29-Dec-2022 08:20 - last edited on 03-Jan-2023 11:21 by AubreyKingF5
New year, new Buu?
So I'm personally on an alternative password manager. But the LastPass breach definitely has me thinking about what my procedure will be should I have an issue with it.
A focus right now:
The interesting thing about the LastPass breach isn't, for me, just the passwords stored there but the other information that can be stored in sections of user vaults - and I think the same goes for any/all password managers.
Bad account password hygiene in individual accounts can be overcome in relatively short order with a dedicated effort (like what Aubrey said "Family Cyber Security Day") but...more permanent information such as Credit Card #'s , SSNs, password hints, and any other personal notes that people may keep in their respective vaults.
Regardless of which manager you use - the encryption and the quality of your master password is pretty much it right?
Assuming you choose to use an online password manager; What is the balance between security and convenience you employ for any of the password manager db's (because I think we should assume *ANY* of them *could* be compromised).
Another thing I haven't heard yet. Does having 2FA associated with the stolen vault (the attackers have a copy of) provide any further level of security?
One last thing I just thought of...does having that information (not the vault but all the rest of it) increase your exposure to effective Phishing/SpearPhishing attacks. Without thinking too deeply on that...I think the answer is yes.
Totally agree. While there's the straight forward threat of leaked password, there is a lot of additional information that can cause further harm.
2FA should help!