LastPass may have been hacked–This just in from ghacks.net UPDATE

I think it's never a good idea to save passwords online.

I use the app KeePass, it's pretty easy to use and it's save.

Seems I wrote about this before. I never trusted this method.

Thanks for the tip.  Master password changed.

My password is 27 characters long, they would be hard pressed to brute force it. Still it's better safe than sorry.

Thanks, Doc and Hankers.

How ironic, I decided to be cautious about this and change and back up my passwords on lastpass. Imagine my luck that not only does Firefox and the lastpass extension fail to change my password but also failed to backup my passwords and I have now lost everything I had on the site. Lucky for me I tend to have more than one backup thru different methods and so I still have my websites and passwords although there is a chance a couple may not be updated but that should not be a problem. As of this moment I will no longer use Lastpass as I am very disappointed how difficult it was to export a backup and even harder to import it.

I will now try keepass instead. Thanks for the tip.

Good call, thanks.

I only registered a couple of days ago, which makes me question my decision. Need to look into KeePass then.

On a side note, someone in this thread, I'm not naming any names, stole my self-stolen avatar. Is there no honor among thieves these days?

I'm red with rage!

 ....up the irons, mate!

How do you change your master password? I can't seem to find the option.

-Side note, I'm not too worried because I only manage passwords to sites I don't care about with lastpass.

I use to work for the State Dept of Ed.  One of the Asst. Superintendents was probably brilliant in his field, but lacked any technical sense.  So if we had to work on his computer, we merely looked at the side of his monitor where his password was written down (along with his login ID).

He may have had a more secure method than any online method used today.

http://lastpass.com/support.php?cmd=showfaq&id=375



I store my passwords in MY memory, it's harder to hack

Wait a minute. If they steal my identity do they also get my degenerative back pain as well? And my mom-in-law who I love SO VERY MUCH that has been living in my recliner since Christmas? And ALL the f*cking issues that come with having Skinhit as my arch-nemesis???????? There is potential for something good to come out of this, right?

For anyone else, I'd say probably.

Not for you, Smedley.   

*where's that third finger 'smiley' when I need it?  :karma:

You're just jealous cause no one WANTS to steal YOUR identity.  I, on the other hand, am just that fucking awesome.

Lifehacker has came up with

'alternative password solution that doesn't store your passwords on someone else's servers'.

If anyone would like to have a look, http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud

Haven't used LastPass since FF 3.6.12. There was the todo with add-ons screwing up FF at the time. Tried it on FF4 and the add-on still screws with it.

Just a quick question, are my passwords safer stored on my computer, with Keepass or other alternatives, than they are in the cloud with LastPass? having read several articles on the LastPass problem, it would seem that LastPass has been very responsible in it's actions on what is a relatively small problem compared to the hacking problems some have faced in recent months & their expertise in security would be far superior to mine on my PC.

Sounds like a lotta Bunk to me.

Nice article in Lifehacker about "non Cloud" alternatives to LastPass:

http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud

Well, with KeePass, you can choose to use a Master Password, or a key file, resident only in your head or on your hard disk, or both, to provide the permission for the unlocking.  To get the passwords from an existing LastPass account you know the username and password to, see http://www.computersolving.com/windows-pc/export-lastpass-passwords-to-keepass-stickypassword/.  You can integrate KeePass Password Safe 2 into Firefox or Pale Moon 4 by installing KeePassHttp (by putting the file with that name and .plgx extension into the KeePass directory) and installing PassIFox into Firefox/Pale Moon 4, going to the Tools -> Add-ons page and setting up the default file for KeePassFox (by giving it a name).  Then you right click in the username field in a web-site, click "Fill User & Pass" and give the similarly named website address permission to enter the details for that website from your KeePass program open on your local computer.

I think the only way your information could be compromised on the local computer is it has been infected by a trojan and keylogger so it could capture your Master Password.  But if you have a key file and Master Password this might not be possible.

What do others think?  Letting LastPass store your data blob (and even now, it doesn't look like much was lost, and they don't store username and password in unhashed form on their systems), or using KeePass and plugins with a Master Password and/or key file combination and the Firefox 4 plugin (which also works in Pale Moon 4)?

Best regards,
Steven.

StevenAus, I don't think there's a perfect solution... You pointed up the shortcomings of both quite well. I changed my LastPass account Master, but that's only good until the next time.

If only it were that simple.  Unfortunately I have literally dozens (soon to be hundreds) of passwords and cannot remember which is which.  My rememberer is getting weaker as I age.

The catch-22 of the information age is that as they try stronger protections of systems, it becomes harder for the user to "remember" passwords, so they seek alternatives.  And of course as StevenAus and you point out, none are  perfect.

I suffer from an illness that affects my memory & old age, can't remember what I did 2 minutes ago on a bad day, so I have to rely on a password manager, even on sites I visit every day, but I do not use them for my bank details etc. But then, the only way to be really safe is not to use the computer, then what would I do all day! 

Why hasn't one of the scripting wizards HERE come up with a DXWidget/Object to store passwords?

"A strange game. The only winning move is not to play."

Joshua - War Games

Or at SD. I think you should approach them with your idea. You could do the graphics for it....