The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.
This has to be a troll right?
Spammers simply won't pay some fancy communication tax.
Companies want their own privatized protocol and bind their user in their own services: Whatsapp, Telegram, Line, Hangouts, iMessage and etc., and I can't talk to my friends if they're on a different service. Are we entering a age when good old Internet spirits are no more respected? Or is it just how this world should be in the first place?
We're going back to the days of bulletin boards where you can only talk to people on the same service. We are going backwards.
With an encrypted database, the old password still works with the old copy of the database. Changing it only works if they got your old password and want to use it on the newly encrypted database.
Except the attackers are not believed to have accessed any of the databases. In either case I set my master password on the assumption that it will be subjected to offline attacks, as should everyone.
How does changing the master password help anything.
It stops the attackers from logging into your account and accessing your database. Once you change the master password it doesn't matter if they crack your salt.
Guys, what is your problem? The only way these guys have ANYTHING is if you use your master password on an actual website other than just logging into your lastpass account.
Now, if your master paswoord is boobies, then, you're in trouble.
Until you change your master password. The threat here is that an attacker could use the email address and master password to retrieve the encrypted file from lastpass servers and then decrypt it using the master password. Two-factor Authentication alone protects against this. But if you have both a strong master password AND 2-Factor then you're not even close to being compromised.
Since the master password is used for encryption purposes it should always be as strong as you can make it in the first place.
IT people don't call tech support, we fix our own routers. If such a basic device is beyond your skill set then you really have no place calling yourself an "IT Professional".
The only time I called my ISP in the past 10 years was to upgrade my account, and twice for billing issues.
Slashdot Mirror
If my university charted charging to send and receive email I would just stick to using my own email for free (per email).
The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.
This has to be a troll right?
Spammers simply won't pay some fancy communication tax.
The Russians have done it better.
https://www.youtube.com/watch?...
Companies want their own privatized protocol and bind their user in their own services: Whatsapp, Telegram, Line, Hangouts, iMessage and etc., and I can't talk to my friends if they're on a different service. Are we entering a age when good old Internet spirits are no more respected? Or is it just how this world should be in the first place?
We're going back to the days of bulletin boards where you can only talk to people on the same service. We are going backwards.
Why does a person who weighs 80kg (176lbs) get the same baggage allowance as a person who weights 120kg (264lbs)?
Always keep your software up-to-date for security reasons!
I hear the NSA have taken over development of OpenSSL. Oh look.... a new patch...
The release says: "we have found no evidence that encrypted user vault data was taken"
Exactly, so changing you master password will defend against this.
IF they had the database, but we're not talking about that. We're talking about the current attack.
With an encrypted database, the old password still works with the old copy of the database. Changing it only works if they got your old password and want to use it on the newly encrypted database.
Except the attackers are not believed to have accessed any of the databases. In either case I set my master password on the assumption that it will be subjected to offline attacks, as should everyone.
How does changing the master password help anything.
It stops the attackers from logging into your account and accessing your database. Once you change the master password it doesn't matter if they crack your salt.
Guys, what is your problem? The only way these guys have ANYTHING is if you use your master password on an actual website other than just logging into your lastpass account.
Now, if your master paswoord is boobies, then, you're in trouble.
Until you change your master password. The threat here is that an attacker could use the email address and master password to retrieve the encrypted file from lastpass servers and then decrypt it using the master password. Two-factor Authentication alone protects against this. But if you have both a strong master password AND 2-Factor then you're not even close to being compromised.
Since the master password is used for encryption purposes it should always be as strong as you can make it in the first place.
Or you can simply change the one master password and your problem is solved.
In a lot of cases, I'd rather trust Lastpass's security over that of a native website,
If only one native website is broken though, then only one of your passwords has been taken.
You mean the one password that has been used on every other site.
ANYTHING on the internet is NOT secure
Use a local password manager.
A local password manager is just as vulnerable as LastPass, likely more so since few password managers take security as seriously as LasstPass does.
I agree with the other posters, you'd have to be nuts to use LastPass for anything that was tied to financial transactions.
Why? I'd rather my banking credentials be leaked than my email or domain registrar credentials.
What can a person do with my bank account anyway? Nothing, that can't be traced and/or reversed.
IT people don't call tech support, we fix our own routers. If such a basic device is beyond your skill set then you really have no place calling yourself an "IT Professional".
The only time I called my ISP in the past 10 years was to upgrade my account, and twice for billing issues.
I don't see Google hiring hitmen do you?
Still we're talking non-violent crimes....
Murder for hire is non-violent?
The president also needs an aircraft that can carry any and all staff that he may need. Air Force One needs to be equipped for all eventualities.
Yet, bows and arrows aren't.
Ah.... good points.
Also, name one islamic state that's a good place to live.
The worst places on earth are all dominated by Muslims.
Hitler was a catholic who hated Jews because of his belief system. That's quite a high score for Christians.
It's surprising how many Christians have never read the bible. Thanks for pointing it out to them.
In your part of the world it may be ok to drink and drive. But in civilised societies we value human life.