>LastPass users are being advised to avoid the password manager while it addresses a “unique and highly sophisticated” security issue. >LastPass hasn’t revealed any further details about the problem, but Google’s Project Zero security researcher Tavis Ormandy, who discovered it, says it’s a serious one. >“It will take a long time to fix this properly, it's a major architectural problem,” he tweeted. >we’d recommend disabling LastPass’ browser plugins, just to be on the safe side.
>being this angry cause your shitty password manager got BTFO
Leo Bennett
>lie >get called out >try to damage control >get called out with sources >lol u mad bro?
Goddamn dimwit
Charles Wood
Confirmed for retarded.
Nolan Gomez
The idea of storing a password database in the cloud is completelly retarded.
Tyler Thomas
Yes, indeed it is.
Isaac Martinez
is there anything that can read the lastpass export and put it into a cleaner list?
Liam Sanders
Post your export and I'll clean it for you.
Nathan Cooper
I don't know what the lastpass export looks like, but I would assume it could be cleaned up with a simple script.
David Mitchell
Enjoy having a 13 year old with an install of darkcomet steal your banking info
Aaron Foster
Enjoy having down syndrome. Retard.
Samuel Watson
How so?
Carter Cruz
Is there a password manager where I enter all my passwords into it, it autofills websites on my PC, but I have to use the fingerprint scanner on my phone to do it?
Charles Foster
You've have to be retarded to have darkcomet on your systme unchecked.
Grayson Bell
What is a crypter? Retardo.
Isaac Lopez
>not using UNIX pass Jesus fucking Christ is this board full of retards or what?
Blake Scott
How can you be so profoundly retarded and still manage to continue breathing?
Joseph Garcia
>it's a retard calling everybody else retards episode again
Nolan Rogers
If you weren't such a newfag then you'd know this board is literally full of retards.
Elijah Williams
Avast sends a push notification to your phone.
Tyler Smith
...
Michael Garcia
Can't even compare to the glory of Master Password.
Pleb.
Austin Hill
enjoy ur botnet
Joshua Cooper
>literally offline >botnet You've exposed yourself as a complete retard.
Isaiah Baker
>using a password manager and not memorizing unique random keyed passwords for everything
retards
Jaxon Bennett
>he thinks a company would actually tell you to stop using their software
Holy kek, you're fucking dumb.
Kayden Bennett
>he doesn't know about the offline botnet Holy shit this guy everyone
Josiah Ward
You've already outed yourself as a retard, there's no need to prove how retarded you actually are.
Lincoln Hill
>calls others retard >doesn't realize they are the true retard really gets the ole noggin a joggin
Leo Thompson
Why would anyone use a password manager? It's seems like a fucking retarded idea to trust all your passworss with some idiot developers.
Zachary Edwards
>2017 >Not keeping all your passwords encrypted manually onto a piece of paper in invisible ink and storing it in a bulletproof safe in a vault.
Gavin James
>makes an ironic shitpost about calling people retards >doesn't realize he's profoundly retarded
really gets the ole noodle a doodling
Kevin Torres
>ctrl f "recommend" to see which one of you is retarded >recommend not found wew lad everyone in here is retarded
Matthew Campbell
>invisible ink
Jaxson Watson
Same reason Geek Squad can stay in business Same reason OS X and iOS are popular
Austin Brown
I like how every password manager thread always devolves into everyone calling each other retarded. I take it as proof that password managers are retarded programs made for retarded "people".
James James
is 1password any better?
John Baker
Easy way to boost personal security (i.e. avoiding shared, easily guessable, whatever passwords).
I'm not trying to fight off the NSA or anything, but now I have unique, """strong""" passwords for all the accounts I care about with little to no inconvenience to me.
Also for what it's worth, KeePass (and probably others) make it easy to change your passwords on a schedule if you desire.
Guess you can place lazy and retarded people in the same camp.
Ryan Long
>Replies to an ironic shitpost >Calls poster retarded >Doesn't realize he in fact is the retarded one
Adrian Brooks
Yes. Not worth it as individual, so get your whole family on it.
Kayden Thompson
why not as an individual?
Logan Taylor
Whole family? Would my wife and her boyfriend and I count as a family?
Elijah Rivera
Cause the more passwords in one place, the better. Trust me I'm an expert.
Michael Evans
oh I see, you're an expert, thanks!
Jayden Gray
>using anything based on the ""cloud"" >especially trusting passwords on said """"cloud""""
Kayden Lee
What's the best way of creating unique passwords for every service you use without using a password manager?
Brody Jackson
the passwords don't leave your PC, only an encrypted container which is essentially random data
Zachary Bailey
>the passwords don't leave your PC, only an encrypted container which is essentially random data
So is Keepass and it doesn't have this problem tho.
Lincoln Hill
Memorizing a single password at least 32 characters long which was randomly generated.
Ian Bennett
This has nothing to do with the passwords on the "cloud" being broken, idiot. The plugin is where the problem is, and that could happen to keepAss too if it was integrated to the browser.
Evan Hughes
wow ur a rude dude
Benjamin Evans
Keepass still doesn't have this problem tho.
Nathaniel Diaz
sorry.
Joshua Walker
Use only emojis
Michael Rogers
We don't even know what the problem is though. It possibly could, we just don't know yet, or the project zero people haven't looked into it yet.
The problem could be anything from a leak in the browser plugin, to a failure at the encryption stage.
Jeremiah Campbell
and it still doesn't have browser integration #btfo
And before you say keefox, that plugin is spotty, doesn't work with firefox forks, is going to break with FF soon when xul is deprecated, and may very well have the same vulnerabilities as lastpass
Aiden Thompson
>The problem could be anything from a leak in the browser plugin, to a failure at the encryption stage. It's some kind of privilege escalation problem twitter.com/taviso/status/845717082717114368
Owen Lopez
Probably the browser plugin. Not the first time it has caused issues.
>Lol doubt it. Enjoy being wrong, again. Nobody has ever audited keefox because compared to lastpass, practically nobody uses it. It's probably full of holes a google-tier researcher could find.
Evan Allen
I trust the developers of the dozens of KeePass programs even less than I trust LastPass at this point. Didn't one of them purposefully leave a MITM exploit unpatched for advertising money? There's a dozen other options for KeePass programs, but I have no idea how much outside scrutiny any of these programs has had.
I think I'm going to look into 1Password instead. They seem to have a pretty good track record.
Henry Nguyen
1password is all closed-source so I would trust it even less with encryption
Alexander Wood
>trusting anybody or any software with your passwords >not writing them down on a notepad I seriously hope you guys don't do this
>Still waiting on you to prove your claim it's the addon. Are you unironically retarded? What else would a privilege escalation vuln mean? Do you think he got codeexed on Lastpass servers?
>I don't use this and never mentioned it. You did, therefore, dropped. No addon for you then, loser. I'd rather take the 0.000001% risk of the addon leaking something than laboriously copy-paste everything from a separate program tens of times a day
Carter Lewis
>Are you unironically retarded? What else would a privilege escalation vuln mean? Do you think he got codeexed on Lastpass servers?
Still waiting on you to prove your claim it's the addon.
>No addon for you then, loser
Don't care, it has autofill without addons. Mommy still wipe your ass then?
Jayden Ross
>Still waiting on you to prove your claim it's the addon. It's either the addon or he hacked to the lastpass servers, which he didn't do, otherwise he would have said just that. Your IQ must be sub-80 so there's no point in me trying to explain this to you further, you won't get it anyway
Liam Clark
So you can't prove your claim. Better luck next time sweetie.
Christopher Bennett
>laboriously copy-paste Who copy-pastes with KeePass? Just use autotype
Wyatt Ortiz
>Who copy-pastes with KeePass? Just use autotype
Shhhh, he prefers using vulnerable plugins.
Jayden Reed
Does that include keepass2?
Brody Howard
"site"passwordstring Won't help if you're specifically targeted, but it will stop an automated attempt spamming your username/password from finding any other matches.
Dylan Evans
Vulnerable plugins that don't even work except on Windoze
Parker Bell
>goto site >find your keepass window >search for the site you're currently at >press ctrl-v >wait for the slow auto-type to finish vs >goto site >have the field filled out for you
Dominic Gutierrez
It's regular keepass that had that issue, and the "MITM attack" is just the software letting you know an update is available
Lucas Ortiz
Because the reality of Internet security is that passwords are hot fucking garbage and you end up with the choice of either finding a convenient way to manage your huge passwords or not having secure passwords at all
Sebastian Lee
That's an audit of the "official" Windows version of the old deprecated 1.x branch of KeePass. 2.x is a completely different codebase written in .NET of all things.
Michael Walker
You haven't really thought this through, have you.
If you don't have a password manager, you probably have a few passwords that you use everywhere. About the best you can possibly do is maybe have a site-specific suffix, but if somebody owns a site and decrypts your password they can probably figure it out just by looking at it. "Oh hey, this one is hunter2reddit.com, I wonder if..."
Now, using a password manager isn't foolproof. The password manager itself can be a weakness, as LastPass has demonstrated. But that is one point of potential weakness, as opposed a potential weakness in literally every website you have ever created an account on.
Storing your passwords in the cloud for ease of use creates a second point of weakness - the cloud provider. However, the only thing that happens if the "cloud" gets popped (no matter if it's a cloud password manager like LastPass or if you store your KeePass data on Dropbox), is that the attackers now have tons of encrypted binary blobs that they have to decode, which takes time.
Password Managers are the best choice of a bunch of imperfect options.
Logan Brooks
>Keepass passed an audit by the European union wow a bunch of kikes and other fat fucks in suits spending your money rubber stamped a seal of approval, thank god we have the EU pls fuck my wife mohammed
Thomas Taylor
>storing passwords anywhere other than in your head it's like you're asking to be compromised
Lucas Nelson
>Using botnet pass >Not using comfy KeePassX stored in your OpenBSD desktop.
John Campbell
Get raped and kill yourself, you retarded kike loving fucking faggot sack of ugly nigger shit with down syndrome.
Luis Miller
Your head can be compromised with a pipe wrench, some pliers, and a car battey
Justin Sanchez
I'm going to delete this anyway because it keeps undeleting logins I deleted for sites like twitter where I lick to troll, so I have lots of them
Camden Evans
The only websites that matter have 2-tier mobile authorization (FB, VK, GitHub, Gmail, Skype, anything money related etc.) and I use 20 character pass there. All the other sites are worthless, I use same 6 character password there, because I don't care for them.
James Lopez
>Shill spreads FUD about well known FOSS password manager >Proceeds to recommend close source password manager that no one has hear about
I hope you are getting paid.
Daniel Thomas
>Not remembering your password in anno domini 2017
Cucked
Cooper Nelson
>Using password managers at all I though Sup Forums was smarter than this
