LastPass has been hacked

[DarkArts]

Another day, another hack ...

The hacker stole a large amount of personal information including (encrypted) hashes of passwords. Brute forcing the hashes will be very resource intensive, especially if LastPass's implememtation was good, but it's not impossible.

So, if you were using LastPass as a password manager, it would be a good time to change your passwords:

Quote:

Originally Posted by ArsTechnica

LastPass customers should ensure they have changed their master password and all passwords stored in their vault. They should also make sure they're using settings that exceed the LastPass default.

[AstroViking (Steve)]

Rather than changing all your passwords, how about simply changing your LastPass 'Master Password'? That will re-encrypt your vault - so even if the bad guys do manage to find your old master password, it won't do them any good.

Or migrate to a new password manager. I moved from LP to BitWarden when LP killed multi-device support in their free offering.

Having said that, I am reminded of a very old saying: "If builders built buildings the way programmers write software, the first strong breeze would destroy civilisation."

[DarkArts]

Quote:

Originally Posted by AstroViking

Rather than changing all your passwords, how about simply changing your LastPass 'Master Password'?

Because the hackers have the hashes of all the passwords.

[iborg (Philip)]

Hi All


For some some people, using a password manager in a double mode mode is something to consider.


Have a look at the link here if you are interested.


Philip

[AstroViking (Steve)]

Hmmm. I read the article as saying the bad guys got the hashes of the master passwords for every user's password vaults. Hence my previous post.

IF the bad guys got the contents of everyone's vaults as well, then yeah, it's a world of pain.

Quote:

Originally Posted by DarkArts

Because the hackers have the hashes of all the passwords.