Forum Discussion

4 Replies

  • The interesting thing about the LastPass breach isn't, for me, just the passwords stored there but the other information that can be stored in sections of user vaults - and I think the same goes for any/all password managers.
    Bad account password hygiene in individual accounts can be overcome in relatively short order with a dedicated effort (like what Aubrey said "Family Cyber Security Day") but...more permanent information such as Credit Card #'s , SSNs, password hints, and any other personal notes that people may keep in their respective vaults.
    Regardless of which manager you use - the encryption and the quality of your master password is pretty much it right?
    Assuming you choose to use an online password manager; What is the balance between security and convenience you employ for any of the password manager db's (because I think we should assume *ANY* of them *could* be compromised).

    Another thing I haven't heard yet. Does having 2FA associated with the stolen vault (the attackers have a copy of) provide any further level of security?

    One last thing I just thought of...does having that information (not the vault but all the rest of it) increase your exposure to effective Phishing/SpearPhishing attacks. Without thinking too deeply on that...I think the answer is yes.

    • buulam's avatar
      Icon for Admin rankAdmin

      Totally agree. While there's the straight forward threat of leaked password, there is a lot of additional information that can cause further harm.

      2FA should help!

  • So I'm personally on an alternative password manager. But the LastPass breach definitely has me thinking about what my procedure will be should I have an issue with it.

    A focus right now:

    • I do have some poor password hygeine in a couple spots that I need to clean up
    • Need to pull in family members into a better password model - the kids are not the best with passwords, no fault of theirs
    • Need to evaluate breaches and my exposure with those sites (My password manager helps with that)