Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-15-2015, 06:26 PM
|
#1
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
LastPass compromised. - Change your Master Password NOW
|
|
|
06-15-2015, 06:31 PM
|
#2
|
Senior Member
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,190
|
personally I always thought services like this was just an accident waiting to happen, if you store your passwords securely on your local machine it must be a better idea than having them all on some public server that is advertising to the hacker world ' Hey look I've got all these passwords, come and get them!'
I use an encryped sql database for mine and only run the mysql server when I actually need to access the information.
|
|
1 members found this post helpful.
|
06-15-2015, 06:34 PM
|
#3
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,297
|
<sarcasm>But lookee! How convenient! An' I don't even have to think about nuthin'!</sarcasm>
Last edited by astrogeek; 06-15-2015 at 06:36 PM.
|
|
|
06-15-2015, 06:37 PM
|
#4
|
Senior Member
Registered: Jun 2010
Location: Wiltshire, UK
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,190
|
You windows user you
|
|
|
06-15-2015, 08:02 PM
|
#5
|
Member
Registered: Mar 2015
Distribution: Linux Mint
Posts: 634
|
Quote:
The attackers, however, did compromise LastPass account email addresses, password reminders, per-user salts, and authentication hashes.
|
So in other words, they did actually take good security and passwords weren't divulged since they were hashed. Having salts exposed seems like it exposes it to rainbow tables but otherwise as long as users change their pass, nothing was really compromised except user emails. It also looks like they used a difficult cipher so it'll take awhile to find out what the master passwords are.
So the real loss was email addresses were leaked.
I don't use lastpass but it still looks like a useful service. Definitely a better option then using a simple pass for everything. Not to mention rather then needing to change hundreds of passwords, the only one that needs to be changed is the master one.
Of course, critical ones (bank) should also be changed.
|
|
|
06-16-2015, 11:33 PM
|
#6
|
LQ Guru
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,333
|
Yeah, the hackers didn't get any passwords because LastPass was doing things right. I'm not a user, but my confidence in them has increased after hearing this.
|
|
|
06-17-2015, 01:14 PM
|
#7
|
LQ Newbie
Registered: Jun 2015
Posts: 5
Rep:
|
I use ccrypt to encrypt my text file with my user accounts and passwords and when I need to generate a strong password I use an alias like
Code:
alias gp="tr -dc [:graph:] < /dev/urandom | head -c 15 | xargs -0"
For my important accounts that has my financial information, I'll change the passwords every six months or so. One thing is certain, nothing is fail proof. We have to be proactive even though it's an inconvenience at times.
|
|
|
06-17-2015, 04:45 PM
|
#8
|
Senior Member
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943
|
LastPass doesn't even have the master password, AFAIK. All they have is the encrypted file, not your master password. Password reminders might be of some help to hackers in some cases, but if you really need a reminder of your LastPass password, you're not doing it right. I've never given them a reminder, so it won't help anyone. And the email address I use for it is a throwaway. GMail addresses are plentiful and free, and useful for some things, such as this.
|
|
|
06-17-2015, 06:45 PM
|
#9
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Original Poster
Rep:
|
my password reminder there is F**k you
|
|
|
06-18-2015, 11:46 AM
|
#11
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,861
|
Quote:
Originally Posted by John VV
well if your password IS "MargaretThatcheris110SEXY" ...
|
It means either that you are Blind, or that you are Utterly Mad, or that you are Poor Mr. Thatcher.
As for me, I ordinarily either use the "Keychain" service of something like OS/X, or a more-transportable tool such as PasswdSafe. With the latter, a file containing the encrypted content can be moved among multiple systems, say, phones, all of which can read it. (But I have had some transportability issues.) PasswdSafe in all of its implementations is, I believe, open-source.
|
|
|
All times are GMT -5. The time now is 06:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|