I got that e-mail; I assumed phishing.
Lest some people get smug:
Apple’s Keychain is vulnerable, Apple’s been quiet about it, despite knowing for six months. FTL: “Lead researcher Luyi Xing told El Reg he and his team complied
with Apple’s request to withhold publication of the research for six months, but had not heard back as of the time of writing.”
/ I just D/L’ed the report, haven’t read it yet.
// paid-up LastPass user.
Inevitable i suppose. This is why i prefer an offline version like keepass* so i and only i have control of the database and not having the convenience of being able to login anywhere isn’t that big of an issue really. Then again i certainly wouldn’t login to lastpass through a public terminal anyway. I am surprised though that glenn, who i respect on this stuff, doesn’t offer up a diceware solution for a truly random password - make that thing at least 7 words separated by fullstops and it ain’t getting brute forced any time soon**.
*provided of course that the next keepass update, or any p/w manager, isn’t compromised
*barring any keylogging malware on your system
FWIW, you can safely log into Lastpass on an unsecured computer by using a one time password. This, combined with 2fa is pretty secure.
Oh yeah, so you can. But it’s the cloud, man, the hideous cloud - here be dragons etc.
This topic was automatically closed after 5 days. New replies are no longer allowed.