Password Manager - Stranica 4

Night · 18.01.2022., 12:47

Ispod su dva linka sa jednom i drugom stranom priče, ali LastPass je u zadnje vrijeme jako sumnjiv servis i bilo bi ga pametno napustiti dok se još može bez većih problema.
Isto vrijedi i za Authy i sve ostale servise koji ne nude export podataka, seedova i svega ostalog potrebnog za korištenje drugog servisa.

https://alternativeto.net/news/2022/...pricing-plans/
https://unitednewspost.com/news/tech...words-hostage/

The Exiled · 25.08.2022., 23:26

LastPass developer systems hacked to steal source code

Citiraj:

Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information. The disclosure comes after BleepingComputer learned of the breach from insiders last week and reached out to the company on August 21st without receiving a response. Sources told BleepingComputer that employees were scrambling to contain the attack after LastPass was breached. After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and "proprietary LastPass technical information." LastPass has not provided further details regarding the attack, how the threat actors compromised the developer account, and what source code was stolen. LastPass is one of the largest password management companies in the world, claiming to be used by over 33 million people and 100,000 businesses. As consumers and businesses use the company's software to store their passwords securely, there are always concerns that if the company was hacked it could allow threat actors access to stored passwords.

However, LastPass stores passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack. Last year, LastPass suffered a credential stuffing attack that allowed threat actors to confirm a user's master password. It was also revealed that LastPass master passwords were stolen by threat actors distributing the RedLine password-stealing malware. Due to this, it is vital to enable multi-factor authentication on your LastPass accounts so that threat actors won't be able to access your account even if your password is compromised.

Izvor: BleepingComputer

SPLiFF · 26.08.2022., 06:16

Evo jedne dobre alternative, SafeInCloud koristim 8 godina, bazu držim na svom cloudu, desktop app je free a iOS se plaća jednokratno, lijepo izgleda, ekstenzije rade dobro i ima jako puno mogućnosti personalizacije unosa poput KeePass-a.

Inače paralelno koristim i Dashlane ali samo zato što nisam bio svjestan da SafeInCloud ima 2FA + ne plaćam ga (uvalio se u family).

Night · 29.08.2022., 09:16

Citiraj:

Autor The Exiled

LastPass developer systems hacked to steal source code

Izvor: BleepingComputer

Fino, sad ćemo znati koliko je siguran kad netko temeljito analizira taj kod. Ako je sve pravilno dizajnirano i implementirano onda curenje koda ne bi trebalo imati nikakav utjecaj na sigurnost korisničkih podataka. Ali ako nije ...

The Exiled · 01.12.2022., 11:07

Nastavak priče dodatno potvrđuje da LastPass i sigurnost nemaju veze s vezom.

Citiraj:

Lastpass says hackers accessed customer data in new breach

Citiraj:

LastPass CEO Karim Toubba has revealed that the password manager has been breached again. Toubba said the company detected an unusual activity within a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn. To investigate the incident, LastPass has teamed up with security firm Mandiant. Together, they've determined that the unauthorized party got into LastPass' cloud service by using information obtained from the security breach it suffered in August this year. Further, they've discovered that the bad actor was able to access "certain elements" of its customers' information.

Izvor: Bleeping Computer

prileee · 01.12.2022., 11:18

Ako (uopce) postoji jos netko tko nije migrira na bitwarden ili neku drugu opciju - vrime je.

Libertus · 01.12.2022., 11:22

Imate Mozilla Sync tj. Firefox Sync.
Vaše lozinke kriptirane vašom glavnom lozinkom. Mana, ako ju zaboravite, bye bye lozinke.

The Exiled · 01.12.2022., 11:35

Da, u ovom trenutku sve je bolje od LastPass i sl. pizdarija. Firefox Sync sam složil mami za njezine sitnice, a glavna lozinka je još dodatno spremljena u KeePass.

Neo-ST · 01.12.2022., 12:48

Najbolja alternativa Lastpass-u ?

vlatko27 · 01.12.2022., 12:53

Bitwarden. Ili Keepass ako hoćeš malo više DIY.

Neo-ST · 01.12.2022., 15:39

Citiraj:

Autor vlatko27

Bitwarden. Ili Keepass ako hoćeš malo više DIY.

Po čemu je npr. Bitwarden bolji od Lastpass? Oboje koriste istu metodu enkripcije koliko vidim, zero-knowledge.

The Exiled · 01.12.2022., 15:55

Da, ali LastPass to ima samo na papiru kaj se enkripcije tiče, dok ih se uredno hakira, a oni se u međuvremenu prave Englezi i rade ko zna kaj s podacima svojih korisnika kojima svako malo smjeste pušku, podignu cijene ili ih općenito tjeraju na kompromise. BitWarden je višestruko provjereno open-source rješenje koje svatko može, ako želi lokalno podesiti, bez da se kao u LastPass slučaju netko treći ili općenito posrednici miješaju u cijelu priču. Imaš unatrag par stranica sve još dodatno detaljno, pa provjeri, ali kak god se okrene, sve je bolje od LastPassa, bilo lokalni KeePass, BitWarden ili nešto u tom stilu.

xlr · 01.12.2022., 16:49

Lokalno hostani Bitwarden (Docker) mi je zasad vec godinu dana vrh i radi bez greske. Prije toga sam duuugo koristio gotovo/njihovo rjesenje (free plan).

Koristim ga na vlastitoj domeni, zena i ja imamo odvojene accounte, 2FA i fail2ban podeseni. Moze se podesiti i enkriptirani automatizirani backup za slucaj da recimo host prdne u rosu.

Neo-ST · 01.12.2022., 16:54

Postoji li neki jednostavan način kako prebacit zilijun logina i passova sa Lastpass u Bitwarden?

prileee · 01.12.2022., 16:55

Da, prebacis sve u 15 min.

Export na lastpassu, import u bitwarden. Rucno san pribacia neke notes od security kodova sta san ima iz last pasaa ako se varam al sve relativno ekspresno obavljeno.

Sent from my iPhone using Tapatalk

IHrvojeI · 01.12.2022., 16:56

Citiraj:

Autor Neo-ST

Postoji li neki jednostavan način kako prebacit zilijun logina i passova sa Lastpass u Bitwarden?

al ne postoji export u Lastpassu i import u bitwardenu? Mora bit, jer sam ja to odradio pred koju god kad je isto bilo neko sranje. Sad sam na authenticoru od MS-a koji je za mene OK.

pdx · 01.12.2022., 17:02

A sto kad ste prebacili na bitwarden, delete baze na last pass ?

prileee · 01.12.2022., 17:26

Da, ima opciju brisanja accounta i svega tamo.

Sent from my iPhone using Tapatalk

1v@n · 01.12.2022., 18:34

Povećali su broj ljudi koje mogu ubaciti u Dashlane Family.

Imam 7 slobodnih mjesta, pa ako je netko zainteresiran, nek se javi.

Trenutno nas je troje, godina je 60 dolara, pa dijelimo po broju korisnika.

Imate ovdje detalje
https://www.dashlane.com/pricing?page=personal

Zadovoljan već godinama, bez prigovora. Radi na svim OS-ovima i svim browserima.

bAKeth · 01.12.2022., 19:55

Tek nedavno mi se javila potreba za nekim password managerom. Nakon malo istraživanja se odlučio za Bitwarden umjesto LastPassa i vidim da sam dobro odlučio.

SPLiFF · 02.12.2022., 07:59

Citiraj:

Autor 1v@n

Povećali su broj ljudi koje mogu ubaciti u Dashlane Family.

Imam 7 slobodnih mjesta, pa ako je netko zainteresiran, nek se javi.

Trenutno nas je troje, godina je 60 dolara, pa dijelimo po broju korisnika.

Imate ovdje detalje
https://www.dashlane.com/pricing?page=personal

Zadovoljan već godinama, bez prigovora. Radi na svim OS-ovima i svim browserima.

Same here
nikad problema
gratis VPN za povremeno korištenje
2FA

Nositelji family plana ne mogu baš ništa s vašim accountom osim izbaciti ga iz obitelji, tako da je skroz sigrurno uvaliti se kod nekoga

Night · 02.12.2022., 10:16

Citiraj:

Autor bAKeth

Tek nedavno mi se javila potreba za nekim password managerom. Nakon malo istraživanja se odlučio za Bitwarden umjesto LastPassa i vidim da sam dobro odlučio.

Bitwarden je open source, a Lastpass svoj programski kod krije kao zmija noge. Tako da ti je to već bilo dovoljno za donijeti tu (ispravnu) odluku.

vlatko27 · 02.12.2022., 11:03

Bitwarden je fantastično rješenje i plaćam 10$ premium samo da ih podržim. Godinama sam koristio free na svim uređajima i nevjerojatno je šta nude besplatno naspram konkurencije.

pdx · 02.12.2022., 11:43

Eto ga, dobio i Lastpass perm delete. Bitwarden here we go

Ico2005 · 03.12.2022., 16:54

također... bitwarden, lastpass upravo trajno obrisan

The Exiled · 23.12.2022., 12:17

Š.O.K._i_V.J.E.V.E.R.I.C.A.

Firma koja već skoro dvije godine radi suprotno od sigurnosti, napokon priznaje ono kaj je bilo očito od samog početka.

Citiraj:

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. This follows a previous update issued last month when the company's CEO, Karim Toubba, only said that the threat actor gained access to "certain elements" of customer information. Today, Toubba added that the cloud storage service is used by LastPass to store archived backups of production data. The attacker gained access to Lastpass' cloud storage using "cloud storage access key and dual storage container decryption keys" stolen from its developer environment.

NoNic2 · 25.12.2022., 19:47

Baš mi je drago da nisam imao posla sa lastPass-om. Igrom slučaja sam odabrao Bitwarden i ovaj put u potpunosti pogodio. Mislim ljudi čak plate pro verziju samo na ih podrže, što više dodati...

The Exiled · 15.01.2023., 13:03

Još jedan probijeni password manager koji dolazi od firme koja u svoja "antivirusna rješenja" stavlja opciju rudarenja kriptovaluta.

Citiraj:

NortonLifeLock warns that hackers breached Password Manager accounts

Citiraj:

Gen Digital, formerly Symantec Corporation and NortonLifeLock (1 - 2), is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. "This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts. The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk. By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts.

For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults. Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more. NortonLifeLock underlines that the risk is especially large for those who use similar Norton account passwords and Password Manager master keys, allowing the attackers to pivot more easily.

Izvor: BleepingComputer

The Exiled · 25.01.2023., 14:59

LastPass saga je sve bolja i bolja.

Citiraj:

LastPass parent company GoTo suffers data breach, customers' backups compromised

Citiraj:

LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan said.

Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. The company did not disclose how many users were impacted, but said it's directly contacting the victims to provide additional information and recommend certain "actionable steps" to secure their accounts. GoTo has also taken the step of resetting the passwords of affected users and requiring them to reauthorize MFA settings. It further said it's migrating their accounts to an enhanced identity management platform that claims to offer more robust security.

The enterprise software provider emphasized that it does store full credit card details and that it does not collect personal information such as dates of birth, addresses, and Social Security numbers. The announcement comes nearly two months after both GoTo and LastPass disclosed "unusual activity within a third-party cloud storage service" that's shared by the two platforms. LastPass, in December 2022, also revealed that the digital burglary leveraged information stolen from an earlier breach that took place in August and enabled the adversary to steal a massive stash of customer data, including a backup of their encrypted password vaults.

Izvor: The Hacker News

kvaju · 25.01.2023., 17:01

Imao sam prije LastPass, i prije nekih 5 godina sam prešao na Bitwarden.
Nisam odmah brisao LP, dok se ne uvjerim da je BW ok, i da šifre budu tu još neko vrijeme.

