LastPass breach: it's worse than initially thought


Posts: 143   +307
Write down your passwords in the book and store in your own table drawer is pretty much safer than all these password managing services.
As much as you can remember, you can't remember passwords for tens of hundreds of sites, unless you use the same password for multiple sites, which is a bad bad way.

I have a different password for hundreds of sites, don’t use a password manager, don’t write them down anywhere, don’t have a good memory - but I can log into every single site. My system doesn’t rely on any services other than a 8 character memory trick.


Posts: 182   +102
It's not as bad as your title made it sound! Still , smart people don't store all passwords in one place and never trust cloud services,.


Posts: 182   +102
I store only irrelevant passwords for irrelevant sites- If the password is for a site that doesn't contain payment information, I don't care if someone goes to the trouble of getting it by hacking my computer, but if the password is for my banking/ PayPal, or any site that has my payment data, I just remember those passwords and only store hints that make no sense to anyone else, I also make sure to use MFA, so even if you have my password you couldn't do anything without physically having my phone,


Posts: 169   +172
Lastpass is the point of failure here, not the customers.
Maybe you misread, my post was a reply to BuckarooBonzaii who said:
"In general if you want the job done right do it yourself."
Well that's not the case in cryptography, my reply was. You don't roll your own algo, but use battle-tested one like AES for example. Rolling your own security-by-obscurity always ends up in failure. Still, even best algo is subject to implementation errors, like we have everyday in popular software.


Posts: 459   +142
Best way to keep passwords is on a piece of paper stuck in the bottom of a desk drawer.


Posts: 42   +64
Unfortunately, that is not protected from evil maid attack, or any other form of physical access.
Still less likely than getting your PC infected by malwares or ransomware which will render your offline password manager null. Like if your physical location has been compromised, losing your passwords is probably the least of your worry lol.