If you use Last Pass then you may want to change your master password, and then change all your other passwords.New Scientist wrote: Another day, another data leak - but this one has the potential to put all of your passwords in danger. LastPass, a browser plugin that allows users to store their passwords on a remote server and access them from any computer or smartphone, has warned users that their master passwords may be at risk.
The service, which has over one million users, encrypts a user's passwords on their own computer with a master password. This encrypted file is then synchronised to the LastPass servers, where they can be accessed from any other browser by entering the master password.
LastPass says it discovered a "network traffic anomaly" on Tuesday morning, and after further investigation discovered that data had been transferred out of its servers. It says the amount of data leaked is big enough to have transferred users' email addresses along with an encrypted version of their master password.
...
Data leak in LastPass
-
- Administrator
- Posts: 12629
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Data leak in LastPass
There is an article on the New Scientist web site that starts...
Last edited by StuartR on 05 May 2011, 15:48, edited 2 times in total.
Reason: to add URL as the link does seem to work when not logged in
Reason: to add URL as the link does seem to work when not logged in
StuartR
-
- GoldLounger
- Posts: 2599
- Joined: 24 Jan 2010, 15:26
- Location: Olympia, WA
Re: Data leak in LastPass
Another REAL reason for NOT using these types of Tools.
I like my method, I have a Word file that I on a thumbdrive.
I like my method, I have a Word file that I on a thumbdrive.
I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living
Genealogy....confusing the dead and annoying the living
-
- Administrator
- Posts: 12629
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Data leak in LastPass
I store mine in a a Truecypt container file on a USB drive. I would never let some online service store my passwords
StuartR
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Data leak in LastPass
Agree 100%. I have never felt good about sending my passwords out into cyberspace, despite "secure" assurances.StuartR wrote:I store mine in a a Truecypt container file on a USB drive. I would never let some online service store my passwords
I do something a lot more primitive by putting my passwords in an encrypted database file, copying to a CD-RW and printing to a "secure" sheet, and storing in my office. ( I'm the only one with access to where that paper file is ) No one else uses my machine. Works for me!
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- 2StarLounger
- Posts: 148
- Joined: 26 Dec 2010, 18:17
Re: Data leak in LastPass
It seems worse to have your password container in the cloud, but local machines get compromised and USB flash drives get lost. The goal behind effective cryptography is to make the location of the container irrelevant. The problem is, if your master password isn't "strong" then your container will be cracked sooner rather than later. For everyone else, changing passwords on a regular schedule probably is sufficient.