Keepass is free.

 

12 hours ago, DeadEyePsycho said:

That's all well and good but what happens when you have multiple machines in different locations that you use and need access to those passwords?

Unless you are talking about a professional work-environment, I don't see how this use-case would come up. And even there you can make the keepass file available via a share that only those who need it can access.

 

No I don't need access to online-banking everywhere I go. Whatever it is, it can wait until I get home.

 

Just don't rely on browser plugins, people. You're not going to break any fingers by making 1 or 2 clicks more to copy your password from whatever password manager you are using into your browser.

[2FA]

Just now, Urishima said:

Unless you are talking about a professional work-environment, I don't see how this use-case would come up. And even there you can make the keepass file available via a share that only those who need it can access.

I guess I'll use my own case. I have two desktops, one with me at college and one back home, along with a laptop. The distance here is quite literally 100 miles between the campus and my home. A network share wouldn't work, I could use something like Dropbox but what if that has data breach? 

 

Besides this a plugin exploit, if you were using a Keepass plugin, it would have the same issue for example.

[Urishima]

1 minute ago, DeadEyePsycho said:

I guess I'll use my own case. I have two desktops, one with me at college and one back home, along with a laptop. The distance here is quite literally 100 miles between the campus and my home. A network share wouldn't work, I could use something like Dropbox but what if that has data breach? 

 

Besides this a plugin exploit, if you were using a Keepass plugin, it would have the same issue for example.

Encrypted USB stick to transport the file.

 

I don't use plugins for exactly that reason.

[2FA]

1 minute ago, Urishima said:

Encrypted USB stick to transport the file.

 

I don't use plugins for exactly that reason.

That's one more thing to keep track of and I might lose which creates an issue of needing to back it up very frequently. I don't store passwords for sensitive sites anyways, all of those I have memorized, so I would be going out of my way to secure things I don't really need to worry about comparatively.

[Sakkura]

5 hours ago, Niksa said:

Why are you complicating your life with those passwords. It is difficult to memorize. As someone with IT security background I can not agree more with this one:

 

I have those difficult passwords generated for me by KeePass and the master password is a really long passphrase. 

I'm not memorizing that lol. I generated it with Keepass.

[kiska3]

3 minutes ago, Sakkura said:

I'm not memorizing that lol. I generated it with Keepass.

However I am. After seeing and using a passwork like this: Gn#9m75ITY#@ I can pretty much remember it, and continue to remember.

Hint: That is my uni password 2 resets ago  Therefore I am not using it, so its safe to share