Have you stopped relying on LastPass since the August 2022 and December 2022 breaches?
It didn't work for the DevOps engineer, MFA is Multi-Factor Authentication (2 or more factors).
Comment has been collapsed.
I store my passwords locally in a KeePassXC database stored in my own drives.
I don't trust cloud password managers because they're a big target for hackers and the leaks are just a matter of time.
Comment has been collapsed.
Well... We're crossing topics. I'm replying to the poll, not to the article.
Sorry for the confusion.
Comment has been collapsed.
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,”
I like how they try so very hard to say "look, it's not our fault" when really it is because I don't care how many is "a handful of company developers", how the hell does a guy working in what is essentially a security company get a keylogger on his computer and has no idea?
Comment has been collapsed.
Like that is the only problem with this sentence.. They literally had 1 job........... It's like being a cook and serving mud xD
Comment has been collapsed.
Agreed.
They can lock these things tight and encrypt them to hell and back. The problem is always going to come from the human element.
Until they are run by machines from top to bottom, these vaults will never be as "secure" as they advertise them to be.
Comment has been collapsed.
It is safer to keep your passwords in a plain .txt file on your desktop at this point. No encryption, just plain passwords.
Comment has been collapsed.
Should've added the /j at the end to indicate it's a joke.
Comment has been collapsed.
I always thought Passwords vaults are stupid and pointless. You get all of your passwords and accounts and put them under one account. How is that better or safer in any way whatsoever? Just use 2FA, and if you really can't remember your passwords and don't trust having them on a local file or cloud file, get a notebook. No one will hack your paper notebook.
Comment has been collapsed.
They are actually not pointless and even useful since so many people use a password vault without noticing (a.k.a Google Chrome) and that's already a bad situation, trusting a big corporation that has so many info about you, imagine a leak there. Anyway, there are offline password vaults and the databases can be synced between local devices with something like Syncthing. Of course keeping a paper notebook is the best but using an offline vault is more practical.
Comment has been collapsed.
1,173 Comments - Last post 12 minutes ago by Formidolosus
8 Comments - Last post 38 minutes ago by pirateta
416 Comments - Last post 1 hour ago by Picollo30
2,653 Comments - Last post 1 hour ago by ToatsMcGoats
12 Comments - Last post 1 hour ago by wigglenose
299 Comments - Last post 1 hour ago by Creative1989
19 Comments - Last post 2 hours ago by doomofdoom
28 Comments - Last post 9 minutes ago by fernandopa
215 Comments - Last post 28 minutes ago by TheMuzo
65 Comments - Last post 35 minutes ago by nonamebg
10,107 Comments - Last post 1 hour ago by CurryKingWurst
40 Comments - Last post 2 hours ago by mourinhos86
466 Comments - Last post 2 hours ago by ere43
134 Comments - Last post 3 hours ago by Abominati0n
Another bombshell drops
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
Comment has been collapsed.