DevCentral Connects - Episode 107 - January 3, 2023

New year, new Buu?

The interesting thing about the LastPass breach isn't, for me, just the passwords stored there but the other information that can be stored in sections of user vaults - and I think the same goes for any/all password managers.
Bad account password hygiene in individual accounts can be overcome in relatively short order with a dedicated effort (like what Aubrey said "Family Cyber Security Day") but...more permanent information such as Credit Card #'s , SSNs, password hints, and any other personal notes that people may keep in their respective vaults.
Regardless of which manager you use - the encryption and the quality of your master password is pretty much it right?
Assuming you choose to use an online password manager; What is the balance between security and convenience you employ for any of the password manager db's (because I think we should assume *ANY* of them *could* be compromised).

Another thing I haven't heard yet. Does having 2FA associated with the stolen vault (the attackers have a copy of) provide any further level of security?

One last thing I just thought of...does having that information (not the vault but all the rest of it) increase your exposure to effective Phishing/SpearPhishing attacks. Without thinking too deeply on that...I think the answer is yes.

So I'm personally on an alternative password manager. But the LastPass breach definitely has me thinking about what my procedure will be should I have an issue with it.

A focus right now:

• I do have some poor password hygeine in a couple spots that I need to clean up
• Need to pull in family members into a better password model - the kids are not the best with passwords, no fault of theirs
• Need to evaluate breaches and my exposure with those sites (My password manager helps with that)