114

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious…

you are viewing a single comment's thread
view the rest of the comments
[-] Zeron@lemmy.world 14 points 1 year ago

And this is why you don't want cloud based password storage systems. If you want to use a password manager, use something entirely local like KeePassXC. The database it creates is so small you could fit it on a floppy so it's immensely portable.

[-] SkyeStarfall 26 points 1 year ago

Cloud based systems can be perfectly sound. You can read how other managers do it, which are also audited by security experts. It's just LastPass being bad.

And sure, local can be more secure, but you're then at higher risk of losing access to it, should the worst happen.

[-] GigglyBobble@kbin.social 1 points 1 year ago

They are a real treasure trove though. Those crypto token thefts show there's much money in that. I wouldn't bet my most sensitive data they covered every single attack vector - external or internal. You managing your password locally may be much less secure but it's also much less likely you're directly targeted.

[-] MaxHardwood@lemmy.ca 2 points 1 year ago

The accounts they're breaking the encryption on were never configured properly. These are old accounts from when LastPass had weak defaults and neither the user or LastPass updated those settings on old accounts. Those settings have always existed though and could have been improved by the user.

[-] ExcessiveAardvark@lemmy.world 15 points 1 year ago

The problem is more that LastPass' system is bad. 1password (and probably others) mitigate a possible hack by having the keyring encrypted by something in addition to the password.

this post was submitted on 06 Sep 2023
114 points (100.0% liked)

Technology

59299 readers
3847 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS