DCC Forum
A by-request forum where viewers may engage with show hosts - before, during, and after LiveStreams.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
4 REPLIES 4

Leslie_Hubertus
Community Manager
Community Manager

New year, new Buu?

 

buulam
Community Manager
Community Manager

So I'm personally on an alternative password manager. But the LastPass breach definitely has me thinking about what my procedure will be should I have an issue with it.

A focus right now:

  • I do have some poor password hygeine in a couple spots that I need to clean up
  • Need to pull in family members into a better password model - the kids are not the best with passwords, no fault of theirs
  • Need to evaluate breaches and my exposure with those sites (My password manager helps with that)

 

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral

LiefZimmerman
Community Manager
Community Manager

The interesting thing about the LastPass breach isn't, for me, just the passwords stored there but the other information that can be stored in sections of user vaults - and I think the same goes for any/all password managers.
Bad account password hygiene in individual accounts can be overcome in relatively short order with a dedicated effort (like what Aubrey said "Family Cyber Security Day") but...more permanent information such as Credit Card #'s , SSNs, password hints, and any other personal notes that people may keep in their respective vaults.
Regardless of which manager you use - the encryption and the quality of your master password is pretty much it right?
Assuming you choose to use an online password manager; What is the balance between security and convenience you employ for any of the password manager db's (because I think we should assume *ANY* of them *could* be compromised).

Another thing I haven't heard yet. Does having 2FA associated with the stolen vault (the attackers have a copy of) provide any further level of security?

One last thing I just thought of...does having that information (not the vault but all the rest of it) increase your exposure to effective Phishing/SpearPhishing attacks. Without thinking too deeply on that...I think the answer is yes.

Totally agree. While there's the straight forward threat of leaked password, there is a lot of additional information that can cause further harm.

2FA should help!

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral