New
#1
Perhaps it's best never to store passwords on any IT system?
LastPass is scrambling to fix another serious vulnerability | PCWorldThe flaw could allow for remote code execution or password theft.
For the second time in two weeks developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.
Perhaps it's best never to store passwords on any IT system?
Tavis found the vulnerability and LastPass is working on fixing it; what is the problem? No security software is perfect and never will be. The argument for using LastPass has always been all of the other much more serious security problems it solves, eg weak passwords, users using the same password on multiple sites, users forgetting passwords and/or writing them down on sticky notes, etc.
I am a LastPass user, and this doesn't scare me at all. Tavis seems to have made improving LastPass a project of his - hopefully LastPass is compensating him for his efforts - and this will benefit LastPass users in the long run.
In the mean time, Tech blogs will have fodder for their FUD stories following every tweet Tavis makes about LastPass, completely missing the point that it's security is actually being improved by this, and no one is exploiting any of these vulnerabilities.
Better to be scrutinized, and updated quickly. It's the fact that LastPass responds so quickly to resolve the issue that gives me peace about the whole situation.
And in the latest case, it was demonstrated to LastPass what could be done. It's not an active exploit. Kudos to LastPass for jumping right in and fixing it.
Are you telling me that you use
- A different password for every site
- A password that is long enough and complex not to guess
- You can either memorize them all, or only need to access a local password database to get to them?
I'm so inundated with passwords, for both work and home. I work on a variety of machines. It's become necessary to have my passwords available in all places I might be, so managing them on my own isn't great. Even if I put them on my phone, it would be ok until I lost my phone.
Passwords are such a necessary evil today, but there will hopefully be a better way in the future.
Lastpass can generate random passwords to your specification without even pressing a keystroke thereby avoiding keyloggers.