- May 10, 2019
- 2,289
In case you have to, store 2FA keys in a separate vault (with its own Master Password) if your PM supports multiple vaults.
Lastpass says hackers accessed customer data in new breach
- Thread starter piquiteco
- Start date
- Oct 16, 2022
- 624
I already said this in another post, you can even store it in a PM, as long as it is offline. For example keepass, keepassXC,etc.. Never that password manager can touch the network remember this.
- Aug 7, 2017
- 270
1PW does, but Bitwarden doesn't as far as I know.
2FA tokens are in separate apps and soft copies of recovery codes are encrypted and uploaded to the cloud + stored locally. I just can't trust PMs as much as I did before. The past 3 weeks have been a painful experience for this former LP user.
PS - @piquiteco ^^^^
- Oct 16, 2022
- 624
It has to be like this to make spoiler more convenient, but also if it falls into the hands of a hacker he will have a party.
I think you had an unpleasant and pretty bad experience with LP, because you literally put all your eggs in one basket, you believed it, you put your trust in a PM that you would never have problems, I know what it is like +800 PWs, revoke all of 2FA, generate new recovery backup codes, create new security questions and answers, it is labor intensive, then you need to replicate in backup, sync on other devices...just thinking about it gives me the chills2FA tokens are in separate apps and soft copies of recovery codes are encrypted and uploaded to the cloud + stored locally. I just can't trust PMs as much as I did before. The past 3 weeks have been a painful experience for this former LP user.
- Aug 7, 2017
- 270
I am still experiencing the chills and it's not entirely due to the weather.
But seriously, this is my bad. I curse LP and their management for their lapses but admit I should've been wary and cautious after reading about repeated attacks on LP over the years. One of them was bound to succeed and it did...in Aug '22. What was disclosed in Aug was just the trailer, the movie was yet to begin.
I hate to think how many accounts..like this Youtuber's, have been compromised. And he is not a noob! Obviously the hackers tried their luck with a well known personality giving weight to the theory they'll attack high value targets first. Luckily I am just small fry. Phew!
What unfolds in the next few months remains to be seen. It won't be good. Just batten down the hatches (2FA, passwords, recovery codes) as the full force of the hacker storm
approaches.
PS - This may or may not be a coincidence. I have seen a massive increase in the number of spam mails at my Gmail account.
Last edited:
- May 10, 2019
- 2,289
@piquiteco I know that having 2 vaults with completely different master passwords are a pain and very inconvenient, but I believe it is worth the hassle to avoid stuations such as LP’s.
You know it might be a good idea to contact password managers support and suggest that they automatically store 2FA in a separate vault that is encrypted individually with sth like a secret key without the need to use a new master password? I believe this will be more convenient and will also be more secure than storing 2FA in the same vault.
Anyway, I personally do not like the idea of storing both passwords and 2FA keys in the same password manager. Why? If you lose access ro your password manager, then you are doomed. Passwords are easy to reset, but what about 2FA? Imagine that youll need to contact the supoort for 200 sites and that youll need to provide proof that youre the owner. Just imagining this terrifies me.
You know it might be a good idea to contact password managers support and suggest that they automatically store 2FA in a separate vault that is encrypted individually with sth like a secret key without the need to use a new master password? I believe this will be more convenient and will also be more secure than storing 2FA in the same vault.
Lol, this way you will save the hacker much time and they will be grateful for you.
Anyway, I personally do not like the idea of storing both passwords and 2FA keys in the same password manager. Why? If you lose access ro your password manager, then you are doomed. Passwords are easy to reset, but what about 2FA? Imagine that youll need to contact the supoort for 200 sites and that youll need to provide proof that youre the owner. Just imagining this terrifies me.
- Aug 7, 2017
- 270
And the bad news doesn't end. Enterprise customers also affected. I really wonder how GoTo/Lastpass will survive if they cannot secure user/customer data.
LastPass owner GoTo says hackers stole customers’ backups
LastPass owner GoTo says hackers stole customers’ backups
- Oct 16, 2022
- 624
This is not good, what lousy news, it will resonate and propagate across the web, I believe it tarnishes their reputation, if it hasn't already. This will not sound good in the ears of the LP's Corporate Clients.
- Aug 17, 2017
- 1,609
LastPass Password Manager: increase this setting to improve security significantly
How to increase the server-side KDF iterations in LastPass - gHacks Tech News
Learn how to change the server-side KDF iterations in LastPass, and set the count to the value recommended by OWASP.
www.ghacks.net
- Apr 24, 2016
- 7,249
If You Use LastPass, You Need to Change All of Your Passwords ASAP
LastPass Got Hacked, Yet Once More - gHacks Tech News
LastPass was the target of a recent security breach, exposing a treasure trove of users’ data. Read our article to find out what happened..
www.ghacks.net
- Aug 7, 2017
- 270
Not that it means much now but this is what GRC's site indicated about my Lastpass password vulnerability to brute force attacks. This is what it was when the hackers downloaded encrypted customer vaults. I think I am safe at least for now.
- May 3, 2015
- 1,741
Just for 91.92 thousand trillion centuries... then you have to worry. Or if you are unlucky it may happen in their first tryNot that it means much now but this is what GRC's site indicated about my Lastpass password vulnerability to brute force attacks. This is what it was when the hackers downloaded encrypted customer vaults. I think I am safe at least for now.
View attachment 272963
- May 27, 2013
- 337
Mine is 14.38 trillion trillion trillion centuries lol on GRC's site 27 characters
on GRC's site 27 charactersSimilar threads
