What Are You Doing Right Now
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?
I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.
I had already started transitioning to Bitwarden, so doesn't change much for me.
I know they got the backups of the encrypted blobs. Again it comes down to 1: Do you have a good master password and 2: Do you trust LastPass' implementation of their code?
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
-
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
I've read a number of other articles saying to go change all your passwords right away, so sounds like this one actually got it right.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
I had been meaning to move since LogMeIn added the tracking junk in, and the cost compared to the competition finally got me to switch.
-
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
-
what's another reputable pwd manager??
-
@siringo said in What Are You Doing Right Now:
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
Bitwarden is $10/year for the Personal Business account, LastPass was costing me $36/year for the Personal Premium.
-
@travisdh1 thanks. i'll check that out.
-
@siringo said in What Are You Doing Right Now:
what's another reputable pwd manager??
Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.
-
Nothing like trying to get HVAC service after a;
Holiday
Extreme cold snapYup,.. this could be costly,.. house isn’t twenty years old yet and we are system number two already… this system is only seven years old…
-
I’m slow and behind but I am still using keepass or on the iOS device Strongbox as it is compatible with keepass db.
-
Hey everyone, happy holidays!
-
@scottalanmiller said in What Are You Doing Right Now:
Hey everyone, happy holidays!
Happy Holidays
Hope your dad is doing okay,.. I’m hearing a bit out of the Buffalo area about the weather, power and food issues.
-
Whoo hoo,
New building will have Yealonk t46u phones. And we are pulling in RingCentral services.
-
@JaredBusch said in What Are You Doing Right Now:
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Yeah, I'm not overly worried about my data - I believe my password is good, significantly lowering my risk.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
There is always this...
-
@gjacobse said in What Are You Doing Right Now:
Nothing like trying to get HVAC service after a;
Holiday
Extreme cold snapYup,.. this could be costly,.. house isn’t twenty years old yet and we are system number two already… this system is only seven years old…
what the hell? what's breaking on it?
Mine is from 2005, we've had blower motor go out on it, and the flame sensor had got oxidized at least twice.
I think the capacitor on the AC compressor has been replaced twice since 2005.Otherwise - no issues.
-
@Dashrender said in What Are You Doing Right Now:
@gjacobse said in What Are You Doing Right Now:
Nothing like trying to get HVAC service after a;
Holiday
Extreme cold snapYup,.. this could be costly,.. house isn’t twenty years old yet and we are system number two already… this system is only seven years old…
what the hell? what's breaking on it?
Mine is from 2005, we've had blower motor go out on it, and the flame sensor had got oxidized at least twice.
I think the capacitor on the AC compressor has been replaced twice since 2005.Otherwise - no issues.
The fan shaft 'machined itself' off having to replace the fan, and they the system arced internally killing the system completely. We had to have the Indoor / outdoor units replaced in 2015.
First system was a Trane - we stopped it good. This system is an American Standard,.. Nothing may be wrong.. I just want to make sure. They'll be here at 8:15am tomorrow.. WHOOT.. Surprise they had space.
-
This post is deleted! -
@gjacobse yes hasn't been good here. We are ok but several friends still trying to plow out.
-
@jt1001001 said in What Are You Doing Right Now:
@gjacobse yes hasn't been good here. We are ok but several friends still trying to plow out.
Thanks for checking in, as bad as it was,.. nothing compares… as while we hit -6 on Friday, it’s suppose to be 50 today. Ugh.
-
Chatting with Tmobile Home Internet via Twitter about WAN issues. Still better than DSL :).