The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Free registration at the forum removes this block.

Huge Security Alert: LastPass Suffers Major Data Breach - Here's What You Need to Know to Protect Yourself!

Anything related to bitcoin, crypto, blockchain

inputchip

Gold Contributor
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
409%
Mar 26, 2017
312
1,277
www.tmkings.com
LASTPASS USERS READ THIS!!

1) If you use LastPass, attackers probably have a copy of your vault. CHANGING YOUR MASTER PASSWORD NOW WON’T HELP, they already have a copy that is unlockable with your old password.

What to do?

First, Stop using LastPass.

2) We don’t know how bad things are. It’s possible that attackers have ongoing access, so don’t just change your passwords and put them back into LastPass.

We will take care of urgent accounts first, manually, then set up a new password manager.

3) Move your crypto assets to new wallets.

If you had seed phrases in your LastPass, STOP EVERYTHING ELSE YOU’RE DOING RIGHT NOW.

Generate new wallets, write the seed phrases on a piece of paper ONLY, and move all your assets to the new wallets.

4) Don’t waste time coming up with a perfect custody solution, that’s time you don’t have.

If the attacker has access to your seed phrases, they can take your assets at any time and you can’t reverse that.

Move your assets safely first, then think about long term storage later.

5) Change your passwords on crypto exchanges and other financial stuff.

Write down passwords on paper for now. Use a different password each exchange.

Turn 2FA on, and make sure the 2FA code isn’t stored inside LastPass. If it was, remove 2FA and set it up again on another app.

6) Change passwords for your email accounts.

Anyone who has access to your email can access your other accounts via “forgot password” mechanisms, so make sure your email is safe.

Unique password per service, write it down on paper, use 2FA that wasn’t stored on LastPass

7) Also change your Apple iCloud and Google accounts’ passwords and 2FA.

These accounts probably can access data on your iPhone/Android, via backups and cloud sync, and potentially lock you out of stuff, so definitely change those ASAP.

8) You've now protected your most critical stuff

Now set up a new password manager.

Consider 1Password/Bitwarden/Keepass.

Set one up, with a new, strong master password. Store your new passwords in it.

No seed phrases! Those are too critical for an online password manager.

9) Now that you have a new password manager you should go ahead and use it to change your passwords on all your non-critical accounts.

Yes, all.

You probably have a lot, so prioritize the more important ones. Work accounts, file/photo storage, social media.

10) Plan a long term solution for your self-custody crypto assets.

Don’t keep the quick wallets you created before forever. Don’t use a password manager for those either.

Research hardware wallets, multisig, or if you have no idea what you’re doing consider a trusted custodian.

11) But whatever you do, if you used LastPass, act now. Don’t wait. You’re at risk.

Merry Christmas everyone, stay safe out there.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

MJ DeMarco

I followed the science; all I found was money.
Staff member
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
445%
Jul 23, 2007
38,082
169,504
Utah
Wow. I wouldn't use LastPass and didn't find it very safe as I posited if it was hacked, I'd be F*cked. So I stopped using it after 1 week.

Hope no one gets screwed on this.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
LASTPASS USERS READ THIS!!

1) If you use LastPass, attackers probably have a copy of your vault. CHANGING YOUR MASTER PASSWORD NOW WON’T HELP, they already have a copy that is unlockable with your old password.

What to do?

First, Stop using LastPass.

2) We don’t know how bad things are. It’s possible that attackers have ongoing access, so don’t just change your passwords and put them back into LastPass.

We will take care of urgent accounts first, manually, then set up a new password manager.

3) Move your crypto assets to new wallets.

If you had seed phrases in your LastPass, STOP EVERYTHING ELSE YOU’RE DOING RIGHT NOW.

Generate new wallets, write the seed phrases on a piece of paper ONLY, and move all your assets to the new wallets.

4) Don’t waste time coming up with a perfect custody solution, that’s time you don’t have.

If the attacker has access to your seed phrases, they can take your assets at any time and you can’t reverse that.

Move your assets safely first, then think about long term storage later.

5) Change your passwords on crypto exchanges and other financial stuff.

Write down passwords on paper for now. Use a different password each exchange.

