General discussion

Last Pass ..hacked again

Discussion is locked
Follow
Reply to: Last Pass ..hacked again
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Last Pass ..hacked again
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
get it right - last pass WAS NOT hacked

LastPass was NOT hacked. It has a flaw which would allow for remote code execution or password theft. Big Difference.

- Collapse -
Pass Word managers

I keep a generic-named spreadsheet of my passwords on a flash drive. I've considered using a Pass Word manager to simplify life, but my concern has been
What if someone steals either my laptop- or my desktop- Can they then not have "automatic" access to my password-protected websites? Couldn't that be a problem with, say, banking, brokerage or other financial websites? Or any website for that matter. That is also why I always decline my built-in password manager's (FireFox) offer to keep my passwords. Am I somehow "off-base" in worrying about this?
THEN you post about Last Pass (one of the PW Managers I have seen recommended) being vulnerable...

- Collapse -
there is an easier way

Put the spreadsheet file into an encrypted zip file. I know in Linux I have the option of making any zip file be encrypted, requiring a password to open. I don't know what windows system you use, but you can test if it will create an encrypted zip file by creating any text file, then right clk and choose to add to a zip file and see if windows also gives you the option to encrypt it. If not, then use a zip file program which will allow that. It's the easiest and quickest way I know to secure files.

- Collapse -
encrypted zip files in windows
- Collapse -
there is always a risk when saving passwords

there will always be a risk no matter how you save your passwords. just about every major password manager has been hacked or had some flaw at one time or another. I personally use lastpass for years, I believe since almost as long as they have been in existence. I am not too concerned about the current flaw, though I am keeping watch.

as far as someone have automatic access to your sites if they steal your laptop. it depends on your settings. just dont have the password manager automatically start when you open your browser. In addition you can have two factor authentication just to log into the password manager. That is what I do. so if your laptop is stolen, there is absolutely nothing to worry about.

CNET Forums