LastPass Possibly Hacked - DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate

**lollypopz** · 05-05-2011, 09:50 PM

Just a warning for anyone that uses the service.

http://thenextweb.com/apps/2011/05/0...ter-passwords/

**Amomiamup** · 05-05-2011, 10:08 PM

That sucks.. changed

**slimfifa** · 05-06-2011, 12:00 AM

Use http://keepass.info/ instead

**engacenus** · 05-06-2011, 12:04 AM

Use http://keepass.info/ instead

That's not online is it?

**Rchzygnc** · 05-06-2011, 12:25 AM

That's not online is it?

Too much effort to click?

**engacenus** · 05-06-2011, 12:29 AM

Too much effort to click?

I clicked but on the page couldn't see any log-in area.

**Rchzygnc** · 05-06-2011, 12:59 AM

I clicked but on the page couldn't see any log-in area.

I clicked on the page but I have no idea what I'm looking at.

**citalopram** · 05-06-2011, 01:42 AM

So much for the advice to use one of these services to keep all your passwords remembered. One hack and some ne'er-do-well has all your passwords. Great.

**lollypopz** · 05-06-2011, 01:50 AM

So much for the advice to use one of these services to keep all your passwords remembered. One hack and some ne'er-do-well has all your passwords. Great.

Not necessarily

**Greapyjeory** · 05-06-2011, 01:56 AM

Not necessarily

Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah.

But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful!

**sapedotru** · 05-06-2011, 02:06 AM

Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah.

But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful!

The problem with the two-factor encryption is that makes it only as secure as your e-mail as there's always the possibility to disable the second authentication. However, as you say everything is encrypted.

**Greapyjeory** · 05-06-2011, 02:11 AM

The problem with the two-factor encryption is that makes it only as secure as your e-mail as there's always the possibility to disable the second authentication. However, as you say everything is encrypted.

Correct, but then it'd require having your email already hacked... Even Google Apps has two-factor authentication now.

**lollypopz** · 05-06-2011, 02:37 AM

Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah.

But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful!

Exactly, ergo they are just erring on the side of caution.

**Qeiafib** · 06-05-2011, 11:05 AM

I hear one of these works pretty good.

**UltraSearchs** · 06-05-2011, 03:19 PM

I hear one of these works pretty good.

Yeah, but I hear the encryption on those kinda suck......

**sapedotru** · 06-05-2011, 04:14 PM

Yeah, but I hear the encryption on those kinda suck......

Haha, not to mention passing via multiple devices hooked up via internet.

05-05-2011, 09:50 PM	#1
lollypopz Join Date Oct 2005 Posts 410 Senior Member	LastPass Possibly Hacked Just a warning for anyone that uses the service. http://thenextweb.com/apps/2011/05/0...ter-passwords/ Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-05-2011, 10:08 PM	#2
Amomiamup Join Date Nov 2005 Posts 414 Senior Member	That sucks.. changed Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 12:00 AM	#3
slimfifa Join Date Oct 2005 Posts 476 Senior Member	Use http://keepass.info/ instead Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 12:04 AM	#4
engacenus Join Date Oct 2005 Posts 494 Senior Member	Use http://keepass.info/ instead That's not online is it? Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 12:25 AM	#5
Rchzygnc Join Date Oct 2005 Posts 366 Senior Member	That's not online is it? Too much effort to click? Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 12:29 AM	#6
engacenus Join Date Oct 2005 Posts 494 Senior Member	Too much effort to click? I clicked but on the page couldn't see any log-in area. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 12:59 AM	#7
Rchzygnc Join Date Oct 2005 Posts 366 Senior Member	I clicked but on the page couldn't see any log-in area. I clicked on the page but I have no idea what I'm looking at. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 01:42 AM	#8
citalopram Join Date Oct 2005 Posts 553 Senior Member	So much for the advice to use one of these services to keep all your passwords remembered. One hack and some ne'er-do-well has all your passwords. Great. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 01:50 AM	#9
lollypopz Join Date Oct 2005 Posts 410 Senior Member	So much for the advice to use one of these services to keep all your passwords remembered. One hack and some ne'er-do-well has all your passwords. Great. Not necessarily Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 01:56 AM	#10
Greapyjeory Join Date Nov 2005 Posts 405 Senior Member	Not necessarily Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah. But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful! Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 02:06 AM	#11
sapedotru Join Date Oct 2005 Posts 367 Senior Member	Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah. But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful! The problem with the two-factor encryption is that makes it only as secure as your e-mail as there's always the possibility to disable the second authentication. However, as you say everything is encrypted. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 02:11 AM	#12
Greapyjeory Join Date Nov 2005 Posts 405 Senior Member	The problem with the two-factor encryption is that makes it only as secure as your e-mail as there's always the possibility to disable the second authentication. However, as you say everything is encrypted. Correct, but then it'd require having your email already hacked... Even Google Apps has two-factor authentication now. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

05-06-2011, 02:37 AM	#13
lollypopz Join Date Oct 2005 Posts 410 Senior Member	Definitely a "Not necessarily." If the passwords were stored on the service's servers in an un-encrypted manner, yeah. But in the case of LastPass, everything's encrypted -- Even moreso if you use one of their methods of two-factor identification. Even if they got your master password, they'd also need the second factor for that to even be useful! Exactly, ergo they are just erring on the side of caution. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

06-05-2011, 11:05 AM	#14
Qeiafib Join Date Oct 2005 Posts 526 Senior Member	I hear one of these works pretty good. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

06-05-2011, 03:19 PM	#15
UltraSearchs Join Date Oct 2005 Posts 375 Senior Member	I hear one of these works pretty good. Yeah, but I hear the encryption on those kinda suck...... Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

06-05-2011, 04:14 PM	#16
sapedotru Join Date Oct 2005 Posts 367 Senior Member	Yeah, but I hear the encryption on those kinda suck...... Haha, not to mention passing via multiple devices hooked up via internet. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote