On Monday, 9 January 2023 at 00:43:08 UTC, max haughton wrote:
>On Monday, 9 January 2023 at 00:18:50 UTC, RTM wrote:
>On Sunday, 8 January 2023 at 21:53:32 UTC, Steven Schveighoffer wrote:
>Nope. That's not how LastPass (and password managers in general) work.
https://en.m.wikipedia.org/wiki/LastPass#2022_security_incidents
It’s serious.
Serious yes, but look at the data that actually leaked, it's not the keys to the safe I think
Yes, it's no different than any other data breach of any other company -- email addresses, billing information, etc.
Note that LastPass and others do not even have the keys to the safe to be stolen in the first place -- they never store your master password.
the "100s of passwords" are not compromised (that is, unless they use "password123!" as their master password).
LastPass uses 100100 rounds of encryption, which means each guess takes a long time to test to see if it's right. Brute force will take millions of years.
Everyone today should use a password manager, whether it's cloud based or not. And the most important rule is to not use a previous password as your master password.
-Steve