Lastpass.

SailorSam

I have all my passwords stored in Lastpass, as i'm sure you know it was hacked into last week and crashed. It's a good job i had a copy written down and so been re-entering all the information, but i'm still having trouble. I've been trying to sign-on this morning and getting knocked back with a message to say i'm entering the wrong Master Password, must have tried a dozen times and given up.
Can anyone suggest a similar site i can switch to.

Enterprise_1701C

Before finding somewhere else to store them, have you changed all the passwords you had stored there?

SailorSam

Good thought that Jane, thanks i'll start writing this list again.
I've just been looking at Keepass, it looks quite good.

alanclarke

Have you tried reactiving Lastpass at https://lastpass.com/activate.php - it worked for me.


Details at http://www.betanews.com/article/LastPass-wont-let-anomaly-pass-forces-users-to-reset-passwords/1304620649

SailorSam

Had an email from Lastpass this morning with a link and finally got it working.
I think while i can get into see what passwords i have, it's time to write them down on a piece of paper.
I couldn't get on here last night, the Mse pass i thought i knew turned out to be wrong..

birkee

don't know how secure it is, but I compile my information in Word, and then convert it to an image file, so it can't be read as text.
(Word saved as a PDF, and PDF in Photoshop converted to an image. Delete the PDF file afterwards.)

Oh, and I keep a copy on an old 32Mb memory stick.

clinteestwood

Dont use online password managers!!!! theyre just not safe.. think about it. This IS putting all your eggs into one basket, but in this case its your keys into one drawer, thats not in your house, and you cant control if someone is opening that drawer or not. Maintaining a remote repository of your passwords is a genuine act of lunacy. It take a few good hackers to take that repo down. Please, for your own sake, find an alternative way storing your passwords.... like memorising them

cgk1

as i'm sure you know it was hacked into last week

Maybe - what happened was there was some strange network traffic which they couldn't explain, so as any security minded company should do, they put the servers in lock mode. Even if it was hacked, the risk is only to people who used weak dictionary based passwords. If you used a strong non-dictionary password, then even using brute force attacks it would take them decades if not hundreds of years to crack it. If you also used one of the two-factor authentication methods provided by lastpass (the grid, sesame, yubikey) then the risk is pretty much nil.

It's a good job i had a copy written down and so been re-entering all the information, but i'm still having trouble. I've been trying to sign-on this morning and getting knocked back with a message to say i'm entering the wrong Master Password

It actually sounds like you've set up another account - you shouldn't have re-entered the data - lastpass stores a copy on your hard-drive, you should have used that in off-line model instead until the problem was solved.

don't know how secure it is, but I compile my information in Word, and then convert it to an image file, so it can't be read as text.
(Word saved as a PDF, and PDF in Photoshop converted to an image. Delete the PDF file afterwards.)

Completely unsecure - if you can read it, a machine can read it.

cgk1

clinteestwood wrote: »

Dont use online password managers!!!! theyre just not safe.. think about it. This IS putting all your eggs into one basket, but in this case its your keys into one drawer, thats not in your house, and you cant control if someone is opening that drawer or not. Maintaining a remote repository of your passwords is a genuine act of lunacy. It take a few good hackers to take that repo down. Please, for your own sake, find an alternative way storing your passwords.... like memorising them

ludicrous scaremongering - the only way a normal person can remember all of the passwords they might use is to either write them down (insecure) or to use weak alpha-numerical passwords that they re-use from site to site - both are more more insecure than the risk posed by a service like last-pass set up correctly (even without two factor authentication).

closed

if your house gets burgled, you know about it straight away, if a 3rd party server/service gets hacked/compromised you don't. paper with your own personal encoding system is fine

birkee

cgk1 wrote: »

Maybe - what happened was there was some strange network traffic which they couldn't explain, so as any security minded company should do, they put the servers in lock mode. Even if it was hacked, the risk is only to people who used weak dictionary based passwords. If you used a strong non-dictionary password, then even using brute force attacks it would take them decades if not hundreds of years to crack it. If you also used one of the two-factor authentication methods provided by lastpass (the grid, sesame, yubikey) then the risk is pretty much nil.



It actually sounds like you've set up another account - you shouldn't have re-entered the data - lastpass stores a copy on your hard-drive, you should have used that in off-line model instead until the problem was solved.



Completely unsecure - if you can read it, a machine can read it.[/QUOTE]


Who going to go through hundreds of photographs looking for one containing an image of text?