Turn 2FA on, and make sure the 2FA code isn’t stored inside LastPass. If it was, remove 2FA and set it up again on another app.

6) Change passwords for your email accounts.

Anyone who has access to your email can access your other accounts via “forgot password” mechanisms, so make sure your email is safe.

Unique password per service, write it down on paper, use 2FA that wasn’t stored on LastPass

7) Also change your Apple iCloud and Google accounts’ passwords and 2FA.

These accounts probably can access data on your iPhone/Android, via backups and cloud sync, and potentially lock you out of stuff, so definitely change those ASAP.

8) You've now protected your most critical stuff

Now set up a new password manager.

Consider 1Password/Bitwarden/Keepass.

Set one up, with a new, strong master password. Store your new passwords in it.

No seed phrases! Those are too critical for an online password manager.

9) Now that you have a new password manager you should go ahead and use it to change your passwords on all your non-critical accounts.

Yes, all.

You probably have a lot, so prioritize the more important ones. Work accounts, file/photo storage, social media.

10) Plan a long term solution for your self-custody crypto assets.

Don’t keep the quick wallets you created before forever. Don’t use a password manager for those either.

Research hardware wallets, multisig, or if you have no idea what you’re doing consider a trusted custodian.

11) But whatever you do, if you used LastPass, act now. Don’t wait. You’re at risk.

Merry Christmas everyone, stay safe out there.
There are many free generated on demand passwords generators (dynamical passwords), which do not store passwords in any place (so it not possible to hack them from an encrypted storage).
 

Keeton

Bronze Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
163%
Mar 17, 2021
83
135
Phoenix, AZ
One thing I love about paper, is that it cant be hacked. Neither can the mind. I store all my important passwords in a notebook, and in my mind. There is no such thing as an un-hackable piece of tech. Storing all your passwords on a network is not a very intelligent thing to do at all.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

GPM

Legendary Contributor
EPIC CONTRIBUTOR
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
376%
Oct 25, 2012
2,067
7,775
Canada
I use lastpass and I have literally hundreds of random string 64ish character passwords for everything. From what I gather everything is still encrypted, and as long as the hackers don't have your masterpassword there is nothing they can do with it, but I am not sure.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
I use lastpass and I have literally hundreds of random string 64ish character passwords for everything. From what I gather everything is still encrypted, and as long as the hackers don't have your masterpassword there is nothing they can do with it, but I am not sure.
It is a matter of time and computers speeds to break any encryption by the brute force algorithm. More advanced algorithms significantly speed up this process. Do not store your passwords, crypto keys, etc. on internet in encrypted files if you want to be sure.
 

SEBASTlAN

Marketing Wizard
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
149%
Dec 22, 2014
1,888
2,813
Los Angeles
Thanks for the heads up. I have hundreds of passwords setup with LP. Is there no other way to circumvent the hackers?

I have 2FA and changed my master password.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

BLLD

PARKED
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
User Power
Value/Post Ratio
0% - New User
Sep 27, 2022
6
0
I use lastpass and I have literally hundreds of random string 64ish character passwords for everything. From what I gather everything is still encrypted, and as long as the hackers don't have your masterpassword there is nothing they can do with it, but I am not sure.
I use lastpass too and I have done some research today on this and found that there are many techniques hackers can use to obtain your master password such as brute force attacks, credential stuffing, scamming it out of people by pretending to be lastpass on calls/emails etc. So I don't think you can rely on your old master password keeping all of your passwords safe. At the very least you need to change your master password AND all the passwords to your websites that you stored in lastpass either back into lastpass or another password manager or use another system.

Does anyone use a system that is not a password manager to generate, share and withdraw passwords within a team? I am considering switching to another password manager but before I do I am just wondering if there is a better concept for dealing with the issues of sharing and controlling passwords amongst a team of people?
 

GPM

Legendary Contributor
EPIC CONTRIBUTOR
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
376%
Oct 25, 2012
2,067
7,775
Canada
I am not sure if it is possible with current technologies to brute force your master password if you have a proper password in there. Maybe I am being optimistic, but I have over 30 characters in my master password.

Square.png
 

BLLD

PARKED
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
User Power
Value/Post Ratio
0% - New User
Sep 27, 2022
6
0
I am not sure if it is possible with current technologies to brute force your master password if you have a proper password in there. Maybe I am being optimistic, but I have over 30 characters in my master password.

View attachment 46516
I believe you are right in assuming brute force will not work on a very secure master password however you have to remember there are other ways hackers try to obtain your master password so you need to be equally confident that none of those techniques will work on your master password as well. Also do you use lastpass to share passwords with family or colleagues? If so you have to consider all these factors on their master passwords too.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

GPM

Legendary Contributor
EPIC CONTRIBUTOR
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
376%
Oct 25, 2012
2,067
7,775
Canada
I believe you are right in assuming brute force will not work on a very secure master password however you have to remember there are other ways hackers try to obtain your master password so you need to be equally confident that none of those techniques will work on your master password as well. Also do you use lastpass to share passwords with family or colleagues? If so you have to consider all these factors on their master passwords too.
LP is mine and mine alone, There is 0 chance I would ever share something like that with anyone. Do people share that? I could see for a work setting, but for personal? Not a chance.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
I use lastpass too and I have done some research today on this and found that there are many techniques hackers can use to obtain your master password such as brute force attacks, credential stuffing, scamming it out of people by pretending to be lastpass on calls/emails etc. So I don't think you can rely on your old master password keeping all of your passwords safe. At the very least you need to change your master password AND all the passwords to your websites that you stored in lastpass either back into lastpass or another password manager or use another system.

Does anyone use a system that is not a password manager to generate, share and withdraw passwords within a team? I am considering switching to another password manager but before I do I am just wondering if there is a better concept for dealing with the issues of sharing and controlling passwords amongst a team of people?
"Does anyone use a system that is not a password manager to generate, share and withdraw passwords within a team?"

There are many free tools like https://dynpass.link
Use your master password as a key and change dates when you need to change all passwords. These passwords are not stored in any place (so they can not be stolen, hacked, broken, corrupted, confiscated, etc.). These are public passwords generators. You can buy a private password generator if you need a private access to the generator.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

BigRomeDawg

Gold Contributor
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
223%
Jan 22, 2014
472
1,054
Canada/USA
What @GPM said. Because of encryption, you have nothing to worry about if your master password follows best practices.

- 20+ characters with uppercase, lowercase, numbers, and symbols
- Completely unique (you don't use this password anywhere else)

If not then yeah probably a good idea to review/change all your passwords.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
LASTPASS USERS READ THIS!!

1) If you use LastPass, attackers probably have a copy of your vault. CHANGING YOUR MASTER PASSWORD NOW WON’T HELP, they already have a copy that is unlockable with your old password.

What to do?

First, Stop using LastPass.

2) We don’t know how bad things are. It’s possible that attackers have ongoing access, so don’t just change your passwords and put them back into LastPass.

We will take care of urgent accounts first, manually, then set up a new password manager.

3) Move your crypto assets to new wallets.

If you had seed phrases in your LastPass, STOP EVERYTHING ELSE YOU’RE DOING RIGHT NOW.

Generate new wallets, write the seed phrases on a piece of paper ONLY, and move all your assets to the new wallets.

4) Don’t waste time coming up with a perfect custody solution, that’s time you don’t have.

If the attacker has access to your seed phrases, they can take your assets at any time and you can’t reverse that.

Move your assets safely first, then think about long term storage later.

5) Change your passwords on crypto exchanges and other financial stuff.

Write down passwords on paper for now. Use a different password each exchange.

Turn 2FA on, and make sure the 2FA code isn’t stored inside LastPass. If it was, remove 2FA and set it up again on another app.

6) Change passwords for your email accounts.

Anyone who has access to your email can access your other accounts via “forgot password” mechanisms, so make sure your email is safe.

Unique password per service, write it down on paper, use 2FA that wasn’t stored on LastPass

7) Also change your Apple iCloud and Google accounts’ passwords and 2FA.

These accounts probably can access data on your iPhone/Android, via backups and cloud sync, and potentially lock you out of stuff, so definitely change those ASAP.

8) You've now protected your most critical stuff

Now set up a new password manager.

Consider 1Password/Bitwarden/Keepass.

