Have you stopped relying on LastPass since the August 2022 and December 2022 breaches?
It didn't work for the DevOps engineer, MFA is Multi-Factor Authentication (2 or more factors).
Comment has been collapsed.
I store my passwords locally in a KeePassXC database stored in my own drives.
I don't trust cloud password managers because they're a big target for hackers and the leaks are just a matter of time.
Comment has been collapsed.
Well... We're crossing topics. I'm replying to the poll, not to the article.
Sorry for the confusion.
Comment has been collapsed.
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,”
I like how they try so very hard to say "look, it's not our fault" when really it is because I don't care how many is "a handful of company developers", how the hell does a guy working in what is essentially a security company get a keylogger on his computer and has no idea?
Comment has been collapsed.
Like that is the only problem with this sentence.. They literally had 1 job........... It's like being a cook and serving mud xD
Comment has been collapsed.
Agreed.
They can lock these things tight and encrypt them to hell and back. The problem is always going to come from the human element.
Until they are run by machines from top to bottom, these vaults will never be as "secure" as they advertise them to be.
Comment has been collapsed.
It is safer to keep your passwords in a plain .txt file on your desktop at this point. No encryption, just plain passwords.
Comment has been collapsed.
Should've added the /j at the end to indicate it's a joke.
Comment has been collapsed.
I always thought Passwords vaults are stupid and pointless. You get all of your passwords and accounts and put them under one account. How is that better or safer in any way whatsoever? Just use 2FA, and if you really can't remember your passwords and don't trust having them on a local file or cloud file, get a notebook. No one will hack your paper notebook.
Comment has been collapsed.
They are actually not pointless and even useful since so many people use a password vault without noticing (a.k.a Google Chrome) and that's already a bad situation, trusting a big corporation that has so many info about you, imagine a leak there. Anyway, there are offline password vaults and the databases can be synced between local devices with something like Syncthing. Of course keeping a paper notebook is the best but using an offline vault is more practical.
Comment has been collapsed.
40 Comments - Last post 8 minutes ago by wormmayhem
106 Comments - Last post 34 minutes ago by fjmac65
7 Comments - Last post 44 minutes ago by lext
26 Comments - Last post 53 minutes ago by pawelt
51 Comments - Last post 1 hour ago by popp9305
181 Comments - Last post 2 hours ago by Fluffster
760 Comments - Last post 4 hours ago by m0r1arty
2,142 Comments - Last post 4 minutes ago by Juanmivs
26 Comments - Last post 9 minutes ago by EzZz3
50 Comments - Last post 16 minutes ago by DanielStoSve
4 Comments - Last post 16 minutes ago by adam1224
35 Comments - Last post 26 minutes ago by Skwerm
711 Comments - Last post 34 minutes ago by emanuelml
23 Comments - Last post 58 minutes ago by MikeWithAnI
Another bombshell drops
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
Comment has been collapsed.