Comment on Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
SkyeStarfall@lemmy.blahaj.zone 1 year agoCloud based systems can be perfectly sound. You can read how other managers do it, which are also audited by security experts. It’s just LastPass being bad.
And sure, local can be more secure, but you’re then at higher risk of losing access to it, should the worst happen.
GigglyBobble@kbin.social 1 year ago
They are a real treasure trove though. Those crypto token thefts show there's much money in that. I wouldn't bet my most sensitive data they covered every single attack vector - external or internal. You managing your password locally may be much less secure but it's also much less likely you're directly targeted.
MaxHardwood@lemmy.ca 1 year ago
The accounts they’re breaking the encryption on were never configured properly. These are old accounts from when LastPass had weak defaults and neither the user or LastPass updated those settings on old accounts. Those settings have always existed though and could have been improved by the user.