That is a very good ideaI changed mine anyway Thanks for the information.
I am thinking to use offline password managers?
That is a very good ideaI changed mine anyway Thanks for the information.
I am thinking to use offline password managers?
I agree 100% no need to panic!! I did however change my email & password as it just makes me feel more secure in light of the news.I have been using Lastpass for years, and not once have i had a breach. I place much trust in their encryption methods.
Some good defence options without 2FA.
Under Security, IP-based Country Restrictions
View attachment 61404 View attachment 61405
Under Security, disable the use on Tor Networks
View attachment 61406
Under Privacy, keep track of login patterns.
View attachment 61407
What is "Unknown" in the country list?Some good defence options without 2FA.
Under Security, IP-based Country Restrictions
View attachment 61404 View attachment 61405
Under Security, disable the use on Tor Networks
View attachment 61406
Under Privacy, keep track of login patterns.
View attachment 61407
Having the same trouble changing master password.I just enabled Two-Factor Authentication, I hope that is enough for now. (LastPass servers are getting overloaded right now, so I can't change Master Password.)
Basically the hackers got no information at all.
I had to try a few times before it allowed me to, keep trying i think they are a bit busy .Having the same trouble changing master password.
Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.I had to try a few times before it allowed me to, keep trying i think they are a bit busy .
They must be getting busier i got in fairly early after it happened.Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.
Please be patient while we try to respond to your questions and issues as quickly as possible.
Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.
They sent this to all lastpass users I think! No reason to panic!YIKES!
Dear LastPass User,
We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.
We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.
We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.
Regards,
The LastPass Team
Do they send email to free users too?They sent this to all lastpass users I think! No reason to panic!
Yep.Do they send email to free users too?
Just about anything stored in the "Cloud" can be hacked by governments, IT professors, former (and present) KGB/CIA/FBI types. Only plus is use across multiple platforms. Only reason I'm staying with LastPass is because it's a real pain to switch. If this happens again I think LastPass is out of business.March 2015 is when I made the move to KeePass from LastPass Premium after I felt that such a service would always be a target and it's only a matter of time, either it be black hat patience, fundamental weaknesses or a dirty insider job.
Regardless, I don't like the risk factor and in spite of all spouted protection they tell us that your passwords are secure, In the end you just have to take their word for it don't you? And hope the worst doesn't happen.
Pessimism has never served me wrong.
http://keepass.info | http://keepass.info/help/base/security.html
https://chrome.google.com/webstore/detail/ompiailgknfdndiefoaoiligalphfdae
(Extension allowing Google Chrome to form-fill passwords stored in KeePass.)
http://keefox.org/
(Extension allowing Firefox based browsers to form-fill passwords stored in KeePass.)
All plugins for KeePass: http://keepass.info/plugins.html
If you're going to continue using LastPass, think of enabling Two-factor verification - A little extra hassle for that proper peace of mind.
https://helpdesk.lastpass.com/multifactor-authentication-options/
Having your email address, but no email password = they can not access it. Unless they were to have all of your personal info, and verification email addresses, i would not trip to hard. I did not change mine, as i'm not going to every time there's a chance someone could obtain it, especially when a user gives their email address to sites all day long on their system. The hackers only obtained just enough information, to fill some space, but nothing useful.Someone pointed out on a website that since e-mail addresses were exposed, that now the hacker(s) most likely know your address is valid and that people should change the e-mail associated with their LastPass account. Is this true, and what would happen if you decided you didn't want to change the e-mail you signed up with?