More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • dangblingus@lemmy.world
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    10
    ·
    1 year ago

    Pro Tip: You don’t need to give a private company all of your passwords. That literally defeats the purpose of having passwords.

    • Asafum@feddit.nl
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      7
      ·
      1 year ago

      A-fucking-men… but I was always given shit for saying this.

      Anything can be hacked or stolen, I don’t trust any company to secure my information. :/

      • TwilightVulpine@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        5
        ·
        1 year ago

        I keep thinking of the people who make their passwords garbled random text impossible to memorize but then they trust an online service to keep it safe and private. When breaches happen, maybe even a post-it note at home would have been more secure.

          • Soggy@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            7
            ·
            1 year ago

            Unique passwords for every single account is an over-abundance of caution. Sensitive accounts: financials, medical, email, yes those should all be insulated from single-source failures. Your xbox live, netflix, and instagram are probably fine as a universal “entertainment” password.

    • RIP_Apollo@feddit.ch
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      Except you’re giving your passwords in an encrypted format. So if the company is trustworthy, it’s safe to let them store your passwords because it’s encrypted in such a way that even the company who own the password manager couldn’t access your passwords even if they wanted to.

      (Note the caveat of “IF the company is trustworthy”, which rules out Lastpass)

      Now I accept that there are legitimate arguments against storing passwords in the cloud via a password manager… so in that case, you may wish to use a local password manager (like Keepass) instead. But realistically, a typical person isn’t capable of memorising lots of unique, secure passwords… so the passwords need to be written down or stored in a password manager, just to avoid weak passwords or password reuse.