Still in control of my account for now. I wonder what the motivation is to attack ASR?
There are lots of ways it can happen, it's also common if you re-use passwords across sites. If one site is compromised, then so is any other account you've used that password for.
While Lastpass has had some security issues, everyone who had a long, strong master password has been fine. If you fear your old lastpass account has been hacked, you can change your password and then change passwords for various sites to ensure the password strength. Personally, I think that Lastpass puts a lot more effort into security than I do, so I'd rather have the database on their end. Plus, I use multiple computers and devices that need passwords.The difference between these two is important. With KeePass you keep your encrypted password database yourself. With Lastpass and any other cloud-based service like that you give your passwords to the cloud service for them to keep in their database, so you rely on the service provider to implement all their software and networking and management 100% perfectly. Such services are high-value targets so we can assume they are being attacked all the time. One mistake on their part... And Lastpass, just for example, has made several high-profile mistakes.
With KeePass and similar the database is distributed: it doesn't contain everyone's passwords -- only yours. But there are downsides 1) you need to carefully back up your password database, and 2) you need to synchronize it across the devices you use. Some people use Dropbox for sync. I use something called Resilio Sync.
As if on purpose, I just changed it last week!If you have not recently changed your password, it may be a good idea to do so.
That's a better implementation than LastPass, which, it turned out, only encrypted certain database fields on it's servers.With cloud based systems (at least with the one I use) they only store an encrypted copy of the password file. This only gets decrypted locally on my machine.
I doubt any cloud password service keeps passwords. They keep an encrypted filed to which they don't have the key.The difference between these two is important. With KeePass you keep your encrypted password database yourself. With Lastpass and any other cloud-based service like that you give your passwords to the cloud service for them to keep in their database, so you rely on the service provider to implement all their software and networking and management 100% perfectly. Such services are high-value targets so we can assume they are being attacked all the time. One mistake on their part... And Lastpass, just for example, has made several high-profile mistakes.
With KeePass and similar the database is distributed: it doesn't contain everyone's passwords -- only yours. But there are downsides 1) you need to carefully back up your password database, and 2) you need to synchronize it across the devices you use. Some people use Dropbox for sync. I use something called Resilio Sync.
EDIT to add: when using a cloud password manager you really still need to backup your password database. When internet businesses fold, they often do so without notice. So you should be ready for that.
Apple has a long history of hacked devices, and since wealthier folks use them, hackers love to target Apple. I'd go with LastPass.Out of curiosity, if you are in the Apple ecosystem, is LastPass actually better than Apple Keychain? Apple has a pretty decent track record of security/safety/privacy.
Best password checker site I am aware of at the moment.Randomly generated passwords that use the standard 255-character ASCII character set, letters, numbers, and symbols, that are 16 characters or longer will take longer than the remaining life of the Sun—or the Universe itself—to crack using methods available today.
View attachment 369935
Cannot believe the lax security of some people. You need to use "password1234"Thanks for the heads up Amir! I just changed my password from "password" to "password123". That should stop them!
KeePass has a password strength meter built-in. [Asking a website to check your password seems odd to me.]Best password checker site I am aware of at the moment.
It is also FREE, OpenSource, OS agnostic, multi-user, synchronizable, 2FA, import (30+) function, password generator, keylogger (TCATO) obfuscation, w/3 symmetric ciphers, and HMAC-SHA-256 hash.Dominik Reichl, the administrator of KeePass, states, "...neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment."
somehow it will be funny if the scam is those "hot girls looking for a partner" or "african prince need a few grand to withdraw millions to share with you" style here though, like when you are looking for a speaker review, sudden those titles appearsSometimes it’s automated spam, but other times it is target. I nearly got scammed on Audiogon when buying an amplifier. User had good feedback hadn’t logged in a while and what was being sold seemed reasonably priced. Cheap enough to impulse buy but not so cheap to make it an obvious scam. Thankfully PayPal buyer protection kicked in. Hate that they know my mailing address and phone number (which was for “shipping”).
That said, I have also gotten super deals by taking a risk on lower feedback sellers.
Shopping online seems to be the best way to fill your inbox with spam. It takes months to get it to stop.
I use a dedicated email address for that.Shopping online seems to be the best way to fill your inbox with spam. It takes months to get it to stop.