Alex Song  Dec 23, 2022

How are we prioritizing what passwords to reset first in the wake of the LastPass breach? Getting a list going, let me know if you have suggestions:

1. Anything work/school related
2. Email accounts
3. Cell phone accounts
4. Communications/social media accounts (WhatsApp, Instagram, Telegram, etc)
5. Financial (crypto stuff, bank, brokerages, credit cards, retirement, FSA/HSA, Venmo/PayPal/Zelle)
6. Government website accounts (DMV, unemployment, global entry)
7. Healthcare
8. Commerce sites that store your CC info (Steam, Apple, Google, Amazon)

#LastPass #passwordreset

Show threadRyan Smith
@TheRealAlexSong Not to be too snarky but 1 on that list might be to find a new password manager.
On the one hand, it’s great that they’re pretty honest about security lapses. But on the other hand, is been entirely too common for them.
Dec 23, 2022 at 3:24amWeb
Show threadAndrew (ku7)Dec 23, 2022

@realitythreek @TheRealAlexSong to think that any other cloud provider would be different is naive. Just because they don’t get caught, and don’t disclose it, doesn’t mean it doesn’t happen.

I also think some some thought should be put into the likeliness of actually accessing you passwords. Just how bad was your master password? Do you not trust they are zero knowledge?

Show threadRyan SmithDec 23, 2022
@ku7 @TheRealAlexSong This is why you should pick password managers where you have the safe. You’re relying on trust when you could be relying on control.
Naïve is putting arguably your most vulnerable secrets with a vendor that has a record of security failures. But we all have our own risk appetite and mine is more conservative than yours.
Show threadAndrew (ku7)Dec 23, 2022

@realitythreek @TheRealAlexSong Maybe not, I’m a KeePass person myself, but that was not my point.

My post was referring people jumping from 1 cloud provider to another.

Sorry for my misunderstanding.

Show threadJuergenDec 23, 2022
@realitythreek @TheRealAlexSong Nope. They have a backup of your passwords, not live access - so there's not that much urgency in selecting a new tool, changing the passwords is far more important.
Show threadAndr3Baca0 🐋Dec 25, 2022

@realitythreek @TheRealAlexSong LastPass were not honest in the past and I'm almost sure that they are not honest still.

I have moved away from Lastpass some years ago because they weren't honest.

@keepassxc for the win!

Show threadRyan SmithDec 25, 2022

@Andr3Baca0 @TheRealAlexSong @keepassxc I used keepass for years, it’s great. I’m currently using enpass because they support all platforms pretty well. Enpass also lets you store your safe anywhere, but it’s not foss sadly.

If I were to switch today, I’d probably use pass and it’s many front ends.

https://www.passwordstore.org/

Pass: The Standard Unix Password Manager

Pass is the standard unix password manager, a lightweight password manager that uses GPG and Git for Linux, BSD, and Mac OS X.

Show threadAndr3Baca0 🐋Dec 25, 2022

@realitythreek @TheRealAlexSong @keepassxc

Take a look at @keepassxc at keepassxc.org and give it a spin.

I also used keepass in the past, lastpass, pass and gopass.

If you know how to keep your safe synced or just safe, keepassxc is an active project with easy to use software for any user.

It has a ton of features where you can dig deeper and use things such as ssh private keys, create complex autofill sequences, keep notes or files even OTP if you dare.

You may use several forms of security to open your safe, including the use of yubikeys.

Show threadRyan SmithDec 25, 2022
@Andr3Baca0 @TheRealAlexSong @keepassxc KeepassXC looks nice these days, I’ll have to try it out. They have a shiny new browser extension since the last time I used it.
Show threadAndr3Baca0 🐋Dec 25, 2022

@realitythreek @TheRealAlexSong @keepassxc

I use it 😅
It's super nice. Heads up, you need to authorize and enable the browser extension on the app.

Hint: fill the URL on the entry to have suggestion autofill!

Show threadAndr3Baca0 🐋Jan 17, 2023
@realitythreek
Hey Ryan,
How is KeepassXC working out for you?
Show threadRyan SmithJan 18, 2023

@Andr3Baca0 it kicked off a string of trying different password managers. I have a friend doing the same so it’s fun comparing.

Keepassxc is pretty good and I love that it’s open source. Few minor issues and Strongbox (on iOS) is a bit steep.

Trying out 1Password currently, then Bitwarden’s. I’ll probably stay on one of those 3 at the end.

It’s all a tradeoff of ease of use, controlling the safe, and source being available for me.

Show threadAndr3Baca0 🐋Jan 18, 2023
@realitythreek 1password is liked for many MacOS users.
Hope you find the tool you need!