Set one up, with a new, strong master password. Store your new passwords in it.

No seed phrases! Those are too critical for an online password manager.

9) Now that you have a new password manager you should go ahead and use it to change your passwords on all your non-critical accounts.

Yes, all.

You probably have a lot, so prioritize the more important ones. Work accounts, file/photo storage, social media.

10) Plan a long term solution for your self-custody crypto assets.

Don’t keep the quick wallets you created before forever. Don’t use a password manager for those either.

Research hardware wallets, multisig, or if you have no idea what you’re doing consider a trusted custodian.

11) But whatever you do, if you used LastPass, act now. Don’t wait. You’re at risk.

Merry Christmas everyone, stay safe out there.
Is not this hack present new great business opportunities?

There are many free passwords generators that do not store passwords in any place, therefore it is not possible to hack them (something that do not stored in some place). They have different names: generated on demand passwords, stateless passwords, dynamical passwords, etc.

Here are some opportunities that exist now:
-teach people how to use these free tools;
-develop courses on how to use these tools;
-create videos on how to use these tools;
-write e-books, articles, posts, etc. on this topic;
-offer additional services/products to these tools or based on these tools;
-add your idea here.

Cybersecurity is a booming business right now and as competition between US and China will increase, so the demand for cost efficient solutions in this field.


 
Last edited:

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
519%
May 29, 2013
1,876
9,731
Prob the best thing you can do, is export LastPass to 1Password and then work your way through the list in 1Password changing all your passwords in each site.

Pain? Sure. But a bigger pain would be getting hacked, right?

I didn't store important bank passwords, crypto, seed phrases, etc in mine. I mostly stored logins to sites I barely use.. so I feel pretty safe myself honestly.

However, some of you.. I feel your pain if you stored important info on there.

This is like the 2nd or 3rd LastPass breech. I don't think the other ones have as many as LastPass.

Also, this is a good time to generate a new "username" or email for those sites. Changing both the password and user name is a lot safer than just the password alone.

I typically change my email/username/password and order new credit cards ( new numbers ) at the start of every new year, so this is timely for me anyways.

Make sure to put a freeze on your credit reporting bureaus too.. just in case.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Creative_Name

Contributor
User Power
Value/Post Ratio
124%
Oct 17, 2022
63
78
Prob the best thing you can do, is export LastPass to 1Password and then work your way through the list in 1Password changing all your passwords in each site.

Pain? Sure. But a bigger pain would be getting hacked, right?

I didn't store important bank passwords, crypto, seed phrases, etc in mine. I mostly stored logins to sites I barely use.. so I feel pretty safe myself honestly.

However, some of you.. I feel your pain if you stored important info on there.

This is like the 2nd or 3rd LastPass breech. I don't think the other ones have as many as LastPass.

Also, this is a good time to generate a new "username" or email for those sites. Changing both the password and user name is a lot safer than just the password alone.
How about writing your passwords down?

If someone rifling through your password book is a concern, you can use some simple encryption on all the passwords like a Caesar cipher, and whenever you forget your password just remember the cipher key and decode the password you need.
 
Last edited:

eramart

Bronze Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
104%
Aug 31, 2015
169
176
Moscow, Russia
It looks like LastPass has ongoing problems with internal security policies. It is not the first leak, and there is some info floating around that older accounts are less protected. I’d switch.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
Prob the best thing you can do, is export LastPass to 1Password and then work your way through the list in 1Password changing all your passwords in each site.

Pain? Sure. But a bigger pain would be getting hacked, right?

I didn't store important bank passwords, crypto, seed phrases, etc in mine. I mostly stored logins to sites I barely use.. so I feel pretty safe myself honestly.

However, some of you.. I feel your pain if you stored important info on there.

This is like the 2nd or 3rd LastPass breech. I don't think the other ones have as many as LastPass.

Also, this is a good time to generate a new "username" or email for those sites. Changing both the password and user name is a lot safer than just the password alone.

I typically change my email/username/password and order new credit cards ( new numbers ) at the start of every new year, so this is timely for me anyways.

Make sure to put a freeze on your credit reporting bureaus too.. just in case.
"I typically change my email/username/password and order new credit cards ( new numbers ) at the start of every new year, so this is timely for me anyways."

