Windows 10: LastPass is scrambling to fix another serious vulnerability

LastPass is scrambling to fix another serious vulnerability | PCWorld

 

Perhaps it's best never to store passwords on any IT system?

:)

 

Lastpass password manager.

That hasn't happened to me... I clicked "remember password" and it gave me a warning that my decision could make my password more vulnerable if my device is ever lost/stolen, but after I said "yes", it remembered it. When I open Edge it only opens my homepage,
and lastpass auto-fills all my password for me.

Maybe it only happens to some people. Since LastPass said they are working to fix it, they must be aware that at least some people have a problem.

 

How do I uncover passwords or get list of stored passwords?

There is nothing such as Safe because everything would have security vulnerabilities(which haven't been discovered yet)

I use LastPass to manage all my passwords:

#1 Password Manager, Vault, & Digital Wallet App | LastPass

 

Online password managers, the same, the same old. *Sleepy

Tavis Ormandy on Twitter:

 

Tavis found the vulnerability and LastPass is working on fixing it; what is the problem? No security software is perfect and never will be. The argument for using LastPass has always been all of the other much more serious security problems it solves, eg weak passwords, users using the same password on multiple sites, users forgetting passwords and/or writing them down on sticky notes, etc.

 

I am a LastPass user, and this doesn't scare me at all. Tavis seems to have made improving LastPass a project of his - hopefully LastPass is compensating him for his efforts - and this will benefit LastPass users in the long run.

In the mean time, Tech blogs will have fodder for their FUD stories following every tweet Tavis makes about LastPass, completely missing the point that it's security is actually being improved by this, and no one is exploiting any of these vulnerabilities.

 

Better to be scrutinized, and updated quickly. It's the fact that LastPass responds so quickly to resolve the issue that gives me peace about the whole situation.

And in the latest case, it was demonstrated to LastPass what could be done. It's not an active exploit. Kudos to LastPass for jumping right in and fixing it.

 

That is why I manage my own passwords.*Smile

 

Are you telling me that you use

• A different password for every site
• A password that is long enough and complex not to guess
• You can either memorize them all, or only need to access a local password database to get to them?

I'm so inundated with passwords, for both work and home. I work on a variety of machines. It's become necessary to have my passwords available in all places I might be, so managing them on my own isn't great. Even if I put them on my phone, it would be ok until I lost my phone.

Passwords are such a necessary evil today, but there will hopefully be a better way in the future.

 

That is exactly what I am telling you. I have this application that is called random password generator it can create random passwords and store them off line. I am retired, I have one device and no smart phone.

 

Lastpass can generate random passwords to your specification without even pressing a keystroke thereby avoiding keyloggers.

 

Yes but they are stored online are they not?

 

Well, there you go. That makes all of the difference in the world. Most of my computing time during the day is spent at work, so I need access to my personal passwords there. Then at home, I have my desktop, my sons desktop and my primary computer which is my mac laptop.

I dumped my passwords into Excel and just for myself, I have 162 passwords. This doesn't include the passwords I keep for my kids stuff and my wife's stuff.

Yes, they are stored online. At present I store my passwords for less secure things in Evernote. Things like banking, retirement, car payments...basically anything with financial data is stored in KeePass inside of Dropbox. I can only access these from devices where I have KeePass, but these aren't things that I use on a daily basis and for things like my home banking, that password is memorized and not a randomly generated secure password.

The scary part online is that if somebody breaks into your Lastpass account, they get all of your other accounts. I cannot even image how long it would take me to go out and change my 162 passwords. It would take me an entire weekend.

 

I don't trust any form of online storage. I only ever store passwords in a password protected file stored on a Bitlocker protected USB stick kept in a safe location. My PC is never connected to the internet when I edit the file.