Thus, if you had an account with say, Coinbase (a crypto exchange), the hackewr can see this from the hack even though he does not know your Coinbase login details. The attacker though already has all the email addresses associated with Lastpass accounts, and this combined with the URL information is a disaster waiting to happen. Not encypting URLs, which 1Password and Bitwarden, was a majot failure by Lastpass because the hacker can use this information for targeted attacks even though though the hacker may be unable to decrypt the vaults. The two main reasons I left LastPass are that they were not transparent about the breach and also that they do not enctypt URLs. Hacks and Breaches seem to come a lot more often now and it could happen to another Password Manager so I just see it that we need to be as pro-active regarding our own security as we possibly can. This does not mean I am done with LP but I shall remain cautious and careful. I also have left the Last Pass Authenticator Disabled & I use YubiKey for my Default 2FA. As for Last Pass I am still subscribed but do not have anything of importance left there. However, from what I understand from some, even with that, I could have had info lifted from the Last Pass Vault. I had already had my Last Pass at 600000 iterations, I had 2FA with YubiKey and a strong Master Password. I exported all my Last Pass to Bit Warden, changed my passwords on my financial sites and whatever sites I considered important and did not want to be compromised. I took cover to protect myself early on after finding out about the Breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |