LastPass breach: it's worse than initially thought

[MyIOnU]

Write down your passwords in the book and store in your own table drawer is pretty much safer than all these password managing services.

 

[Rq3EWAq]

At this point literal paper notebook is the best online security ironically.

Nowadays, this notebook is called KeePass. Its offline and you are responsible for backups.

 

[Rq3EWAq]

The best password manager is yourself. In general if you want the job done right do it yourself.

Ironically, this works almost everywhere except for security and cryptography. You don't roll out your own cryptography or home brewed security solutions.

 

[Alistair]

As much as you can remember, you can't remember passwords for tens of hundreds of sites, unless you use the same password for multiple sites, which is a bad bad way.

I have a different password for hundreds of sites, don’t use a password manager, don’t write them down anywhere, don’t have a good memory - but I can log into every single site. My system doesn’t rely on any services other than a 8 character memory trick.

 

[Crinkles]

Ironically, this works almost everywhere except for security and cryptography. You don't roll out your own cryptography or home brewed security solutions.

Lastpass is the point of failure here, not the customers.

 

[hk2000]

It's not as bad as your title made it sound! Still , smart people don't store all passwords in one place and never trust cloud services,.

 

[hk2000]

I store only irrelevant passwords for irrelevant sites- If the password is for a site that doesn't contain payment information, I don't care if someone goes to the trouble of getting it by hacking my computer, but if the password is for my banking/ PayPal, or any site that has my payment data, I just remember those passwords and only store hints that make no sense to anyone else, I also make sure to use MFA, so even if you have my password you couldn't do anything without physically having my phone,

 

[Rq3EWAq]

Lastpass is the point of failure here, not the customers.

Maybe you misread, my post was a reply to BuckarooBonzaii who said:
"In general if you want the job done right do it yourself."
Well that's not the case in cryptography, my reply was. You don't roll your own algo, but use battle-tested one like AES for example. Rolling your own security-by-obscurity always ends up in failure. Still, even best algo is subject to implementation errors, like we have everyday in popular software.

 

[lazer]

Best way to keep passwords is on a piece of paper stuck in the bottom of a desk drawer.

 

[Rq3EWAq]

Best way to keep passwords is on a piece of paper stuck in the bottom of a desk drawer.

Unfortunately, that is not protected from evil maid attack, or any other form of physical access.

 

[inhility]

Unfortunately, that is not protected from evil maid attack, or any other form of physical access.

Still less likely than getting your PC infected by malwares or ransomware which will render your offline password manager null. Like if your physical location has been compromised, losing your passwords is probably the least of your worry lol.