- May 10, 2019
- 2,289
I am well-aware of thoses apps, but I know nothing about their security.For Keepass, take a look at Keepassium and Strongbox available on iOS, not sure about Android.
I am well-aware of thoses apps, but I know nothing about their security.For Keepass, take a look at Keepassium and Strongbox available on iOS, not sure about Android.
Breaching the servers and getting access to you vault file doesn't do much actually. It's still necessary to know your vault's password to decrypt the file so, unless you use an extremely weak password, it would take thousands of years to decrypt with current technology.Hello guys,
I have a doubt: I didn't know about Lastpass, I only used Bitwarden (I'm sick of it) and offline password managers like KeePass. I created a random account just to check how Lastpass works and I liked it. Is anyone still using it? Is there any risk? If so, is there a product similar to LastPass?
I was reading on the LastPass blog and from what I understand, even if the data has been leaked, hackers will not be able to access the vault since there is no way to know the master password of each vault because LastPass is zero knowledge, but I could be wrong because I never used the service. What opinion can you give me about this?
Thank you all!
But what if a password manager had a backdoor and the malicious actors got access to that? What about wrong implementation of encryption? What if the password manager lied about storing the master pssword or it derivative.Breaching the servers and getting access to you vault file doesn't do much actually. It's still necessary to know your vault's password to decrypt the file so, unless you use an extremely weak password, it would take thousands of years to decrypt with current technology.
Actually, depending on your key strength, the heat death of the universe will happen first...
Zero Trust data-level security and key management
When considering symmetric encryption algorithms such as AES-128 or AES-256, does it really matter which of the two options you choose?www.ubiqsecurity.com
Then your passwords are not safe with that software, no matter where it's stored.But what if a password manager had a backdoor and the malicious actors got access to that? What about wrong implementation of encryption? What if the password manager lied about storing the master pssword or it derivative.
If the data is stored locally, then it does not matter if the master password or its derivate is stored elsewhere.Then your passwords are not safe with that software, no matter where it's stored.
@mlnevese Testing 1password seems good, I liked it and it's convenient and very friendly, it left my heart even divided with other PMs
They have been adding a lot of features lately. For instance if you use your Google account to login somewhere and have multiple Google accounts it's I'll not only record that you used a Google account but which one should be used. It also works with Facebook and other 3rd party login methods.@mlnevese Testing 1password seems good, I liked it and it's convenient and very friendly, it left my heart even divided with other PMs
Take a look at this, Steve Gibson cites a method to download and deobfuscate an old LastPass vault. It allows you to prepare an Excel spreadsheet of the contents.
https://www.grc.com/sn/sn-905-notes.pdf
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms.
"Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said.
True. It's possible they tried hacking Symantec's systems but were unsuccessful. At least Symantec took security more seriously than Lastpass did.Norton’s situation was credential stuffing. That’s not a security failure on their part. That’s not even hacking.
It don't support non-code signed browsers like Ungoogled Chromium and LibreWolfTrying Enpass now, I really like it, very slick and easy to use. In my brief time using it I like it better then Bitwarden.