this post was submitted on 07 Sep 2023
988 points (99.0% liked)

Technology

72284 readers
2716 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
988
More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user (www.theverge.com)
submitted 2 years ago by L4s@lemmy.world to c/technology@lemmy.world
188 comments fedilink hide all child comments
 

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

you are viewing a single comment's thread
view the rest of the comments
[–] Honytawk@lemmy.zip 10 points 2 years ago (1 children)

I don't understand saving your passwords to the cloud in the first place

It is like storing all the passwords in one convenient place that can be accessed from any location on the planet, making it the most convenient and juicy target for hackers.

Even encrypted, it just doesn't make sense.

[–] thbb@lemmy.world 17 points 2 years ago (1 children)

At one of my clients, a large institution, they go further: you're not allowed to use the local browser's password manager. And still have to abide by the usual password rules: rotate every 3 months, complex passwords, etc.

As a result,, users store a plain text file on their desktop (some go as far as printing it), that conveniently allows them to retrieve their passwords.

Too much security kills security.

[–] Karyoplasma@discuss.tchncs.de 16 points 2 years ago (2 children)

Forcing a password change after a period of time has shown to make people gravitate towards the simplest passwords that are still within the policy or other, even less secure, solutions. That's why security standards nowadays advise to not implement forced password changes.

[–] Sarsoar@lemmy.world 3 points 2 years ago

My last job got around the "make people gravitate towards the simplest passwords" issue by giving you a list of 10 randomly generated strings you could pick. ( you could refresh the list a few times though)

So what happened anyways, like the person you are replying to said, is we had passwords written everywhere. One guy kept a sticky not on the back of his badge (which got turned around alot so he would walk around with his password showing), another kept it on a sticky under his keyboard, and just in general we would find passwords written everywhere.

[–] drphungky@lemmy.world 1 points 2 years ago

My password manager password has been the same for years, and is like 30+ characters long. All my passwords since I started using it are random ass strings of letters, numbers and symbols. It's great.

My work windows password that needs changed every 3 months? Guess who's on [SIMPLE PASSWORD]8! and about to change to [SIMPLE PASSWORD]9!?