101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

485
active users

#lastpass

0 posts0 participants0 posts today

Also wer heutzutage noch von einer #Cloud ernsthaft abhängig ist oder dort seine Daten freiwillig hochlädt, der muss ein wirklich gutes Risikomanagement haben ...

#Email in der Cloud? Vielleicht bald nicht mehr: blog.fefe.de/?ts=96db1da8

Mehr dazu: karl-voit.at/cloud/

Und dann gibt's noch die Kategorie von Menschen, die tatsächlich zudem noch ihre #Passwörter in eine Cloud laden. 🤦‍♂️ (nehmt einfach #KeePassXC + optional Syncthing/Nextcloud Leute!)

blog.fefe.deFefes Blog

Fucking hell. Nightmare never ends. #LastPass #Hack #CyberSecurity

If you're using LastPass - it's time to migrate (now). #BitWarden #Dashlane #1Password or even #ProtonPass are all viable alternatives, that (so far) have ZERO incidents. Great for cloud-based alternatives. If you want to keep your password manager local, #KeePass or #KeepassX are fantastic as well.

techradar.com/pro/security/las

TechRadar pro · LastPass 2022 hack fallout continues with millions of dollars more reportedly stolenBy Benedict Collins

A non techi friend asked me what is a good password manager nowadays. He use windows and works with banks and other financial institutions as a consultant. He doesn't really need it to be sync online but that would be ok, even if he is a bit paranoid.

For now, all I was able to say is #1pass used to be OK, and avoid like plague #lastpass, but that's all I can say.
Any advices ? Thanks :) sharing is appreciated, I've a small reach.

#bugfeature znalazłam dziwną podatność w #lastpass na #firefox #windows mimo zaznaczonego zapamiętywania hasła wyłącznie na 24h, po restarcie dodatku zawsze uruchamia on się ponownie jako zalogowany (chociaż mógł upłynąć tydzień od ostatniego logowania) dając tym samym dostęp do sejfu z hasłami. Dziwne, Używam tej metody bo nie chce mi sie logować do menagera haseł, ale właśnie do mnie dotarło że to powalony pomysł to co robię i że nie powinno tak być. #itsecurity

Lots of people watching stock prices right now. I don’t actually expect much of a show there. Yes, it will go down a bit, and then it will come back up again. This happened many times, to companies which produced similar and worse disasters.

Don’t believe me? Check out the stock charts for LogMeIn Inc., the company behind LastPass. Try to find the dent made by the 2022 breach announcement and the subsequent news coverage. Compare the stock price to what it is today. That’s a company that demonstrated enough neglect to be rightfully dead today. Instead, I have people still asking under my blog posts whether they should dump LastPass or keep using it.

The inertia is very real. It takes lots of effort to switch vendors. CrowdStrike will claim an unforeseeable issue, a one of a kind. And almost everyone will believe them and keep using their product. Until the same thing happens again. And likely even then still.

Why You Should Be Using A Password Manager

In today’s world we have some kind of login information for just about every site we visit frequently. From our email accounts, banking accounts, credit card accounts and so much more. It can be tough to memorize each and every password for each different site, especially since it’s never recommended to use the same password for more than one site. Not to mention, it can be tough to come up with a strong enough password for each site that’s easy enough for us to remember. This is where password managers come into play and I feel it’s very important that everyone should be using one.

What Exactly Is A Password Manager?

Password managers are apps that generate new, random passwords for all the sites you visit. They store these credentials for you in a secure virtual vault. Then, when you visit a site or open an app where you need to log in, the password manager automatically fills in your login name and password for you. Most password managers can also fill in your personal information, like name, address, and credit card number on web forms to save you time during account creation or checkout when making a purchase online. Some password managers can store your important documents or other credentials like safe codes and medical information in the vault, too.

Another great thing that a really good password manager will do is to let you know if your existing passwords are weak, reused on another site or have shown up in a data breach or something similar. This is very important and can really help you suggest and create new, strong and unique passwords for any login you might need it for.

I also recommend that when you use your password manager to create passwords for you, that you set it to at least 24 characters and have it use uppercase, lowercase, numbers and special symbols/characters. This just helps create more secure passwords.

Are Password Managers Free?

There are indeed many password managers out there that are available for free today. Most have a free plan and a paid plan. The free plans will often have limitations of some sort put into place. This is of course to help persuade you to pay for a plan to get more features. Some of these paid for features are things like being able to create longer, more secure passwords, sync across multiple devices and other very useful and often needed features.

I personally use Proton Pass currently, but that’s because it comes with paying for a Proton Mail account. Because I pay for Proton Mail, I get Proton Pass, Proton VPN, Proton Drive and more included with my service.

I previously was using Bitwarden which was a really good password manager that has tons of options and features. I only switched to Proton Pass since it was included when I made the move from Gmail to Proton Mail. Prior to that I was with LastPass for a lot of years. Back when they were really good and password managers were still relatively new. Today, I wouldn’t recommend them personally as they have had some issues over the last few years.

Test New Password Managers First

It is very important to choose a password manager that’s going to work best for you and your use. This means little things like making sure it works on all of the devices you use. Be it Windows, Linux, Android, iOS or any other platforms you might use that you could use it with.

Remember, most password managers have a free trial or just a free version in general that you can use for a few weeks or so to see if it meets all of your needs.

