LastPass Breached - Change Your Master Password Now

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.

R083R7

New Member
Jun 5, 2015
4
Well that is what I always thought, I do believe you are always take a chance when you are on the internet anyway. I have a secondary e-mail as the security e-mail for it.
 
  • Like
Reactions: illumination

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Having your email address, but no email password = they can not access it. Unless they were to have all of your personal info, and verification email addresses, i would not trip to hard. I did not change mine, as i'm not going to every time there's a chance someone could obtain it, especially when a user gives their email address to sites all day long on their system. The hackers only obtained just enough information, to fill some space, but nothing useful.

I see people post, that offline "meaning on their system" password managers are better.. This is of course if you believe your system is completely spotless, as there is always that chance as well. When you fill out an online form, those webpages are not always encrypted "secured" chances are someone can intercept that, just signing into MalwareTips, not being encrypted, someone could intercept your email address.. Should i go on?
For those that think, any way they turn is a trap,too much Paranoia is not a healthy thing.
Agree with this statement completely.
 

tallorder

Level 6
Verified
Jan 15, 2015
267
We removed Last PASS when I was on my XP computer, and have probably changed all passwords since then, but will change more...
 
  • Like
Reactions: frogboy

soccer97

Level 11
Verified
May 22, 2014
517
I used them years ago. I had forgotten my master password, so I just deleted my account permanently, which purged the information from their servers. Hopefully this is sufficient protection. I think I better begin changing some passwords regardless though. I am reconsidering whether I am comfortable using LastPass (even though every safeguard can be put in place and there is risk inherent in any software).
 
3

37507

Thread author
Does anyone here use Dashlane? I know it's pricey, but Lastpass is getting boring.
 

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
Does anyone here use Dashlane? I know it's pricey, but Lastpass is getting boring.

I have used it before but it was unreliable when compared to LastPass. LastPass is the only password manager I trust so I couldn't give you any recommendations. Some people use KeePass which doesn't have any official addons for browsers, etc. It stores the archive of your passwords in an encrypted file (AES-256) I believe. I'd use that myself if I ever stopped using LastPass.

I'd make sure your computer was clean before using it since all that data is stored on your computer and if they got your master password, your probably screwed. LastPass has 2 step authentication functionality so if your master password is taken, they still can't access it as only your phone, tablet, etc (whatever can use Google Authenticator, etc) can get the code they need for access.

While they could get your password and access your email to turn it off, that isn't a problem if your email also uses 2 step authentication (such as Outlook or Gmail). Hope all this helps.
 
3

37507

Thread author
I have used it before but it was unreliable when compared to LastPass. LastPass is the only password manager I trust so I couldn't give you any recommendations. Some people use KeePass which doesn't have any official addons for browsers, etc. It stores the archive of your passwords in an encrypted file (AES-256) I believe. I'd use that myself if I ever stopped using LastPass.

I'd make sure your computer was clean before using it since all that data is stored on your computer and if they got your master password, your probably screwed. LastPass has 2 step authentication functionality so if your master password is taken, they still can't access it as only your phone, tablet, etc (whatever can use Google Authenticator, etc) can get the code they need for access.

While they could get your password and access your email to turn it off, that isn't a problem if your email also uses 2 step authentication (such as Outlook or Gmail). Hope all this helps.
Thanks for the input. I tried the free version out and the UI looks A+. However, it didn't work as well on my Android.
 
  • Like
Reactions: OokamiCreed

soccer97

Level 11
Verified
May 22, 2014
517
Sticky Password (the Premium version) is really good. Its about $30 for a lifetime subscription currently. Their strengths are on desktop PC's. The mobile application requires opening the app, then launching the login from there.
 

Korora

Level 2
Verified
Jul 22, 2015
58
Honestly, I know the information is encrypted but considering they store all the information on their servers bug me. This is why I just use KeePassX so I can store the databases locally on my USBs.
 

soccer97

Level 11
Verified
May 22, 2014
517
I have found incredible performance w/ StickyPassword. It was first licensed/the API was used in Kaspersky PURE. They had modified it though, so whenever browser updates happened, it would not work for weeks at a time. I purchased a lifetime license to Sticky Password (around $30). I am totally satisfied, and have zero regrets. It outperforms several of the other ones I have tried on Windows.

I have no affiliation with either company. I am just offering advice if users are considering switching from LastPass.
 

Shadowave

Level 10
Verified
Aug 10, 2012
474
I have multi factor authentication enabled ( sesame ), country restricted and 30 characters for master password, I hope this is enought. I didn't change my master passw. What do you think, should I change my password or not?
 

Shadowave

Level 10
Verified
Aug 10, 2012
474
Honestly, I know the information is encrypted but considering they store all the information on their servers bug me. This is why I just use KeePassX so I can store the databases locally on my USBs.

In my view, your data is more vulnerable storing the database on your PC or other USB devices. That's just my opinion.
 
  • Like
Reactions: Rolo

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@terene : Its up to you, just be sure your master password is easy to remember even complicated and as possible don't put in your master password the same you use on others.
 
  • Like
Reactions: Kent and frogboy

Shadowave

Level 10
Verified
Aug 10, 2012
474
@terene : Its up to you, just be sure your master password is easy to remember even complicated and as possible don't put in your master password the same you use on others.
My pasw is complicated I use ABC.abc.123.!"$%... and I will never forgot, because I use those words everyday. ;)
 

Rolo

Level 18
Verified
Jun 14, 2015
857
I have multi factor authentication enabled ( sesame ), country restricted and 30 characters for master password, I hope this is enought. I didn't change my master passw. What do you think, should I change my password or not?
Why would you not change it? If you have to ask, you have to change it!

@terene : Its up to you, just be sure your master password is easy to remember even complicated and as possible don't put in your master password the same you use on others.
You should never use any password more than once; every login should have its own unique password. This is what password managers are for.

Honestly, I know the information is encrypted but considering they store all the information on their servers bug me.
The information stored is encrypted in transit and at rest, so it would be useless. Do you think your USB key and PC are more secure than a hardened datacentre?
 

Shadowave

Level 10
Verified
Aug 10, 2012
474
I do not use the same passw for other acounts. The passw master for LastPass is unique and for other acounts I use passw generator with 99 letters, specials.... and for important acount I use multi factor authentication even if I use LastPass.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top