Lastpass and the Insecure Cloud

Forumite Members General Topics Tech Security Talk Lastpass and the Insecure Cloud

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • December 25, 2022 at 12:24 pm #70408
    Ed PEd P
    Participant
      @edps
      Forumite Points: 39

      It is no secret that all my posts going way back have shown a distaste for putting information on the ‘Cloud’, where it is potentially exposed to many millions of hackers. The recent Lastpass debacle certainly demonstrates the vulnerablity of Cloud storage.

      But it is all OK. I hear some saying, ‘the data was encrypted‘.  Hmmm, maybe as far as script kiddies are concerned, but encrypted does not mean secure and unreadable. This interesting blog sets out how one person would theoretically crack a Lastpass password  vault,  and this Twitter post claims that their bitcoin stash was stolen using Lastpass info!

      Imo if you have cash or sensitive information that is password protected then your best bet is to keep the passwords on an encrypted thumbdrive locked in your desk, and never in the Cloud.

      December 25, 2022 at 12:37 pm #70409
      Ed PEd P
      Participant
        @edps
        Forumite Points: 39

        A bit more info on Twitter shows how a combination of Lastpass/user issues make the contents of the vaults far more vulnerable. For info the original encryption rounds were only 5000 compared with 100100 in recent times, so old customers are especially vulnerable. The Twitter link also shows how someone could zoom in on things like Bitcoin stashes just by reading the unencrypted url data.

        Twitter link

        December 26, 2022 at 5:56 pm #70410
        Dave RiceDave Rice
        Participant
          @ricedg
          Forumite Points: 7

          I currently use Kaspersky, but would love it if Synology (or someone) could come up with a password manager that sits in my private Synology cloud.

          BTW the next point version of Synology DiskStation Manager is going to introduce while disk encryption. It’s been shared based until now, which has it’s benefits as well but is a bit clunky.

          What I find really dopey about Windows encryption is it won’t let you save the password to an encrypted drive at creation time. Surely if anything should be kept safe it’s the key to your whole device?

          December 27, 2022 at 9:18 pm #70411
          DrezhaDrezha
          Participant
            @drezha
            Forumite Points: 0

            I currently use Kaspersky, but would love it if Synology (or someone) could come up with a password manager that sits in my private Synology cloud.

            I assume you’re aware that they have a password manager (though it appears to use online storage)?

            I currently pay for 1Password, which I’ve been happy with. I used to use Keepass, which was very good, and was offline and relied on me syncing the file between devices myself, but it didn’t play nice with iOS Autofill. It’s making me reconsider – but I need a software that I can run off a USB stick with no admin rights (usable on a work laptop) and works with iOS.

            Enpass currently looks like a potential viable alternative.

            "Everything looks interesting until you do it. Then you find it’s just another job" - Terry Pratchett

            December 28, 2022 at 2:23 pm #70413
            Dave RiceDave Rice
            Participant
              @ricedg
              Forumite Points: 7

              Yes, it’s the Kaspersky Password Manager that I use.

              I’ve just found out that Bitwarden has a self hosting option using Docker. My DS218+ should be able to run it and the PiHoleVM, but also so should my UniFi VM @ Telehouse.

            • Author
              Posts
            Viewing 5 posts - 1 through 5 (of 5 total)
            • You must be logged in to reply to this topic.