What Are You Doing Right Now
-
@Dashrender said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
Got some heavy tunes blasting, coffee brewing (again)... so much to do before heading across town for the xmas-ing.
I also just remembered it is 17F out, so I finally put a space heater in the garage to keep those pipes from freezing.
17, that’s a heatwave compared to our -7
dont forget windchill dash
-
@WrCombs said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@RojoLoco said in What Are You Doing Right Now:
Got some heavy tunes blasting, coffee brewing (again)... so much to do before heading across town for the xmas-ing.
I also just remembered it is 17F out, so I finally put a space heater in the garage to keep those pipes from freezing.
17, that’s a heatwave compared to our -7
dont forget windchill dash
We are finally up to 0degF,… we were at -6 this morning.
-
@gjacobse hunkered down here in Western NY. Over 30 inches of snow and drifts over 6 ft tall
-
Time to change all of my passwords and get rid of LastPass
-
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
-
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
-
Merry Christmas
Happy holidays
-
Have to say it’s a good Christmas this year-
After a double bypass last Tuesday, my father in law came home last night.
We went down and cleared snow and ice from the driveway and steps. Glad he is home and recovering…
-
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
-
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
Yeah you really need to read that article.
-
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?
I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.
-
@Dashrender said in What Are You Doing Right Now:
is it time to change password managers?
I am. The fact they were so damn sketchy about it and happened so easily more than once. No thank you.
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
I agree with Obsolesce - it's time to reset all passwords. The question for me is - is it time to change password managers?
I'm probably going to change - which also means changing many people at my company - ug damn I'm going to have a lot of people saying - "see - told you having all of your passwords in a one place was bad" /sigh.
I had already started transitioning to Bitwarden, so doesn't change much for me.
I know they got the backups of the encrypted blobs. Again it comes down to 1: Do you have a good master password and 2: Do you trust LastPass' implementation of their code?
-
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
-
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
Time to change all of my passwords and get rid of LastPass
Time to replace Lastpass was years ago when they started tracking everyone.
Really, this isn't a reason to panic and change ALL your passwords unless you don't trust how Lastpass was designed.... If that's the case, why were you using it in the first place? Change your master password, done.
Read the article.
I haven't read this specific article, but I have seen lots of panic reporting saying "Change all your passwords right now!"
Which is only good advice if you've got a bad master password and no 2FA enabled.... Do the basic security things that you should be doing already, and no problem exists.
@Obsolesce is right - read it.
but since most won't - the hackers got into a backup of LP, they had access to all encrypted vaults. This means they can run hashes against the dbs offline, no MFA required.
Now sure, if you had a good LP password in the first place, this is much less of an issue, but not a zero issue situation.
Try understanding the facts of the technology.
Assuming you are not some idiot with a weak and/or reused master password, your vault is basic bulletproof. You have years to reset anything in the vault that you want reset.
Even the article linked by @Obsolesce does not say you need to change all your passwords, assuming you have your vault setup securely to LP recommended defaults.
I've read a number of other articles saying to go change all your passwords right away, so sounds like this one actually got it right.
This breach is no different than any other. Changing from LastPass because of it is a stupid over reaction.
Changing from LastPass because they are part of LogMeIn? I'm 100% behind that. But I'm lazy.
I had been meaning to move since LogMeIn added the tracking junk in, and the cost compared to the competition finally got me to switch.
-
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
-
what's another reputable pwd manager??
-
@siringo said in What Are You Doing Right Now:
@travisdh1 I recently looked at changing from LP, but I found they were priced similarly to everyone else.
I'll change my master & banking pwds, but don't think I'll worry about all my pwds.
Bitwarden is $10/year for the Personal Business account, LastPass was costing me $36/year for the Personal Premium.
-
@travisdh1 thanks. i'll check that out.
-
@siringo said in What Are You Doing Right Now:
what's another reputable pwd manager??
Bitwarden is what I chose. It has all the basic features needed in the open-source version. I chose a paid tier, but you are able to host it yourself if you wish.