Popular Deal About Featured Deals

PSA - Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

+381 Deal Score
57,341 Views
I saw this article [forbes.com] pop up in my google news feed this morning and thought I would share for awareness.

Like most of the news stories about security vulnerabilities, this one does not seem too widespread. Like most news articles concerning tech and security issues, you can take a lot of the scare tactics with a grain of salt.

However, it was a good reminder that even these password manager companies are not 100% foolproof, and a good idea to change your master passwords too!

I welcome the downvotes and haters for saying this is not a 'slick deal'. I figure not being hacked has to have SOME sort of monetary value to someone ...

Enjoy!

Edit: an update [theverge.com]

Edit #2: For clarification - A Google researcher FOUND the issue. The bug was with LastPass , which is not owned nor maintained by Google.

The only FYI here is to verify your LastPass chrome extension automatically updated to version 4.33.[/QUOTE]
Quote from vante
:
You can enable LastPass 2FA in a variety of ways, the easiest, phone based solution is using Google Authenticator.

telesign.com/turnon2fa/tutorials/how-to-turn-on-2fa-for-lastpass/
Share
Good deal?
You gave thanks to Cobalt_Blue_FF for this post.
Thank you!
Cobalt_Blue_FF posted this deal. Say thanks!
Add Comment
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.
Deal
Score
+381
57,341 Views
About the OP
Send Message
Pro
Joined Jun 2005 L6: Expert
2,974 Reputation Points
143 Deals Posted
1,322 Votes Submitted
1,676 Comments Posted

Community Wiki

Last Edited by Cobalt_Blue_FF September 17, 2019 at 04:33 AM
I created this wiki for everyone to add their own suggestions besides LastPass . Please try to include pros/cons other than "I just like it better".
Quote from bobfatherx
:
Consumers have no excuse using LastPass, who have (time and time again) marketed products with vulnerabilities. Sure, they are receptive and even quick to fix the problems as they arise, but I was permanently scared away from LastPass a long time ago.

Good options for password management: Roll your own KeePass vault (much easier for Android users than iOS users) or use 1Password. 1Password even has the option to use local vaults, synchronized through Dropbox or iCloud, instead of paying the monthly fee to AgileBits.
Quote from daquigle
:
This should just be treated as another reminder to use 2FA everywhere possible. Better yet, buy a physical security key. My LastPass master password doesn't have any value without the 2FA keys.
Quote from stingygrrl
:
I like "secret!" By Linkesoft. You can sync to you phone locally without putting Anything in the cloud
Quote from Painting_Sundays
:
I've used mSecure for a number of years. It has an option to sync all your devices between your own PC(s) and mobile devices, keeping your passwords out of the cloud.
Quote from darkpope
:
Just buy standalone versions of 1Password and keep your password vault in Dropbox.
Quote from techie333
:
Have been using codebook by zetetic for years and would highly recommend. They don't store your credentials, it is a local storage based password manager which can sync across multiple devices using an encrypted file shared by your Dropbox / Google drive. Otherwise for the impenetrable security you can use a flash drive to sync.
Quote from JussaIrish
:
Cloud based password vaults are shady to me. I go with keepass and keep it stored on google drive.
Quote from overzeetop
:
KeePass isn't very user-friendly, but it's effective and you keep the password file to yourself.
Quote from arribasn
:
This is why I post my passwords on a POST-IT note on my computer monitor!
Quote from Zamotic
:
Personally, I opted to use the home vault server version of Bitwarden. I will warn that it's not for users not willing to get a little more involved in their installation. I'm working on the security through obscurity since my server is more difficult to find.
Quote from vante
:
This is almost a nonevent. Google found a difficult to exploit vulnerability in LastPass, LP patched it. No sign of anyone being hacked. LP is a great balance of security and convenience. No security is perfect, it's fantastic that the brilliant minds at google were testing LastPass. If this is the worst they found, LP is looking pretty good.

The only FYI here is to verify your LastPass chrome extension automatically updated to version 4.33.
Quote from vante
:
You can enable LastPass 2FA in a variety of ways, the easiest, phone based solution is using Google Authenticator.

telesign.com/turnon2fa/tutorials/how-to-turn-on-2fa-for-lastpass/
Quote from MikesBored
:
KeePass is what I use. I put the file on the cloud but I put it in an encrypted vault with veracrypt. Both programs have android apps that can open the files (eds and keepass2android). KeePass has integration with Firefox and Chrome so most of the real benefit is letting it fill in credentials for me so I don't need to type! Both programs are free but the apps might cost a couple bucks.

179 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:42 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:43 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2012
L7: Teacher
2,778 Posts
3,392 Reputation
Pro
Our community has rated this post as helpful. If you agree, why not thank ?
#5
Thank you! I use this and appreciate the heads up! Thumbs up & repped!
Reply Helpful Comment? 18 2
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:47 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:48 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:49 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Jun 2005
L6: Expert
1,676 Posts
2,974 Reputation
Original Poster
Pro
Our community has rated this post as helpful. If you agree, why not thank ?
#9
Quote from chrisexv6
:
Do we inherently trust Apple?

What are our other cell phone choices?
Quote from EagerActivity1630
:
Thumbs up. Google is evil and should be treated as such.
Technically this was an issue with LastPass (unless I am misreading who is at fault), and Tavis (from Google) discovered and reported the issue. Again, I do not think we need to treat this as a 'sky is falling issue' (i.e. BlueKeep), but it is a good reminder that you should treat your password managers very carefully and make sure you have 2 factor authentication turned on .
Reply Helpful Comment? 27 1

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Apr 2006
L7: Teacher
2,456 Posts
501 Reputation
#10
Quote from EagerActivity1630
:
Thumbs up. Google is evil and should be treated as such.
Perhaps my poor reading comprehension is at play here. Was Google somehow involved, other than being the entity that discovered the vulnerability?
Reply Helpful Comment? 15 1
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:54 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2006
L99: Touchpad Grandmaster
1,669 Posts
417 Reputation
Our community has rated this post as helpful. If you agree, why not thank ?
#12
Quote from EagerActivity1630
:
Thumbs up. Google is evil and should be treated as such.
I don't understand what your point is. LastPass, sold by an independent business, is the product affected. Google discovered and reported a vulnerability which improved the security of LastPass. This is a good thing.
Reply Helpful Comment? 39 0
This comment has been rated as unhelpful by Slickdeals users
Joined Aug 2011
L2: Beginner
65 Posts
30 Reputation
#13
Quote from ChronoTriggered
:
Hack these password management companies and they have ALL your passwords. Lovely.
This should just be treated as another reminder to use 2FA everywhere possible. Better yet, buy a physical security key. My LastPass master password doesn't have any value without the 2FA keys.
Reply Helpful Comment? 10 2
This comment has been rated as unhelpful by Slickdeals users Show Post
HIDDEN
09-16-2019 at 08:55 AM
This comment has been rated as unhelpful by Slickdeals users
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2005
Grand Poobah
5,958 Posts
1,562 Reputation
#15
Quote from fenton
:
Perhaps my poor reading comprehension is at play here. Was Google somehow involved, other than being the entity that discovered the vulnerability?
Google found it and is not to blame, unlike some folks are suggesting here. It is not limited to the Chrome browser.

I use 1Password, but I do not store my database with them, just in case.
Reply Helpful Comment? 1 1
Page 1 of 12
1 2 3 4 5
Join the Conversation
Add a Comment
 
Copyright 1999 - 2019. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard