YAY LastPass Breach

S

SL83

Veteran XV
https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

LastPass Security Notice
By Joe SiegristJune 15, 2015Security News364 Comments
46
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.
An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.
Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.
Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.
We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.
Joe Siegrist
& the LastPass Team
Click to expand...
 
I have a 13 character password that is impossible to guess or force, which I use for all important services. Then I have a 7 character password for everything I don't give two fucks about. Why would anyone use this datamining "service"?
 
Lol @ impossible password


And huge lol at 13 fuckin characters my main passes are 25+ for reals.
 
I looked up the mathematical ranges for how reliable x characters are. 13 characters the way I've laid it out is for all intents and purposes totally impossible to force with modern hardware.
 
absent said:
I looked up the mathematical ranges for how reliable x characters are. 13 characters the way I've laid it out is for all intents and purposes totally impossible to force with modern hardware.
Click to expand...

yeah but "ihatesthejews" is pretty guessable by anyone who knows you.. brute force not needed.
 
absent said:
I wrote that my password is not guessable and you can't brute force it. You link me an article about people decrypting password hashes secured using substandard (antiquated) methods. I believe the term for this situation is called "functional illiteracy".
Click to expand...
That's the real fuckin reason for a complex password bro nobody is gonna brute your tw account you loser. The point is to protect yourself from having your password cracked when a site gets hacked.....

Fuckin jew. Fuck you're stupid.
 
amRam said:
That's the real fuckin reason for a complex password bro nobody is gonna brute your tw account you loser. The point is to protect yourself from having your password cracked when a site gets hacked.....

Fuckin jew. Fuck you're stupid.
Click to expand...

If someone cracks encryption from 15 years ago, then no password is in fact safe, even if it has 700 characters. You're not very good at this. The #1 source of account breaches is script kiddies using a dictionary or other measure to brute force a password. Mine can't be plucked from a dictionary and it's not possible to guess it.
 
You guys are on crack. lastpass is awesome! The chrome plug-in generates long and complex password for every site you visit. All you have to do is protect your lastpass master password and $12/year premium account lets you turn on multi-factor authentication.
 
They don't 'crack encryption' they crack hashes one by one after a hacker steals a user database. Those dudes in the article converted 90% of the hashes into plain text within hours; a list of 15,000 passwords. And MANY of them were random gibberish passwords without common words at all.

Unless you know every site where you have an account is using very strong encryption then you can't know that they wouldn't be able to crack your password. The best protection is a considerably longer (and obscure) string.
 
Lastpass is awesome. I have a unique compex password for every website (typically the most complex the website will allow). Lastpass is a trust no one platform so them getting hacked shouldn't be a problem unless you have an easy master password that can be rainbow tabled through hashs... and if you' aren't already using 2 factor you're just lazy. oh and it's all for the price of free!
 
amRam said:
They don't 'crack encryption' they crack hashes one by one after a hacker steals a user database. Those dudes in the article converted 90% of the hashes into plain text within hours; a list of 15,000 passwords. And MANY of them were random gibberish passwords without common words at all.

Unless you know every site where you have an account is using very strong encryption then you can't know that they wouldn't be able to crack your password. The best protection is a considerably longer (and obscure) string.
Click to expand...

You're really reaching. This is the problem with Americans (you're Canadian, but it's the same thing). You just can't ever admit that you were wrong about something. Anyway, please continue.
 
You must log in or register to reply here.
Back
Top