1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News LastPass user panic over possible server breach

Discussion in 'Article Discussion' started by arcticstoat, 9 May 2011.

  1. arcticstoat

    arcticstoat New Member

    Joined:
    19 May 2004
    Posts:
    916
    Likes Received:
    13
  2. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    I use a password manager. It's called my brain and I keep all my passwords there. Of course that's not too hard when my password is "PASSWORD" for every site I use.

    For anyone who missed the sarcasm above, just for the record I was kidding :D
     
  3. SlowMotionSuicide

    SlowMotionSuicide Come Hell or High Water

    Joined:
    16 May 2009
    Posts:
    835
    Likes Received:
    20
    TBH honest all these security breaches lately has made me a bit hopeless. Only few weeks ago I received e-mail from Play.com their account security had been breached. Then the PSN episode, and now this.

    What should a honest consumer do, set up a fake ID for every online purchase since no one seem to be able to keep crackers at bay? I'm kinda tired of continuous credit card reroll.
     
  4. Kiytan

    Kiytan Shiny

    Joined:
    2 Jul 2009
    Posts:
    971
    Likes Received:
    23
    seems everywhere is getting hacked recently. At least they dealt with it in a proper way though, unlike sony.
     
  5. Dr_Frankenstein

    Dr_Frankenstein New Member

    Joined:
    5 Aug 2005
    Posts:
    8
    Likes Received:
    0
    I wouldn't store any passwords online, keep a locally encrypted version if you cant remember them all, I use 'keepass'
     
  6. Zurechial

    Zurechial Elitist

    Joined:
    21 Mar 2007
    Posts:
    2,045
    Likes Received:
    99
    This.

    I would never trust an online password storage service. Locally-stored secure Keepass databases are a much better idea I think.
     
  7. Mechh69

    Mechh69 I think we can make that fit

    Joined:
    16 Sep 2009
    Posts:
    1,298
    Likes Received:
    59
    I use a spread sheet that is secured within True Crypt. Hack that one.
     
  8. radziecki

    radziecki New Member

    Joined:
    24 Mar 2006
    Posts:
    25
    Likes Received:
    0
    Guys, two tips:
    a) Use top-up electronic-use-only cards and not your regular credit/debit card. You only fill up the account when you need to purchase something.
    b) DO NOT store any card data online, if possible. Use software like PasswordSafe to keep the crucial data handy at all times.

    Worked for me for last couple of years...
     
  9. Lowsidex2

    Lowsidex2 New Member

    Joined:
    29 Sep 2003
    Posts:
    229
    Likes Received:
    0
    Pen and paper is my password storage system. I'm infinitely less worried about someone breaking into my home and happening across my cheat sheet than I am about someone hacking a distant server or even my local machine with that file labeled 'passwords'.
     
  10. SlowMotionSuicide

    SlowMotionSuicide Come Hell or High Water

    Joined:
    16 May 2009
    Posts:
    835
    Likes Received:
    20
    Good tips, but unfortunately not always applicable.

    a)I'm not sure what you mean with "top-up electronic-use-only" card, but if I'd have to hazard a guess these mean cards like Visa Electron, right? Not too many site accept one.

    Finnish banks do not offer virtual credit cards, either.

    b)Again, not always possible. For example, Play.com requires you to register before making a purchase, and they insist on storing credit card data. After the hacking incident, I tried to remove my cc number bind to my account, to no avail. Can't unsubscribe from their mailing list, either. Serves me right I guess.

    I'm using unique passwords for each account I have, but it really pisses me off that companies require me giving away personal info and then not bother to protect it properly. I'm not really happy with criminals in possession of my physical and email address, phone number etc.
     
  11. tad2008

    tad2008 New Member

    Joined:
    6 Nov 2008
    Posts:
    332
    Likes Received:
    3
    Can't speak for our European cousins, but here in the UK I believe both Visa and Mastercard that I know of offer a kind of pre-paid debit card where you basically put credit on the card and then can use this securely for online purchases as you would a normal debit card.

    Just done a quick check for those that might benefit:

    VISA
    http://visa.co.uk/en/products/visa_prepaid.aspx

    MASTERCARD
    http://www.mastercard.com/uk/personal/en/findacard/prepaidnew/index.html
     
  12. MrWillyWonka

    MrWillyWonka Chocolate computers galore!