Is not this an expensive and not very convenient solution?
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
519%
May 29, 2013
1,876
9,731
"I typically change my email/username/password and order new credit cards ( new numbers ) at the start of every new year, so this is timely for me anyways."

Is not this an expensive and not very convenient solution?

How is this expensive?

I literally sat down last night after typing that post, went through my LastPass sites ( about 320-ish ), and changed all the passwords to every single site I cared about ( that didn't have 2FA, stored a credit card, contained sensitive info ) in about 2.5 hours.

Sites like depositphotos where I have a LTD that don't store my address, credit card, or sensitive info, I didn't bother changing. So out of 320-ish sites, maybe I changed passwords on like 50% of them. Also, websites with 2FA I tend to change later on ( didn't do it in this sitting, because if someone is going to try to log in, I'm going to get a SMS text message and know anyways ).

Called up my banks/card providers took about an hour total for all of them. For most of them I just went online and requested a new card within 3-4 minutes.

So total time to invest in my personal security and well-being, maybe 3.5-4 hours tops. Half a business day.

Is your life worth 4 hours? Mine is.

It cost me nothing financially.

-- If you aren't going to go this route, you can always bypass a 3rd party ( LastPass, 1Password, etc ) and just trust your OS to store your passwords. Someone would need to break into your OS to gain access then.

I don't do this myself ( OS passwords ), since I bounce around from Mac to Windows a lot during the day and also different browsers and systems ( like my phone and a tablet ).

Sometimes you gotta do the hard things in life. Doing things the easy and lazy way is what gets people in these types of situations to begin with and end up having their identity stolen and charges racked up on cards/credit reporting.

Do the hard things.
 
Last edited:

JAJT

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
549%
Aug 7, 2012
2,970
16,306
Ontario, Canada
I use LastPass.

From what I can gather, your vault is still safe, or at least as safe as your master password is secure.

Now, something IMPORTANT to keep in mind is that the chart GPM posted about is both correct and also misleading. It's true that a random 15 character password of upper and lower case letters might take 3 million years to brute force crack, but brute force password cracking isn't something that most hackers do because, as you would imagine, they don't have 3 million years to get into 1 account.

Dictionary attacks are by far the easier way to get into most accounts. These are gigantic text files filled with a dictionary of common words, phrases, numbers, symbols, etc that their hacking tools will mix and match at lightning speeds.

In practical terms, this means even a fairly long password of something like "VeryPrettyHorses!" will likely be cracked in just a few minutes instead of a billion years like the chart might suggest because all a dictionary attack has to do is take common words, try them in different combinations, and throw special characters in logical places like at the end of each word.

Also - let's be honest here. You don't need to change every password. I have roughly 400+ passwords in my Lastpass vault. I'm not changing 400 passwords because 99% of them are junk accounts I created for single use purposes with fake/unimportant details. Maybe 10-15 passwords in my entire vault are for accounts with the kinds of personal information that would do me harm.

IMHO the biggest threat to your security these days is in using the same password for multiple accounts. I've actually been the victim of a keylogger program that my virus scanner didn't pick up that got one of my passwords, and they used it to access a number of accounts that shared that password (including my banking!). This was years ago and luckily I caught everything before any real harm was done but it prompted me to get Lastpass in the first place and I'm going to continue using it because every password is absurdly long and complex with it. All I need to know is 1 master password of decent complexity and I'm relatively safe and secure. It's still a single point of failure but it's more reliable than my brain and more secure than bringing a piece of paper with me that can be stolen or forgotten somewhere. But that's just my 2 cents.
 

inputchip

Gold Contributor
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
409%
Mar 26, 2017
312
1,277
www.tmkings.com
I switched from LastPass to Bitwarden a couple years ago. Have been overall very happy.
What @GPM said. Because of encryption, you have nothing to worry about if your master password follows best practices.

- 20+ characters with uppercase, lowercase, numbers, and symbols
- Completely unique (you don't use this password anywhere else)

If not then yeah probably a good idea to review/change all your passwords.
Tell that to the guy that had a couple crypto wallets wiped.