Once you find one that really works best for you, then it’s up to you if you move to a paid plan or not. You may or may not need or even want do that. That choice is strictly up to you.

Another important thing to think about during this testing phase, is if you will be using this by yourself, or if you’ll want to have family members use it as well. Very important to know especially when it comes to a paid plan as then price comes into play.

Apply Multi-Factor Authentication To Your Account

One way to mitigate the risk of an attack on your password manager is to use multi-factor authentication (MFA) to secure your account. MFA simply means that to unlock your password manager, you need something in addition to your master password. That something could be your fingerprint, your face or voice read by recognition software, a code sent to a mobile authenticator app, or a hardware security key. In addition, allowing access to the password manager only from registered, trusted devices can be another form of multi-factor authentication.

Password Manager Browser Extensions

Most every password manager out there today has an extension that you can install into your browser to make using a password quick and easy. This used to not be the case back in the day, but in today’s world, it’s an absolute necessity due to how many passwords and such we’re storing.

Set a Master Password

Once you’ve settled on the password manager of your choice, you have to set it up and protect it with a master password. Since you’re putting all your passwords in one place, i.e., the vault, you need to protect the vault with a master password. The master password encrypts the contents of your vault, so it needs to be super strong and something you will never forget. If you lose your master password, you lose access to all your logins in many cases (meaning you’ll have to do password resets for all your online accounts). If you choose a weak master password, you put all your credentials at risk.

Take your time to pick a master password and just make sure it’s something you’ll always remember but make it something that’s not easy to figure out, such as your name, birth date, cats name or anything similar. If need be, write it down on a piece of paper and put it in a locked safe or something similar within your house so that you can easily access it but others won’t be able to get to it so easily.

Let Your Password Manager Do The Work For You

Any time you visit a website that requires login information, let your password manager do the work for you. This means let it help you create a password for you as well as remember that password and username or anything else of importance.

This is exactly what password managers are for. They do the work so that you don’t really have to in most cases. Once you have the information stored for a site, then any time you visit the login screen for that particular site, your password manager should offer to auto-fill that information for you. This is exactly the goal of using one in the first place.

Final Thoughts

I firmly believe there is no reason that anyone shouldn’t be using password manager. As stated originally, we have so many login credentials that we have to know and try to remember that it’s nearly impossible for us to keep track of it all in our heads. Password managers do all of the work for us and they do very well. Therefore they make life easier for us when it comes to browsing and using the internet.

If you’re not already using a password manager, ask yourself why and do yourself a favor and find one that’s good for you. If you are using a password manager, which one do you use? Let us know via the comments below and tell us what features/options you like best about it.

If you’d like to follow me on Mastodon which is my social media platform of choice, you can do so by clicking the button below.

Cliff On Mastodon

Macie backup Waszych haseł? Niedostępność managera LastPass

Wybór menedżera haseł to bardzo ważna życiowa decyzja z punktu widzenia higieny poświadczeń w Internecie (o tym jak używać popularnego KeePassXC możecie przeczyta na sekuraku). Na rynku jest wiele dostępnych rozwiązań, od darmowych i otwartoźródłowych po usługi dostarczane przez firmy trzecie. Wybór jednych albo drugich ma swoje wady i zalety,...

#WBiegu #Chrome #Lastpass

sekurak.pl/macie-backup-waszyc

Sekurak · Macie backup Waszych haseł? Niedostępność managera LastPassWybór menedżera haseł to bardzo ważna życiowa decyzja z punktu widzenia higieny poświadczeń w Internecie (o tym jak używać popularnego KeePassXC możecie przeczyta na sekuraku). Na rynku jest wiele dostępnych rozwiązań, od darmowych i otwartoźródłowych po usługi dostarczane przez firmy trzecie. Wybór jednych albo drugich ma swoje wady i zalety,...

LastPass claims that it will encrypt URLs in their users’ vaults next month. Yes, that’s addressing the issue they’ve first been warned about back in 2015 to my knowledge. Yes, they plan to fix it for existing password entries as well. Maybe worth checking whether they’ll actually deliver.

They plan to start encrypting things like “equivalent domains” later this year. That’s an issue I received a bug bounty for in 2018 (this isn’t merely a privacy but also a “what if the server turns malicious” issue), good to know they finally want to do something about it.

This part sounds strange:

“LastPass says that due to restrictions in processing power in 2008, when that system was created, its engineers decided to leave those URLs unencrypted, lessening the strain on CPUs and minimizing the software's energy consumption footprint.”

That’s about mobile CPUs. And probably also about JS-based encryption implementations before WebCrypto or WebAssembly. And still: is it plausible that not encrypting a little bit of text (we are talking about 64 kB max even for heavy users) made any difference in 2008? Even considering that their “key derivation” back then was merely SHA256, I have a hard time believing that encryption was in any way significant for their CPU usage.

theverge.com/2024/5/1/24146205

Parent Company "GoTo" will be spinning LastPass off into its own separate company, they announced it back in 2021, but it's taken this long to get their shit together. LastPass will now operate under a shareholder holding company called "LMI Parent"

This seems to be largely a PR stunt to show how "reformed" they are, but it still has the same CEO and very little has changed.

The Verge · LastPass goes independent over a year after serious breachesBy Wes Davis