    Joined:
    25 Jul 2004
    Posts:
    5,892
    Likes Received:
    12
    What radziecki meant was a top-up cashcard, basically it's a top up card that you can buy in the shops and top up whilst in the shop, and useable online as it is a Visa debit card. A bit of a hassle to do but it is one of the safest ways to buy stuff online.

    EDIT: What ^^^ said!
     
  13. SlowMotionSuicide

    SlowMotionSuicide Come Hell or High Water

    Joined:
    16 May 2009
    Posts:
    835
    Likes Received:
    20
    No such thing available here, though.

    I did a check for both my Visa and Mastercard.

    Well, there propably will be option for those now that hacking service providers and e-shops have become almost everyday occurence. Even my bank felt necessary to notify me on PSN issue, though no fraud has taken place, yet.
     
  14. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,945
    Likes Received:
    17
    +1
     
  15. thehippoz

    thehippoz New Member

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    waterboarding
     
    dark_avenger likes this.
  16. PureSilver

    PureSilver E-tailer Tailor

    Joined:
    16 Dec 2008
    Posts:
    3,152
    Likes Received:
    235
    This is not really the whole story - even if someone has hacked LastPass's databanks and grabbed files, they are of no use unless they can be cracked individually. LastPass don't store any of your data unencrypted - in fact, it's not possible for them to do so, and if you lose your LastPass password you're basically f***** because they've no way of retrieving it. So, for this to be a security issue:
    1. LastPass' servers have to have been hacked. There's no evidence this has actually occurred - there's a system anomaly and LastPass are being paranoid about it because that's what we pay them to do.
    2. LastPass users' data has to have been copied. Again, no evidence this has occurred.
    3. The users' encrypted data has to be individually cracked, by brute force. My password is >15 characters long, containing upper- and lower- case letters, numbers, and symbols, in randomly generated order. That's 96 possibilities for each of the 15+ characters = 5.20402924666473e+31 combinations - a number equivalent to 52,040,292,466,647,300,000,000,000,000,000 potential passwords, or one order of magnitude over a nonillion. Cracking it by brute force using an i7 920 or similar would take quite literally tens of thousands of years.

    Me? I'm not worried in the slightest. In addition to my password, my LastPass is encrypted using their Grid Multifactor Authentication system, which adds the complexity of a unique 26x9 code grid to any computer I haven't personally approved. I haven't done the maths on that too but it is another hurdle to the theoretical hackers getting my Facebook password.

    Using LastPass means I can use different 15-character alphanumerosymbolic passwords for everything I use - so compromise of any one won't affect the others. Since even I don't know them, it's very difficult for them to be compromised. As far as I can see, you're much more likely to be in trouble by entrusting your data to people that aren't LastPass, like, er, PSN...
     
    Last edited: 9 May 2011
  17. sotu1

    sotu1 Ex-Modder

    Joined:
    24 Aug 2007
    Posts:
    2,877
    Likes Received:
    26
    PEN AND PAPER. Honestly it actually works sometimes!
     
  18. bobwya

    bobwya Custom PC Migrant

    Joined:
    3 May 2009
    Posts:
    193
    Likes Received:
    1
    My advice is to simply let E-Merchants store all your credit card details online. However then ensure that all your credit cards are maxed out (to their respective limits). E viola - no E-fraud!
     
  19. shanky887614

    shanky887614 New Member

    Joined:
    13 May 2009
    Posts:
    203
    Likes Received:
    0
    guys or there is a quick cheat, create a new account with same person as main account, make sure its debit only and dosnt allow over draws or credit, then just swap money to it before buying online, thats my way of dealing with it

    what can a hacker do with a bank account with £1 in it
     
  20. Salty Wagyu

    Salty Wagyu moo

    Joined:
    5 Jul 2010
    Posts:
    453
    Likes Received:
    17
    Keepass is way less convenient though, as I frequent a lot of sites that log you out automatically as the session expires (Amazon for example). Having to c+p all the time gets tedious, and I've been there.
     
Tags: Add Tags

Share This Page