What Are You Doing Right Now
-
Have to say it’s a good Christmas this year-
After a double bypass last Tuesday, my father in law came home last night.
We went down and cleared snow and ice from the driveway and steps. Glad he is home and recovering…
-
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
-
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
Yeah you really need to read that article.
-
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?
I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.
-
@Dashrender said in What Are You Doing Right Now:
is it time to change password managers?
I am. The fact they were so damn sketchy about it and happened so easily more than once. No thank you.
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?
I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.
I had already started transitioning to Bitwarden, so doesn't change much for me.
I know they got the backups of the encrypted blobs. Again it comes down to 1: Do you have a good master password and 2: Do you trust LastPass' implementation of their code?
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
-
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
I've read a number of other articles saying to go change all your passwords right away, so sounds like this one actually got it right.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
I had been meaning to move since LogMeIn added the tracking junk in, and the cost compared to the competition finally got me to switch.
-
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
-
what's another reputable pwd manager??
-
@siringo said in What Are You Doing Right Now:
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
Bitwarden is $10/year for the Personal Business account, LastPass was costing me $36/year for the Personal Premium.
-
@travisdh1 thanks. i'll check that out.
-
@siringo said in What Are You Doing Right Now:
what's another reputable pwd manager??
Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.
-
Nothing like trying to get HVAC service after a;
Holiday
Extreme cold snapYup,.. this could be costly,.. house isn’t twenty years old yet and we are system number two already… this system is only seven years old…
-
I’m slow and behind but I am still using keepass or on the iOS device Strongbox as it is compatible with keepass db.
-
Hey everyone, happy holidays!
-
@scottalanmiller said in What Are You Doing Right Now:
Hey everyone, happy holidays!
Happy Holidays
Hope your dad is doing okay,.. I’m hearing a bit out of the Buffalo area about the weather, power and food issues.
-
Whoo hoo,
New building will have Yealonk t46u phones. And we are pulling in RingCentral services.
-
@JaredBusch said in What Are You Doing Right Now:
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Yeah, I'm not overly worried about my data - I believe my password is good, significantly lowering my risk.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
There is always this...
-
@gjacobse said in What Are You Doing Right Now:
Nothing like trying to get HVAC service after a;
Holiday
Extreme cold snapYup,.. this could be costly,.. house isn’t twenty years old yet and we are system number two already… this system is only seven years old…
what the hell? what's breaking on it?
Mine is from 2005, we've had blower motor go out on it, and the flame sensor had got oxidized at least twice.
I think the capacitor on the AC compressor has been replaced twice since 2005.Otherwise - no issues.