100
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
(krebsonsecurity.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Sep 2023
100 points (99.0% liked)
Technology
58137 readers
7483 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
it's a bad idea to have all your passwords centralized but for me it's still an upgrade in security compared to remembering a few different passwords. I understand security is very important but I want to be able to appreciate convenience and not have to write all my random passwords on a book that I would have to bring with me all the time and look at every time I want to type a password. there's no such thing as bulletproof security. I'm quite happy to have reduced my attack vectors to nearly one single point so I can focus on defending that one single point.
Password vaults are great! Giving them to a central authority is... a little risky though. LP has a pretty decent history other than this, so I don't fault anyone for using them. But after that breach, it's probably good to consider those creds burned and recycle them.
A good self-hosted alternative might be something like Keepass on Syncthing. Though a downside of that is that you might be even less likely to know of a vault exfil than a service like LP.
Either way you go, it's good to recognize the limiations and act accordingly.