lastpass has been broken into - change passwords immediately

Discussion in 'Technical' started by sec_monkey, Jun 15, 2015.

  1. sec_monkey

    sec_monkey SM Security Administrator

    Last edited: Jun 15, 2015
  2. NotSoSneaky

    NotSoSneaky former supporter

    At the risk of pissing off or insulting people, who the heck would be stupid enough to put their passwords into any program on a computer ?

    Can't hack a coded sheet of paper in a safe.
  3. sec_monkey

    sec_monkey SM Security Administrator

    this is much worse, the passwords are in the cloud :cry: :cry: :cry: :cry:




  4. NotSoSneaky

    NotSoSneaky former supporter


    "The cloud" Never used it, never will. [coo]
    Mountainman and sec_monkey like this.
  5. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    My passwords are in my head, and nowhere else. But thank you for the warning.
    sec_monkey likes this.
  6. RightHand

    RightHand Old Pioneer in a New World Moderator Founding Member

    I thought everyone knew that the "cloud" was as safe and secure as your momma's arms
  7. stg58

    stg58 Monkey+++ Founding Member

    Passwords are one thing.

    Pass-phrases and two-factor authentication are the way to go.
    Either a YubiKey or two-factor via a text, voice or email is the way to so no matter who hacks your login they won’t have the other half.
    This is a randomly generated pass.
    The next one:

    Some very smart board admins use YubiKey, shameless suck up.

    Yubico | Trust the Net with YubiKey Strong Two-Factor Authentication
    VisuTrac and BTPost like this.
  8. stg58

    stg58 Monkey+++ Founding Member

    A second opinion.
    Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked. We've talked about it a bit before, but here's a list of all the popular services that offer it, and where you should go to turn it on right now.

    We originally published this post in August of 2012, but a lot of our favorite sites have added two-factor authentication since then. So, we've decided to update the post with all the new options (and keep it updated going forward). For an even more exhaustive list, check out

    Here's Everywhere You Should Enable Two-Factor Authentication Right Now
  9. BTPost

    BTPost Old Fart Snow Monkey Moderator

    If your Passwords, or PassPhrases, are ONLY in your head, you can NOT be forced by ANYONE, Legally, to give them Up to ANYONE. If they are in a File, even an Encrypted File on your computer, you CAN be forced by Judicial Warrant, to "Give them UP". If they are on a piece of paper, in a Safe, that Safe can be OPENED, by Judicial Warrant, as well.... Nothing that is in your Head, can be forced from you, Period, Legally in the USA.....
    kellory likes this.
  10. UncleMorgan

    UncleMorgan I eat vegetables. My friends are not vegetables.

    By now just about everybody ought to know that if it's on the Internet, it can be hacked. Don't want get hacked? Set up two computers: Your state-of-the-art system and last-year's obsolete dinosaur. You do all yer STUFF on your good system. Which never EVER hooks up to the internet. Do all your netsurfing on the dinosaur. If you want to upload to your good system, use a thumbdrive as the intermediary. Ditto for downloading to the Net. And check your thumbdrive each time for parasites.

    Even if something nasty somehow piggybacks into your good system, it won't be able to send data out. Or receive updated instructions from China.

    There are only two kinds of computer operators in the United States: The ones that know their computers have been hacked by the Chinese, and those that haven't found out yet.

    I have a trusted source in the Military who has been involved in the ongoing secret computer war with China. There was a lot he couldn't tell me because it was Classified. What little he could say was essentially that WWIII is already happening, and it's a cyber war.

    Think about the military effectiveness of having a whole lot of Chinese hack a whole lot of our civilian computers. On Cyber SHTF Day, when the cyber war gets physical, 25,000,000 Chinese strip 300,000,000 American civilians (& civilian businesses) of all their money (because they do their banking online!) by the simple expedient of sending it all to China. Then they burn every computer they can, and 300,000,000 broke Americans have to go back to using the telephone & counting on their toes.

    Wait a minute. What telephones? They're on the Net, too, and completely vulnerable.

    Oh. well. At least they can't take our toes away from us.

    (Lucky for me: Even if I'm broke, I'll still be able to peel my bananas.)
  11. RightHand

    RightHand Old Pioneer in a New World Moderator Founding Member

    I keep all my client records on a system that is not connected to the network or the internet. Risk taking with my data is one thing but unforgivable with client information.

    With that said, today it's almost impossible to operate in an "internet-less" environment. We do everything from paying bills to ordering groceries so having a strong firewall, good anti-hacking software, strong passwords and a very good master password are helpful as we TRY to keep our data secure
  12. RightHand

    RightHand Old Pioneer in a New World Moderator Founding Member

    Passwords - the reason for a "little black book" The times, they are a-changin
    ghrit likes this.
survivalmonkey SSL seal warrant canary