9 years ago
20
Password site LastPass warns of data breach
LastPass was successfully attacked last Friday. The company claims that your passwords should be safe. Nevertheless, they are requesting you to update your master passwords.
Continue Reading http://www.zdnet.com
Join the Discussion
Why are people storing passwords externally these days. The password app I wrote for myself (and which Apple decided was "We found that your app only provides a very limited set of features. While we value simplicity, we consider simplicity to be uncomplicated - not limited in features and functionality." and denied) has been more than adequate for my needs and doesn't store passwords anywhere. I should really get around to adding useless functionality to it so that Apple can approve it. Seriously though, it was made simple to be used quickly and to be as powerful to the user as possible.
Again, why are people storing passwords with other people... /sigh
[This comment was removed]
Seriously, this is is something I will truly never understand. I mean, if you are scared of losing your data locally, just set up a cron job (or whatever the windows equivalent is) to back up the data to an external hard drive. Storing them with somebody else is just a security risk I wouldn't take.
I think it was just the major password was stored externally.. The only reason why I can think that they would do this is convenience for the end user. Not everyone is a savvy as a lot of us Tech people, they need help to do things, so when someone tells them.. "Hey we'll store your password safely with only you having access via one password that we will totally encrypt and it will be the safest thing ever LOLZ" ... people believe them because they can't be bothered remembering passwords.
Windows would have Scheduled Tasks which is an awful implementation. Crontab forever, but maybe not for backing up passwords. I'm annoyed enough when I think the sudo prompt has come up and I type the root password into my command history.
" because they can't be bothered remembering passwords"
Isn't part of the issue we have to use passwords we are now no longer ABLE to remember (this LastPass etc). They have to be long, they can't be words, they have to be a mix of characters and you need a different one for every web site you go to.
I don't see myself remember z00Yfy59gCpJZN7s and cqCTWQWJd3qDv any time soon. Even using the idea ThatYouCanMakeASentanceAndKeepEveryFirstLetter sort of thing doesn't work when the number of passwords an average person needs to have is in the hundreds.
We really need something other than passwords
I did have a fairly lengthy description of what my App did, but now I think I should really flesh it out more and release it as there is a need.
I can confirm that my app doesn't connect externally (doesn't even make a call home attempt) so you'll never have to send me anything, yet all passwords are 16 characters and unique and as long as you remember your master password, safe from those that don't know that password.
Sorry not pushing my app... trying to get myself hyped to finish it. Blah... we do need passwords, we just need to educate users to not put trust in external services that "store" your passwords.
I think there is a need, for options at least. We seem to be stuck with passwords, lots of them, and a lot of people eager to get their hands on them.
I'd definitely urge you to flesh your App out and give it a go on the market :)
Passwords suck. I don't like using an external password manager but there's no simple way for me to keep track of 200+ unique password over hundreds of sites and devices other than using LastPass. Any device (your own or theirs) can be compromised. The best hope at the moment is that you choose the most secure and feature-filled service in which to rely in.
That being said, I'm rethinking my choices after this incident. There's no sin in being attacked. But there is an issue with LP not announcing it to their paying customers before the story broke.
A little ironic, I suppose.
Ironically I just got this article popup in my news feed:
British banks consider emoji as password replacement
The most secure place to store your passwords is to buy a real paper notebook and write them in. What I have been doing for years.
The only problem with a note book full of passwords is that in order for it to be effective on the go you need to bring it with you. That carries the risk of someone getting a hold of this notebook and really ruining your day.
Since I'm an artist, I draw a cartoon of each password with a series of numbers next to it. This never leaves the house. Anyone who sees it,won't know what the drawings mean..If they type in Tux (Linux mascot) or penguin, for the penguin drawing, it still won't help them.
Would you be interested in posting some after you retire the password? It would be fun to try to figure it out just by the drawing.
Well,basically,it's groups of drawings with numbers .Looking at this,as an example. Yeah,it's a chicken. But does that mean the password is chicken? Or chikkin? Or dinner? Or does said chicken have a name? Did I perhaps have a chicken as a pet at some point? And what are those numbers about?
http://s76.photobucket.com/user/Blueroo22/media/Linux%20screenshots/pwsample.jpg.html
A very novel solution... cartoon based encryption :)
I read recently that emoji based passwords may be a good idea, so I think /u/gozzin may be onto something here
I think the best password storage is still my brain. Try stealing that one!