Question LastPass Users - Post Your Security Challenge Score

Please provide comments and solutions that are helpful to the author of this topic.

What Password Manager Do You Use?

  • LastPass

    Votes: 63 52.1%
  • Dashline

    Votes: 3 2.5%
  • Roboform Everywhere

    Votes: 2 1.7%
  • Keeper Pasword

    Votes: 0 0.0%
  • KeePass

    Votes: 12 9.9%
  • Sticky Password

    Votes: 9 7.4%
  • Norton Identity Safe

    Votes: 2 1.7%
  • Password Box

    Votes: 1 0.8%
  • Other. [Please mention it]

    Votes: 10 8.3%
  • I don't use a Password Manager [Tell us why]

    Votes: 19 15.7%

  • Total voters
    121

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Yes, that's the master password - I change that every 7 days, you can never be too sure this day. Terrible times, which will only get worse, with great inventions it enables, and opens up so many more avenues and doors, which criminals will benefit and use.
 

Tyrizian

Level 1
Verified
Sep 9, 2015
43
LPScore.png
 
Last edited:

Electr0n

Level 4
Verified
Well-known
Feb 19, 2018
182
Where does it say you can improve most: Weak or old passwords, re-used passwords?
old passwords. I set a unique 10-15 digit alpha numeric password for every site I use and don't bother to change them afterwards unless a news of breach appears. Call me lazy, but 2FA is also there.:p
 
  • Like
Reactions: Vasudev and frogboy

Post-it

Level 1
Sep 11, 2015
8
I try to renew regularly the accounts for all sites with sensitive information (banking, merchants, taxes etc.)
We know that when breaches are made public it's most of the time 9-12 mth after the events.
I too use 2FA whenever possible and try to use 22 digits all characters.
It's actually time for me to think of a new master password....Any idea? :cool:
 

Electr0n

Level 4
Verified
Well-known
Feb 19, 2018
182
I try to renew regularly the accounts for all sites with sensitive information (banking, merchants, taxes etc.)
We know that when breaches are made public it's most of the time 9-12 mth after the events.
I too use 2FA whenever possible and try to use 22 digits all characters.
It's actually time for me to think of a new master password....Any idea? :cool:

You can call it my personal bias, but I deem bank and tax passwords too sensitive to save them anywhere. I just don't feel comfortable to save them on computer. And I do change them every 3 months.

Regarding master password, I think of a random sentence and replace some of the alphabets with alpha numerics and add some special characters. Like- Tommy is a bad boy and it becomes Tommy_1s_@_BaD_boY[67¥].
 
  • Like
Reactions: Vasudev and frogboy

Electr0n

Level 4
Verified
Well-known
Feb 19, 2018
182
We know that when breaches are made public it's most of the time 9-12 mth after the events.

Actually if you think about it, this scenario is insane. Let's assume you change your password every month, and the breach happened just after the day you changed it. Now just as you said that breach might go unnoticed for a long time(as it was in case of Dropbox and Yahoo). Now your exposed credentials are out there which are completely functional for next 28 days.
There is a term in business administration known as 'systematic risk' means the kind of risk which one can't avoid no matter what, such risks are inherent to the system. Same goes for the breaches. The only thing we can do is set a password, setup 2FA and pray to God that nothing happens.
 

Post-it

Level 1
Sep 11, 2015
8
Actually if you think about it, this scenario is insane. Let's assume you change your password every month, and the breach happened just after the day you changed it. Now just as you said that breach might go unnoticed for a long time(as it was in case of Dropbox and Yahoo). Now your exposed credentials are out there which are completely functional for next 28 days.
There is a term in business administration known as 'systematic risk' means the kind of risk which one can't avoid no matter what, such risks are inherent to the system. Same goes for the breaches. The only thing we can do is set a password, setup 2FA and pray to God that nothing happens.

I totally agree the risk zero doesn't exist. I don't change my passwords that often but do change them every 6-12 mth depending on the type of account. When databases get hacked, the information is not used right away, some passwords take time to crack and also the data is often sold to others.
Some other passwords like, forum logins, may even be much older in my vault.
I think the most important thing is to have unique and complex passwords
 

Itachi Sempai

Level 2
Verified
Sep 20, 2017
93
i would separate sites into 3 category

1) unimportant sites like Sign up | Tumblr where i registered to download a picture or something i dont remember... if someone hacks that account there is nothing to gain from it... here is my password for it 2VJ5YgnQmCseAry0 and i am never going to change it


2) important sites like this forum... i wouldnot like it to be hacked so if there is a breach i would change a password but this kind of sites are not so important that i enable 2FA i am too lazy for that :D


3) very important sites like cloud account where i have personal files or banking account or email where i register all the other accounts... there i have strong passwords with 2FA enabled



p.s.
2377777a-d652-4b6c-acc5-c74cf418b0c1.png

i have saved a lot of passwords from other people thats why my score is so low
 
D

Deleted member 65228

I don't use a password manager because I hardly have any passwords to manage, don't use many services.

It's just another potential attack vector I don't need. If your browser/extension can decrypt it, so can an attacker. If it's stored on an online server, even worse.
 
Last edited by a moderator:
F

ForgottenSeer 58943

I don't use a password manager because I hardly have any passwords to manage, don't use many services.

It's just another potential attack vector I don't need. If your browser/extension can decrypt it, so can an attacker. If it's stored on an online server, even worse.

I think in the modern age, a password manager is almost a requirement. Even someone that rarely uses services probably has dozens of passwords to manage.. Forums, Banking, Credit Cards, Financials, Shopping/Commerce, etc..

With that in mind, I prefer Bit Warden, but also secure it with TFA and PW Decoration methods. MP is changed bi-monthly, individual passwords are changed quarterly, decoration is changed quarterly along with the passwords and never recorded anywhere but in my brain. The decoration method ensures even if I gave you my unlocked database and TFA, you still couldn't compromise my sites. It's an absolute 100% assiduity of security based on the principle of trusting nobody. Unless a keylogger is implanted on my system then you aren't going to accomplish a single thing.
 
D

Deleted member 65228

I think in the modern age, a password manager is almost a requirement. Even someone that rarely uses services probably has dozens of passwords to manage.. Forums, Banking, Credit Cards, Financials, Shopping/Commerce, etc..
I agree with you though, a password manager is definitely helpful and will suit for most. But since I don't need one I don't use one, the less the better for me
 
Last edited by a moderator:

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
My score is pretty poor, it's only at 73% but my failing is that i have used a duplicate password for sites that hold no information about me nor they mean anything to me so i'm not too worried about them. My master password however is 100%.
I realise how quickly i have become used to a password manager and barely remember a single password for anything nowadays but i suppose it's better than having the same 2 passwords for about 50 sites which is what i used to do :oops:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top