Welcome to Centmin Mod Community
Become a Member

Security Lastpass Security Vulnerabilities [March 2017]

Discussion in 'All Internet & Web Performance News' started by eva2000, Mar 22, 2017.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    Ouch Lastpass latest security vulnerabilities What should password managers not do? Leak your passwords? What a great idea, LastPass

    March 22nd, 2017 Update



    From Important Security Updates for Our Users | The LastPass Blog

    Original News



    Other discussions / links

     
    Last edited: Mar 24, 2017
    • Informative Informative x 2
  2. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    I started looking at 1password instead of lastpass but features in 1password seem lacking ? I accidentally imported lastpass csv data into 1password twice into same vault and found out there's no way to reset or delete on mass the entries in the vault other than contact 1password to totally reset my account and wipe all data. Still waiting on support to get back to me on that at 1password.

    Also no way to delete duplicate entries that lastpass to 1password import created ?

    So which password managers you you folks using or switching to from lastpass ?
     
    Last edited: Mar 22, 2017
  3. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
    I like Keepass.info. I upload the password file and key to a server and can use the software anywhere.

    Open source, rock solid security, ton of features, I control the security... that's for me. Software has also been around for a long time. I would never trust my passwords to an online service.
     
  4. RB1

    RB1 Active Member

    269
    70
    28
    Nov 11, 2016
    California
    Ratings:
    +117
    Local Time:
    8:06 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    Yikes!!!
     
    • Agree Agree x 1
  5. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    10:06 PM
    I have been using 1Password for 2-3 years now. I love it personally. The new web interface is nice as well. Hopefully they release a Linux client one day.
     
  6. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:06 AM
    1.9.x
    10.1.x
    I use my brain.
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    haha that's some brain.. i have ~4,000 login entries to remember hehe

    I also gave keepass a try and like it too seems easiest to get setup and so far no extra duplicate entries. Though there seems to be a tool natively built in to remove duplicates

    upload_2017-3-23_6-14-1.png

    but keepass core might be solid but seems like a lot of 3rd party plugins out there which may not be not be as secure ?

    1password, still waiting on tech support to reset my account so can start over !
     
  8. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:06 AM
    1.9.x
    10.1.x
    You can have a main base pass, and then you add something related to the domain you are trying to enter. Its impossible for you to forget and impossible for an hacker to discover.

    Most sites now also have 2 step verification.

    What is not secure is the risk you take everyday if someone hacks a service you use to save your passwords and all of a sudden someone have access to all your accounts.
     
    • Agree Agree x 1
    • Creative Creative x 1
  9. pamamolf

    pamamolf Well-Known Member

    2,538
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    6:06 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    I am thinking to post a topic about secure systems and services....

    What do you think?
     
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
    I don't use any 3rd party plugins with Keepass. Not sure what plugins are offered. I even had a server hacked way back in 2008 with the keepass file, never had an issue - though don't know if the hacker dloaded the password file or not.

    Keepass has an Android app. KeePassDroid - Android Apps on Google Play

    I can't trust an online service for my passwords, period... it's like asking for problems.

    KeepassX on Linux is really nice. ;)

    Keepass did take some heat for a security issue. KeePass 2.34 plugs security issue - gHacks Tech News
     
    • Informative Informative x 1
  11. pamamolf

    pamamolf Well-Known Member

    2,538
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    6:06 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Keepass for windows is the best but Windows is not the best OS for security.Actually is the worst!

    KeepassX is a software that tries to mimic what keepass does on Windows but for Linux and is missing the latest features (last updated 5 months ago) and the implementation of original keepass may not be so good....

    I am sure that on another post of me i was told users to avoid using Lastpass :)

    https://community.centminmod.com/th...i-device-password-management.9420/#post-39687
     
    Last edited: Mar 23, 2017
    • Like Like x 1
    • Informative Informative x 1
  12. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    but that app is 3rd party not official by KeePass right according to Downloads - KeePass

    totally forgot about needing equivalent Android app like Lastpass ! In that regard 1password might be better ? or do we put our logins' trust in 3rd party developed KeePass Android app ?
     
  13. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
    I doubt you're going to get an app from the keepass dev. It's open source, not a commercial product.

    I don't personally use anything on my phone. But that app has 30K ratings and 4+ stars.

    IMHO I'd put more faith in an open source project with a long track record vs. an online pw storage site. That's just me though.
     
    • Agree Agree x 1
    • Informative Informative x 1
  14. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah decisions... decisions heh But ratings don't mean much coming from average joe users who aren't in the internet security industry heh.

    Wonder if there's anything out there to allow 1password to KeePass continuous sync/import so new 1password entries sync to KeePass and vice versa ?

    interesting read https://sourceforge.net/p/keepass/discussion/329220/thread/7823021f/
     
  15. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
    Show me the link to lastpass and 1password source code. :) Everything with keepass is open. Don't rely on ratings, look at the source if the ratings are a sticking point.

    Andriod apps:
    Keepass2Android - Source Code
    GitHub - bpellin/keepassdroid: KeePass implementation for android

    Got an issue... look at the source, judge for yourself if it's secure.
     
    • Informative Informative x 1
  16. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
  17. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    Interesting read Password managers may not be as secure as you think

     
    • Informative Informative x 1
  18. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
  19. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:06 PM
    Nginx 1.13.x
    MariaDB 5.5
    what about various forum logins from mobile etc?

    More at Security issues found in nine password managers for Android (LastPass, Dashlane..) - gHacks Tech News

    Lastpass related !

    1password related

    Discussion at https://news.ycombinator.com/item?id=13753864
     
    Last edited: Mar 23, 2017
  20. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    11:06 PM
    1.13.x
    MariaDB 10.1.x
    I don't use my phone to login to forums / sites.

    If I'm going somewhere and I need to access a site I manage I have my laptop with a VPN.

    I'm not attached to my mobile device. I use it for phone calls and messaging.
     
    • Informative Informative x 1