Steve's Next Password Manager After the LastPass Hack - On Security Now, Steve Gibson shares with Leo Laporte his plan in the shadow of the devastating LastPass hack and which password manager he plans to use next. - https://youtu.be/9XWHCF4pLmI #LastPass #twit #DashLane #BitWarden #1Password #PasswordVault #PasswordManager #AppleKeychain #SteveGibson #LeoLaporte #SecurityNow

If you're affected by the #LastPass data breach, I have a full walkthrough for how to set up a local #KeePassXC password vault and sync it between computers, including your phone. https://jamesharris.design/blog/Hardened-password-vault/

#PasswordVault #KeePass #decentralization

Oh, come on!

Lastpass: Hackers stole customer vault data in cloud storage breach https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/

#LastPass #PasswordManager #Hackers #PasswordVault #Cloud #StorageBreach #InfoSec #TechNews

Last night as I was finishing part 2 of my blog post series "Protecting against a password manager breach" (https://justinpagano.substack.com/p/protecting-against-a-password-manager-8f6), I saw the news that LastPass had updated their security incident notification stating that customer data had been obtained by attackers, including encrypted password vault data (https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/#:~:text=Update%20as%20of%20Thursday%2C%20December%2022%2C%202022%C2%A0%C2%A0)

While they did a good job explaining the nuances of which of their customers are most vs. least at risk of their decrypted vault data being accessed, I think they are a little too overconfident in their implementation of PBKDF2 to protect their customers against offline brute-force attacks against their encrypted vault data, as Dan Goodin from ArsTechnica explains in his article here: https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

So I guess now is as good time as any to check out the hot-off-the-presses part 2 of my blog post series where I go over specific steps to take to ensure online accounts are protected in the event of a password manager breach (or really any kind of compromise of your passwords): https://justinpagano.substack.com/p/protecting-against-a-password-manager-8f6

If you're lazy (i.e. "efficient") and just want the checklist that's in the guide, you can check it out in GitHub here: https://github.com/p4gs/online-account-and-password-manager-hardening-guide/blob/main/README.md

#passwordmanager #passwordvault #lastpass #data #breach #1password #bitwarden #authy #yubikey #webauthn #passkey #mfa #2fa #credentials #vault #secretsmanager

Last night as I was finishing part 2 of my blog post series "Protecting against a password manager breach", I saw the news that LastPass had updated their security incident notification stating that customer data had been obtained by attackers, including encrypted password vault data (https://lnkd.in/eHCx3xyq)

While they did a good job explaining the nuances of which of their customers are most vs. least at risk of their decrypted vault data being accessed, I think they are a little too overconfident in their implementation of PBKDF2 to protect their customers against offline brute-force attacks against their encrypted vault data, as Dan Goodin from ArsTechnica explains in his article here: https://lnkd.in/enx5U7dY

So I guess now is as good time as any to check out the hot-off-the-presses part 2 of my blog post series where I go over specific steps to take to ensure online accounts are protected in the event of a password manager breach (or really any kind of compromise of your passwords): https://lnkd.in/emazfY47

If you're lazy (i.e. "efficient") and just want the checklist that's in the guide, you can check it out in GitHub here: https://lnkd.in/eRNXKKDC

#passwordmanager #passwordvault #lastpass #data #breach #1password #bitwarden #authy #yubikey #webauthn #passkey #mfa #2fa #credentials #vault #secretsmanager

In light of the recent breaches of LastPass’ infrastructure systems, I've been thinking:

What would happen if the data in my password manager were successfully breached?

And what can I do right now to reduce the impact of such a breach?

If you've ever wondered the same thing but have never come across a satisfying answer, well, do I have some Thought Leadership™ for you!

https://justinpagano.substack.com/p/protecting-against-a-password-manager

#passwordsecurity #passwordmanager #passwordvault #lastpass #1password #bitwarden #authy #yubikey #passkey #yubico #mfa #2fa #multifactorauthentication #twofactorauthentication #securityarchitecture

I have started to port #uxn to the #WioTerminal. Ultimately, I hope to get a nice platform for my #passwordvault project.

V1.10 meines Passwortmanagers #PasswordVault auf #WioTerminal ist raus und supereinfach zu installieren: https://github.com/PasswordVault/passwordvault/releases/tag/1.10

@eff we've got a nice selection of #opensource password vaults, but none that can automatically change your #passwords in case of breach or other emergencies as far as I'm aware of. It is something that the #proprietary #LastPass can do, so how likely is it that there will be open source software that also has this ability? #passwordvault vs #passwordmanager