Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
|
#1
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
This looks like at the very least it is embarrassing for a computer
security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. -- CB |
#2
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). |
#3
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. However, I am having second thoughts about storing my passwords in Chrome. |
#4
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
On 16/06/2015 12:50, GB wrote:
On 16/06/2015 12:41, Tim Watts wrote: On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. However, I am having second thoughts about storing my passwords in Chrome. You could use BitSync or SyncThing to distribute (via internet) the database across your machines. Both work on Windows, Linux + Android. SyncThing is open source. |
#5
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
In message , Nick
writes On 16/06/2015 12:50, GB wrote: On 16/06/2015 12:41, Tim Watts wrote: On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. However, I am having second thoughts about storing my passwords in Chrome. You could use BitSync or SyncThing to distribute (via internet) the database across your machines. Both work on Windows, Linux + Android. SyncThing is open source. which means you are now already past the point many users will want to/be able to get to grips with. It's really all about balance of risk. It's probably better that someone use Lastpass with a one strong password which means they can have good unique passwords for their various services than don't use anything and rely on remembering weak passwords and reusing them to often etc. -- Chris French |
#6
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
En el artículo , Chris French
escribió: rely on remembering weak passwords and reusing them to often etc. Password, n: the funny word on a Post-it note stuck to the monitor. -- (\_/) (='.'=) (")_(") |
#7
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
GB wrote:
On 16/06/2015 12:41, Tim Watts wrote: On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. Others may view things differently, but my passwords don't change very often, and it's a simple matter to email my KeePass database to my mobile devices from time to time. -- Mike Barnes Cheshire, England |
#8
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
GB wrote:
One advantage of a web based service is that your passwords are available on all your devices. However, I am having second thoughts about storing my passwords in Chrome. I simply copy my encrypted file of passwords to laptop etc. whenever they are at home (done automatically by a cron job). So any changes are available anywhere. I *never* save passwords in my web browser. I either use easy (for me) to remember ones on things that don't matter (like mailing lists and forums) or I keep properly secure ones in *my* encrypted file. -- Chris Green · |
#9
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
On 16/06/2015 13:07, Tim Streater wrote:
In article , GB wrote: On 16/06/2015 12:41, Tim Watts wrote: On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. The answer to that is only to have one device. Or have only one password ;-) -- CB |
#10
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
On Tuesday, 16 June 2015 16:28:39 UTC+1, CB wrote:
One advantage of a web based service is that your passwords are available on all your devices. The answer to that is only to have one device. Or have only one password ;-) Many people use the same password for a crappy webforum as they use for gmail (Other email suppliers are available). As soon as the scammers lift the password from the crappy webforum, they can login to gmail, and proceed to take over the account. At the *very* least you should have a password for accounts you don't care about, and another one for ones you do. Ideally though, you want different passwords for each account (for many people, ebay will be an important account and it was hacked a few years ago). That's where something like lastpass comes in. Sadly, there is no generically good solution which my sister can use on her home computer and her smartphone. (An example of a bright, but not particularly computer or security savvy person). |
#11
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
"Martin Bonner" wrote in message ... On Tuesday, 16 June 2015 16:28:39 UTC+1, CB wrote: One advantage of a web based service is that your passwords are available on all your devices. The answer to that is only to have one device. Or have only one password ;-) Many people use the same password for a crappy webforum as they use for gmail (Other email suppliers are available). As soon as the scammers lift the password from the crappy webforum, they can login to gmail, and proceed to take over the account. At the *very* least you should have a password for accounts you don't care about, and another one for ones you do. Ideally though, you want different passwords for each account (for many people, ebay will be an important account and it was hacked a few years ago). That's where something like lastpass comes in. Sadly, there is no generically good solution which my sister can use on her home computer and her smartphone. (An example of a bright, but not particularly computer or security savvy person). There is actually, a decent stand alone password manager and automatically synching the encrypted database across the devices with any one of a number of auto synch systems that only have to be setup once and can even be setup by someone like that effortlessly just by keeping the encrypted password database in a particular folder etc. Personally I prefer to go even further and have a combined password manager and form filler that avoids having to enter your basic details like addresses and card numbers etc more than once as well, like Roboform. Note that I don't use their central storage of the encrypted database, I just synch that using something else like dropbox. |
#12
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
"Tim Streater" wrote in message .. . In article , GB wrote: On 16/06/2015 12:41, Tim Watts wrote: On 16/06/15 12:16, CB wrote: This looks like at the very least it is embarrassing for a computer security firm https://blog.lastpass.com/2015/06/la...y-notice.html/ Although it seems that users are not at significant risk. Why in God's name would ANYONE use such a service? KeepassX and other solutions work well and remain under user control (KeepassX is also open source for the ruely paranoid who may want to recompile the code themselves). One advantage of a web based service is that your passwords are available on all your devices. The answer to that is only to have one device. Makes a lot more sense to have more than done device and either manually move the encrypted database between them when anything changes or have that done automatically. |
#13
Posted to uk.d-i-y
|
|||
|
|||
OT Lastpass security breached
En el artículo , Tim Watts
escribió: Why in God's name would ANYONE use such a service? My thought too. Eggs and baskets come to mind. -- (\_/) (='.'=) (")_(") |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Security gone... a bit OTT | UK diy | |||
High Security = Low Security | UK diy | |||
Help with security | Home Repair | |||
Want small security camera for internal security | Home Repair | |||
Cavity Wall Breached with water? | UK diy |