EvaPour one out for all of the security practitioners who are going to have to spend the holidays patiently explaining that using a password manager is still good, actually, to people who have glanced at a headline about the latest LastPass breach.
thoughts have been thinked@evacide ok but serious question: is LastPass less secure than other password managers? I hear about their breaches quite often.
Wladimir Palant@antimatter Difficult question to answer.I hate it how LastPass consistently downplays issues when they make them public. Also, they definitely aren’t great security-wise, and I’ve written on their shortcomings repeatedly.
Trouble is: other password managers aren’t great either, particularly the commercial cloud-based providers. I’ve looked into many, and the only one I could somewhat recommend is 1Password. Yet 1Password also failed to migrate away from PBKDF2. So if they are hacked, password data for high-profile targets is certain to be decrypted.
Shokk@WPalant @antimatter @evacide looks like they are still pushing it https://support.1password.com/pbkdf2/?utm_source=google&utm_medium=cpc&utm_campaign=18388341772&utm_content=&utm_term=&gclid=CjwKCAiAqaWdBhAvEiwAGAQltuxO6nVS5Arfcte3Tus3gBbLs4vM8JsMGujfht2y7t_9Du79vEncJBoCThYQAvD_BwE&gclsrc=aw.ds
Have they said if they plan to ever move to KDF or anything else?
@shokk As I learned, 1Password has a truly random secret key to complement user’s password. Not as user-friendly, but then even PBKDF2 is in fact safe. @antimatter @evacide