Discover and read the best of Twitter Threads about #LastPass

Most recents (5)

⚠️ PLEASE WATCH & SHARE ⚠️ #2fa #security #hacked #lastpass #bitwarden #norton #sms #privacy
🛑 Why you should spend the time now! Not later… 🛑 #sec #2fa #identitytheft #id #privacy #security
🔥 Had @LastPass not leaked their entire password database I would be safe right now even if attackers has my real password. They claim this is a “feature” that makes them extra secure. This is on them but I was dumb enough to believe they could keep their data & source safe 🔥
Read 6 tweets
If you are a crypto degen and you use LastPass or a password manager, you need to read this ( Your future investment security may depend on it).
The whole #lastpass security breach over the last few months had me concerned.

I wasn't too sure what to do about it until I came across Steve Gibson's Security Now podcast with Leo Laporte.

Here is what I learned 👇
LastPass admitted that their off-site cloud backup of their customers’ mostly-encrypted vault data was hacked and is now in the hands of malicious actors.

Your password strength is the last line of defence, if you had an entropy of fewer than 50 Bits you need to act asap.
Read 8 tweets
Apparently 4 months ago #DCG and #Grayscale / $GBTC were suddenly "actively searching" for a Security Architect specifically for "cloud security standards" and "risk assessment"...

curiously tagged with #CISSP (computer security designer) and not, for instance, #compliance.

🚩
👆 maybe I'm projecting but that looks to me like the job listing I might post at the moment I was scrambling to recover from a security breach #DCG #Grayscale $GBTC
Here's some reasons about the wording used, the timing, and a couple other things made me at least raise my eyebrows: reddit.com/r/AskNetsec/co…
Read 6 tweets
Latest #LastPass breach may be worse than you think.

Attacker didn't just get encrypted passwords.

They got unencrypted URLs.

Think: URLs with account tokens, API keys & credentials, etc...

1/
blog.lastpass.com/2022/12/notice…
2/ Do your your employees use #LastPass?

Or how about your users?

Do you even know?

The unencrypted URL breach is bad news for your security model, and you should be thinking about mitigations.
3/ The issue: *unencrypted* URLs that #LastPass users have saved may in some cases contain sensitive information that can be leveraged for account access.

The entity that now has this trove of encrypted & unencrypted stuff is clearly well-resourced, capable and strategic.
Read 6 tweets
The #LastPass breach (just the latest, btw) is frustrating.

Users that didn't follow "best practices" for their master password are vulnerable (customer password vaults were stolen!).

But also because we've collectively spent years trying to move users to password managers. 1/
2/ #LastPass has a giant target on their back because of the juicy data & password trove that they handle.

And they are absolutely failing their customers.

At this point, each time I hear about Last Pass it's: hey, they had *another breach*
3/ Use a password manager!

It makes it easy to use different passwords for each service you use.

But give #LastPass... a pass.

There many better choices.

Personally, I like @1Password (they are also recommended by @ConsumerReports).
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!