LastPass

Status
Not open for further replies.

stan

Well-Known Member
Credits
7,680
I don't care how secure you think you may be once you access any online account from any device you information is available to be gotten.
You don't need to be online at all. I've been caught up in several data breaches already... companies who failed to secure my personal information. That's on them. But I have no control over how well they protect my data. What control I do have, I try to use to the best of my ability, including trying to read enough tech/security news to be aware of new risks that keep coming at us. But we never know everything, and we are always at risk. Even if you don't own a computer or smartphone, you can still be the victim of identity theft.

My wife and I actually just got a check a month or so ago from the Indiana settlement with Equifax... almost $80 each. That was way better than the one-year free credit monitoring we got from Home Depot! We got nothing from other breaches... "Oops, we're so sorry."

Earlier this year Verizon notified us that "their network had been infiltrated"... and they recommended that we should "change all of our passwords on other sites" that interacted with them. So, since two factor authentication (2FA) is the "secure thing" these days, that meant I needed to change passwords at banks, insurance companies, and others. "Oops, we're so sorry." I am still pissed off about this one. But I also took the opportunity to make the gibberish passwords even longer and change the security question and answers too.

The length of passwords needed to remain secure gets longer and longer because people trying to crack them get better and better tools. Currently, 12-characters seems to be the minimum, with 16-characters (or more) preferred. See:

https://askleo.com/how_long_should_a_password_be/

https://resources.infosecinstitute.com/topic/password-security-complexity-vs-length/

https://www.lmgsecurity.com/how-long-should-your-password-be-a-technical-guide-to-a-safe-password-length-policy/
 


D

Deleted member 101831

Guest
You don't need to be online at all. I've been caught up in several data breaches already... companies who failed to secure my personal information. That's on them. But I have no control over how well they protect my data.
Exactly what you just said.

Even if you don't own a computer or smartphone, you can still be the victim of identity theft.
Exactly what you just said.

Earlier this year Verizon notified us that "their network had been infiltrated"... and they recommended that we should "change all of our passwords on other sites" that interacted with them.
Again on there end not on your end.

It doesn't seem matter how secure my computer or network is.

Any breach of security for my passwords to access any of my stuff is more than likely going to happen at a website I visted.
 

stan

Well-Known Member
Credits
7,680
Any breach of security for my passwords to access any of my stuff is more than likely going to happen at a website I visted.
Exactly what you just said. :)


It doesn't seem matter how secure my computer or network is.
That's where I disagree. I think it matters. I think it's "on me" to do my part to protect myself... with computers or other security, just like I lock the doors on my house. There are tools available for both computer and physical security. We should use them, IMO.

My friends, Mr. Smith and Mr. Wesson, seem to agree with me. ;)
 
D

Deleted member 101831

Guest
That's where I disagree. I think it matters. I think it's "on me" to do my part to protect myself... with computers
If you've done everything you can on / at your end to keep your self secure and then your stuff is compromised at someone else's end and not at yours then what more could you have done to prevent the compromise from occurring at someone else's end.

As you mentioned earlier you can't control what happens at / on someone else's end.

My friends, Mr. Smith and Mr. Wesson, seem to agree with me. ;)
As for your 2 friends that can become a whole different thread.
 

Condobloke

Well-Known Member
Credits
15,923
I emailed BitWarden support with a summary of some of the posts here..... @stan's post in particular.

The email:
It has occurred to me that the BitWarden encryption importance "leaving the device" is about syncing to other devices, right? When you log in to your bank, via the password manager, the passwords are sent in plain text... otherwise your bank would not be able to decrypt it!
So the password manager's encryption "on the device" is simply a padlock to protect it if someone steals your phone/computer or is somehow able to retrieve it from your cloud storage server (hack)
The real point of trust then is the pipe, the https connection, that secures your plain text password between you and your bank.
Have I summarised it correctly?


The Reply
Hi Brian,
Thanks for your interest in Bitwarden reaching out.
I am attaching some really helpful resources on how the details around our security practices and how the product functions:
Vault Data - https://bitwarden.com/help/article/vault-data/
Encryption - https://bitwarden.com/help/article/what-encryption-is-used/
Encryption & Zero Knowledge Blog - https://bitwarden.com/blog/post/end-to-end-encryption-and-zero-knowledge/
Security FAQs - https://bitwarden.com/help/article/security-faqs/
Whitepaper - https://bitwarden.com/help/article/bitwarden-security-white-paper/

These should cover your questions thoroughly!


Have a read.
 

stan

Well-Known Member
Credits
7,680
On a related note: 1Password just announced yesterday on their blog that they now offer a native Linux desktop version for most major distributions. It's not for me (I'll stick with KeePass)... but perhaps some of you may be interested. It's not free, but they offer a free trial.
 

Condobloke

Well-Known Member
Credits
15,923
And on another related note: Firefox has plans for their password manager....Lockwise

As of Firefox version 80, data from other password managers can be imported to Lockwise
 

stan

Well-Known Member
Credits
7,680
Everyone, this thread is becoming a password manager discussion, rather than a Lastpass discussion. Maybe you should open a specific thread discussing password managers only. That will help most users who use the search box above if they are looking for info about password manager.
Agreed. We seem to have hijacked this thread from friend @Vrai, the OP, and he has not replied here in over 4 months. Oops! Sorry! :oops:
 

KGIII

Super Moderator
Staff member
Gold Supporter
Credits
27,953
@Vrai, let me know if you want this reopened as your question remains unresolved, or maybe moved to off-topic and reopened.

Until then, @Condobloke created a lovely, more generic thread here:


Otherwise, this thread has run its course and 'tis time to close it.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Credits
18,283
Agreed. And I guess, in password manager terms, its beginnings nearly 18 months ago might make it redundant in terms of how things change in our Linux World :)

Our friend and valued Member @Vrai has shown his approval with a couple of Likes posted above.

Avagudweegend all and stay safe.

Wizard
 
Status
Not open for further replies.
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online


Top