Forum Discussion
DevCentral Connects - Episode 107 - January 3, 2023
News Articles
- Meet the cybercriminals of 2022
- LastPass Attack Update
- Anyone liquid cooling within their data centers yet?
- Southwest Airlines blames IT breakdown for stranding holiday travellers
- Samsung's Android App-Signing Key Has Been Leaked... FOR 6 YEARS!
- New COVID-Bit Attack Vector Uses Power Supply Radiation to Breach Air-Gapped PCs.. Even Through Walls.
- Leslie_HubertusRet. Employee
New year, new Buu?
The interesting thing about the LastPass breach isn't, for me, just the passwords stored there but the other information that can be stored in sections of user vaults - and I think the same goes for any/all password managers.
Bad account password hygiene in individual accounts can be overcome in relatively short order with a dedicated effort (like what Aubrey said "Family Cyber Security Day") but...more permanent information such as Credit Card #'s , SSNs, password hints, and any other personal notes that people may keep in their respective vaults.
Regardless of which manager you use - the encryption and the quality of your master password is pretty much it right?
Assuming you choose to use an online password manager; What is the balance between security and convenience you employ for any of the password manager db's (because I think we should assume *ANY* of them *could* be compromised).
Another thing I haven't heard yet. Does having 2FA associated with the stolen vault (the attackers have a copy of) provide any further level of security?
One last thing I just thought of...does having that information (not the vault but all the rest of it) increase your exposure to effective Phishing/SpearPhishing attacks. Without thinking too deeply on that...I think the answer is yes.- buulamAdmin
Totally agree. While there's the straight forward threat of leaked password, there is a lot of additional information that can cause further harm.
2FA should help!
- buulamAdmin
So I'm personally on an alternative password manager. But the LastPass breach definitely has me thinking about what my procedure will be should I have an issue with it.
A focus right now:
- I do have some poor password hygeine in a couple spots that I need to clean up
- Need to pull in family members into a better password model - the kids are not the best with passwords, no fault of theirs
- Need to evaluate breaches and my exposure with those sites (My password manager helps with that)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com