This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.

--
CB

On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.


Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.


Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are
available on all your devices. However, I am having second thoughts
about storing my passwords in Chrome.

On 16/06/2015 12:50, GB wrote:
On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.


Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are
available on all your devices. However, I am having second thoughts
about storing my passwords in Chrome.

You could use BitSync or SyncThing to distribute (via internet) the
database across your machines. Both work on Windows, Linux + Android.
SyncThing is open source.

In message , Nick
writes
On 16/06/2015 12:50, GB wrote:
On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.


Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are
available on all your devices. However, I am having second thoughts
about storing my passwords in Chrome.

You could use BitSync or SyncThing to distribute (via internet) the
database across your machines. Both work on Windows, Linux + Android.
SyncThing is open source.

which means you are now already past the point many users will want
to/be able to get to grips with.

It's really all about balance of risk. It's probably better that someone
use Lastpass with a one strong password which means they can have good
unique passwords for their various services than don't use anything and
rely on remembering weak passwords and reusing them to often etc.
--
Chris French

En el artículo , Chris French
escribió:

rely on remembering weak passwords and reusing them to often etc.

Password, n: the funny word on a Post-it note stuck to the monitor.

--
(\_/)
(='.'=)
(")_(")

GB wrote:
On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/


Although it seems that users are not at significant risk.


Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are
available on all your devices.

Others may view things differently, but my passwords don't change very
often, and it's a simple matter to email my KeePass database to my
mobile devices from time to time.

--
Mike Barnes
Cheshire, England

GB wrote:

One advantage of a web based service is that your passwords are
available on all your devices. However, I am having second thoughts
about storing my passwords in Chrome.

I simply copy my encrypted file of passwords to laptop etc. whenever
they are at home (done automatically by a cron job). So any changes
are available anywhere.

I *never* save passwords in my web browser. I either use easy (for
me) to remember ones on things that don't matter (like mailing lists
and forums) or I keep properly secure ones in *my* encrypted file.

--
Chris Green
·

On 16/06/2015 13:07, Tim Streater wrote:
In article , GB
wrote:

On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/

Although it seems that users are not at significant risk.

Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are
available on all your devices.

The answer to that is only to have one device.

Or have only one password ;-)

--
CB

On Tuesday, 16 June 2015 16:28:39 UTC+1, CB wrote:
One advantage of a web based service is that your passwords are
available on all your devices.

The answer to that is only to have one device.

Or have only one password ;-)

Many people use the same password for a crappy webforum as they use for gmail
(Other email suppliers are available). As soon as the scammers lift the password
from the crappy webforum, they can login to gmail, and proceed to take over the
account. At the *very* least you should have a password for accounts you don't
care about, and another one for ones you do. Ideally though, you want different
passwords for each account (for many people, ebay will be an important account
and it was hacked a few years ago). That's where something like lastpass comes
in.

Sadly, there is no generically good solution which my sister can use on her
home computer and her smartphone. (An example of a bright, but not particularly
computer or security savvy person).

"Martin Bonner" wrote in message
...
On Tuesday, 16 June 2015 16:28:39 UTC+1, CB wrote:
One advantage of a web based service is that your passwords are
available on all your devices.

The answer to that is only to have one device.

Or have only one password ;-)

Many people use the same password for a crappy webforum as they use for
gmail
(Other email suppliers are available). As soon as the scammers lift the
password
from the crappy webforum, they can login to gmail, and proceed to take
over the
account. At the *very* least you should have a password for accounts you
don't
care about, and another one for ones you do. Ideally though, you want
different
passwords for each account (for many people, ebay will be an important
account
and it was hacked a few years ago). That's where something like lastpass
comes
in.

Sadly, there is no generically good solution which my sister can use on
her
home computer and her smartphone. (An example of a bright, but not
particularly
computer or security savvy person).

There is actually, a decent stand alone password manager and automatically
synching the encrypted database across the devices with any one of a number
of auto synch systems that only have to be setup once and can even be setup
by someone like that effortlessly just by keeping the encrypted password
database in a particular folder etc.

Personally I prefer to go even further and have a combined password
manager and form filler that avoids having to enter your basic details
like addresses and card numbers etc more than once as well, like Roboform.

Note that I don't use their central storage of the encrypted database,
I just synch that using something else like dropbox.

"Tim Streater" wrote in message
.. .
In article , GB
wrote:

On 16/06/2015 12:41, Tim Watts wrote:
On 16/06/15 12:16, CB wrote:
This looks like at the very least it is embarrassing for a computer
security firm

https://blog.lastpass.com/2015/06/la...y-notice.html/

Although it seems that users are not at significant risk.

Why in God's name would ANYONE use such a service?

KeepassX and other solutions work well and remain under user control
(KeepassX is also open source for the ruely paranoid who may want to
recompile the code themselves).

One advantage of a web based service is that your passwords are available
on all your devices.

The answer to that is only to have one device.

Makes a lot more sense to have more than done device
and either manually move the encrypted database between
them when anything changes or have that done automatically.

En el artículo , Tim Watts
escribió:

Why in God's name would ANYONE use such a service?

My thought too. Eggs and baskets come to mind.

--
(\_/)
(='.'=)
(")_(")