![]() I was specifically talking about _online_ password managers in that quote. And I would very much like not to worry about maintaining accounts, updating passwords, etc. I was a LastPass user for many years, many years ago, and trusted them, but have since moved all my passwords offline. There have been some usability improvements in recent years in this area, to the point where it could reach mass adoption, but the change needs to start with developers. The way forward is to get rid of passwords altogether and make passwordless authentication the norm. Many non-technical people don't bother or care at all. They're too confusing and a chore to use for the general public, even if users are educated about their importance, and would like to secure their accounts. Password managers are an entire section of software that shouldn't exist. To think that any company could handle this responsibility is naive at best. They're major centralized honeypots given the data they handle, and leaks are probably worth millions on the black market. ![]() Sure, but password managers available over the internet are especially vulnerable. However, they still lack a few basic features, but it seems that they recently launched the product and have a roadmap with all of the features that I need coming soon.> I’m sure LastPass tried really hard to protect data. Both seem pretty decent, but pCloud Pass feels like the package for me at the moment - they own their servers, provide zero-knowledge encryption and their servers are in EU + offer a lifetime plan, which I am a fan of. I no longer want to go with the BIG players. Now I am in the chase of finding a new good solution. '' This is super disturbing for me, as I have trusted LastPass for several years, believing that they actually store my passwords in a super-high security place, which they maintain and encrypt. ''LastPass detected “unusual activity” within a third-party cloud storage solution that it uses. I came across something interesting, that it's even mentioned on their websites - LastPass uses a third-party server to store the data, so they actually ''rent'' the space from a 3rd party provider. Recently, LastPass has been experiencing quite a few data breaches, and yes they have been extremely open about it, which is nice, but I'm still getting really worried about all of my passwords, cards, etc. We thank you for your patience while we work through our investigation. Please visit the LastPass blog for the latest information related to the incident. As always, we recommend that you follow our best practices around the setup and configuration of LastPass, which can be found here.Īs is our practice, we will continue to provide updates as we learn more. In the meantime, we can confirm that LastPass products and services remain fully functional. As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity. We are working diligently to understand the scope of the incident and identify what specific information has been accessed. Our customers’ passwords remain safely encrypted due to LastPass's Zero Knowledge architecture. We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. In keeping with our commitment to transparency, we wanted to inform you of a security incident that our team is currently investigating. ![]() Received an email (fortunately I used Bitwarden for 99%, I just had my main Bitwarden email address in LastPass): ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |