PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

You are here: Home / Google+ Posts / Welp, #CNET  was hacked, change your passwords or better yet use LastPass

Welp, #CNET  was hacked, change your passwords or better yet use LastPass

by 16 Comments

Welp, #CNET  was hacked, change your passwords or better yet use LastPass
Every time this sort of thing comes up I recommend +LastPass as it simplifies keeping your passwords random, different for each site, and yet always available and simple to use. Once unlocked you can configure LastPass to auto-log into websites. So no need to remember those pesky, unique, passwords.  LastPass Sentry even monitors your accounts for security breaches for free! In addition to LastPass you should use Authy or Google Authenticator (which works with LastPass) and use two-step authentication. You should use it because 2-step verification can significantly reduce the chances of having the personal information in your Google account stolen by someone else.
LastPass: https://lastpass.com/f?618786
Authy: https://www.authy.com/
Google Authenticator: http://www.google.com/landing/2step/
h/t: +Simon Cousins for the heads up on this one

Reshared post from +Simon Cousins

Password changing time…

  #CNET   #UseLastPass   

Usernames and passwords stolen as CNET is hacked
More than one million users have had their usernames and passwords stolen as technology site CNET is hacked.

View this post on Google+

Comments

  5. Wrong +Eric Hansen.  Bad info.  +LastPass has not been compromised.

    Get the facts from the Security Now podcast.

    The vulnerability in several web based password manager was responsibly disclosed and fixed.  

    The main stream media who care little about facts and more about sensationalist headlines and click-bait did not report the issue accurately.

    Also, when using a YubiKey, or other similar multifactor addon to +LastPass, the compsomise of a master password, if ever possible, is still irrelevant as hackers do not have physical access to my Yubikey device.

  6. Even if Lastpass hasn't been compromised now, it's still a single point of failure for all your online accounts if it does actually get compromised in the future. Even if my data is encrypted and it would take hundreds of years to decrypt, I still wouldn't feel comfortable with anyone else having that data.

    Lastpass is also very dated looking these days and it can be annoying to deal with. If I were to go with any online password manager these days, it would be Dashlane, but as I said I don't feel comfortable putting my passwords in an online service like that.

  7. Yeah, that's what that post said, that it potentially affected 1% of users, and was exploited by a research team. Did you not read it or did you just really want to make a assholeish comment?

    Also, a few points about the article you linked to:
    * The exploits were done by security researchers. Not to downplay any vulnerability but let's be clear this wasn't a botnet or hacker group gaining access to anything. 
    * "…to issue a statement playing down vulnerabilities affecting its Java bookmarklets and…."   There was no issue in a Java bookmarklet because there is no such thing. There are JavaScript bookmarklets, but JavaScript is not Java. Again, not to downplay anything but given they can't get basic facts straight and the tone of the article I'd say they are using shock value to get readers. 

    What's your solution then +Eric Hansen? Oh nevermind, I just saw on one of your posts, you keep them…. in your head. rolling eyes 

    I never made a claim that anything was 100% secure. Anybody who makes that claim is full of shit. And yes, having a local password manager could be MORE secure, provided you can completely secure that box, but there's a trade off you're making for convenience. The lack of convenience in passwords is why most people use the same password EVERYWHERE. Also, I stated to use Two-Factor authentication. 

  8. Well +Luke Larris, sending an encrypted blob of information to +LastPass, that they have absolutely no ability to ever decrypt, is far more secure than the multitude of online services where they store passwords in plain text of non-salted formats.  People who do not use +LastPass seem to have no clue about the important aspect of them only having an encrypted blob that only you can ever decrypt.

  9. I also use 2-factor auth on every service that supports it, but that doesn't give me peace of mind enough to use an online password manager. To each their own though.

  10. Then you miss the point ot 2-factor +Luke Larris.  Without both factors each factor is not enough on its own to access a system of service.  2-factor is like a bike with 2 wheels.  Take a wheel off and you cannot ride it.

  11. Dashlane is pretty I'll give them that, but looks aren't the most important thing for me when it comes to this type of app. (Not a knock against Dashlane, just that LP has been around longer and I'm already a user of that one). 

    Good description of two-factor +Simon Cousins

  15. Pretty is nice, but LastPass works. It's as secure as anything I've ever seen. It works on every single device I own. I can share secure data with other family members. It audits my password collection. They monitor security breaches and help you stay updated. And almost all of that can be had for free. I'm a very happy Pro user. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.