Password manager hacked (why you should not use password managers)
One of the leading password management tools was attacked according to this LastPass Post.
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed
The problem with password managers is the possibility that they can be compromised thereby leaving all of your sites vulnerable.
The problem is, how do you manage the various passwords.?
Let’s start with a few assumptions.
- You should not use the same password on more than one site. For example, if someone compromises your Paypal Password and you used that password on ebay and Amazon, those accounts could be hacked.
- MOST password requirements will require/allow the following
- 10 characters
- upper and lower case
- at least one special character.
- Take the second letter of the site name. If it is a-g then $ otherwise #
- Take the first letter of the site name – vowels are 1, consonants 3
- Take the third letter of the name, move ahead 4 characters and cap that.
- The whole system of “secret questions” used by tens of thousands of sites, including email providers, banks and government sites is fundamentally flawed.
- Idiotic, Stupid MOronic Security at USPS.COM (and other sites)
- Password and password reset idiocy
- The US Post Office Website SUCKS
- Equifax thought admin/admin was a good login/pw to secure your personal information. …
- Cheap Hosting and Identity Theft
- Oops – Google password system might be hacked
- Carbonite forces password changes