View: https://twitter.com/Cryptopathic/status/1606416137771782151?s=20

This was years ago and luckily I caught everything before any real harm was done but it prompted me to get Lastpass in the first place and I'm going to continue using it because every password is absurdly long and complex with it.
Not sure why you would still trust these guys. I highly recommend switching to something like Bitwarden or 1Password. The transfer process is very straightforward.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
How is this expensive?

I literally sat down last night after typing that post, went through my LastPass sites ( about 320-ish ), and changed all the passwords to every single site I cared about ( that didn't have 2FA, stored a credit card, contained sensitive info ) in about 2.5 hours.

Sites like depositphotos where I have a LTD that don't store my address, credit card, or sensitive info, I didn't bother changing. So out of 320-ish sites, maybe I changed passwords on like 50% of them. Also, websites with 2FA I tend to change later on ( didn't do it in this sitting, because if someone is going to try to log in, I'm going to get a SMS text message and know anyways ).

Called up my banks/card providers took about an hour total for all of them. For most of them I just went online and requested a new card within 3-4 minutes.

So total time to invest in my personal security and well-being, maybe 3.5-4 hours tops. Half a business day.

Is your life worth 4 hours? Mine is.

It cost me nothing financially.

-- If you aren't going to go this route, you can always bypass a 3rd party ( LastPass, 1Password, etc ) and just trust your OS to store your passwords. Someone would need to break into your OS to gain access then.

I don't do this myself ( OS passwords ), since I bounce around from Mac to Windows a lot during the day and also different browsers and systems ( like my phone and a tablet ).

Sometimes you gotta do the hard things in life. Doing things the easy and lazy way is what gets people in these types of situations to begin with and end up having their identity stolen and charges racked up on cards/credit reporting.

Do the hard things.
" If you aren't going to go this route, you can always bypass a 3rd party ( LastPass, 1Password, etc ) and just trust your OS to store your passwords. Someone would need to break into your OS to gain access then."

There are many free passwords generators that do not store passwords in any place (therefore it is not possible to hack them even if someone break into your OS or stole your computer/phone).. This is an example dynpass.link.
 

inputchip

Gold Contributor
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
409%
Mar 26, 2017
312
1,277
www.tmkings.com

Skroob

Entrepreneur // Mobile Application Developer
FASTLANE INSIDER
Speedway Pass
User Power
Value/Post Ratio
282%
Feb 18, 2022
229
645
Jacksonville, FL
My issue with this, what makes moving to another password manager going to do if it has the same potential to happen again?
Other password managers don't have the same kind of vulnerabilities that LastPass had. I use 1password, and they have a couple of followup posts on their blog about it:

 

JAJT

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
549%
Aug 7, 2012
2,970
16,306
Ontario, Canada
People still use Norton? I'm amazed they are still in business.

McAfee and Norton have shifted their business approach to bundling their garbage into other software packages and offering "exclusive" free trials and discounts.

Anecdotally, I know a lot of older folks who get sucked into using them because they feel they are getting a great deal. I've tried to convince a few older folks in my life to let me uninstall that garbage when I'm working on their PC's (usually because they "acting slow", go figure...) and I keep getting told "oh no, leave that on there, I have a lifetime subscription I paid for when I bought my....".

I don't think anyone with any computer/IT knowledge of any kind is installing anything by these companies.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
My issue with this, what makes moving to another password manager going to do if it has the same potential to happen again?
You are right!

The problem with all these passwords managers is that they store passwords in encrypted files. These files can be hacked, damaged, stolen, broken, confiscated, etc.

A simple solution is to use new passwords managers that do not store passwords in any place. Instead they generate passwords when they are needed.
 

Practic

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
55%
Nov 29, 2022
331
182
Other password managers don't have the same kind of vulnerabilities that LastPass had. I use 1password, and they have a couple of followup posts on their blog about it:

1password stores passwords in encrypted files. Even so they have a better security policies they did not address the main problem. Anything that stored in a file can be hacked, stolen, damaged, confiscated, broken,etc.

A simple solution is to not store passwords in any place and generate them on demand when they are needed. In this case they can not be hacked even with quantum computers. It is not possible to find a black cat in a black room if there are no cats in this room.
 

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

Latest Posts

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top