No kako BW radio ok, smetnuo sam obrisati skroz LP, tek neki dan sam se logirao u LP i obrisao račun.

Šta bi radili na mom mjestu, da mjenjam šifre jer sam radio export iz LP u BW kada sam prelazio?

Sent from my Pixel 7 using Tapatalk

01.12.2022., 11:18	#96
prileee laser Moj komp Datum registracije: Oct 2009 Lokacija: Split Postovi: 2,273	Ako (uopce) postoji jos netko tko nije migrira na bitwarden ili neku drugu opciju - vrime je. __________________

01.12.2022., 11:35	#98
The Exiled McG Moj komp Datum registracije: Feb 2014 Lokacija: Varaždin Postovi: 6,768	Da, u ovom trenutku sve je bolje od LastPass i sl. pizdarija. Firefox Sync sam složil mami za njezine sitnice, a glavna lozinka je još dodatno spremljena u KeePass. __________________ AMD Ryzen 7 Pro 4750G + Vega iGPU \| be quiet! Pure Rock 2 Black \| MSI B450 Tomahawk Max II \| 32GB G.Skill DDR4-2666 Value \| 256GB AData SX8200 Pro NVMe \| 2x4TB WD Red Plus \| Fractal Define 7 Compact \| Corsair CX450M

01.12.2022., 15:55	#102
The Exiled McG Moj komp Datum registracije: Feb 2014 Lokacija: Varaždin Postovi: 6,768	Da, ali LastPass to ima samo na papiru kaj se enkripcije tiče, dok ih se uredno hakira, a oni se u međuvremenu prave Englezi i rade ko zna kaj s podacima svojih korisnika kojima svako malo smjeste pušku, podignu cijene ili ih općenito tjeraju na kompromise. BitWarden je višestruko provjereno open-source rješenje koje svatko može, ako želi lokalno podesiti, bez da se kao u LastPass slučaju netko treći ili općenito posrednici miješaju u cijelu priču. Imaš unatrag par stranica sve još dodatno detaljno, pa provjeri, ali kak god se okrene, sve je bolje od LastPassa, bilo lokalni KeePass, BitWarden ili nešto u tom stilu. __________________ AMD Ryzen 7 Pro 4750G + Vega iGPU \| be quiet! Pure Rock 2 Black \| MSI B450 Tomahawk Max II \| 32GB G.Skill DDR4-2666 Value \| 256GB AData SX8200 Pro NVMe \| 2x4TB WD Red Plus \| Fractal Define 7 Compact \| Corsair CX450M

01.12.2022., 16:49	#103
xlr 49%winner Moj komp Datum registracije: Sep 2007 Lokacija: PU Postovi: 8,782	Lokalno hostani Bitwarden (Docker) mi je zasad vec godinu dana vrh i radi bez greske. Prije toga sam duuugo koristio gotovo/njihovo rjesenje (free plan). Koristim ga na vlastitoj domeni, zena i ja imamo odvojene accounte, 2FA i fail2ban podeseni. Moze se podesiti i enkriptirani automatizirani backup za slucaj da recimo host prdne u rosu. __________________ ♕ Keep calm and fastboot oem unlock. ♕

01.12.2022., 16:55	#105
prileee laser Moj komp Datum registracije: Oct 2009 Lokacija: Split Postovi: 2,273	Da, prebacis sve u 15 min. Export na lastpassu, import u bitwarden. Rucno san pribacia neke notes od security kodova sta san ima iz last pasaa ako se varam al sve relativno ekspresno obavljeno. Sent from my iPhone using Tapatalk __________________

18.01.2022., 12:47	#91
Night Premium Datum registracije: Oct 2008 Lokacija: Dbk Postovi: 986	Ispod su dva linka sa jednom i drugom stranom priče, ali LastPass je u zadnje vrijeme jako sumnjiv servis i bilo bi ga pametno napustiti dok se još može bez većih problema. Isto vrijedi i za Authy i sve ostale servise koji ne nude export podataka, seedova i svega ostalog potrebnog za korištenje drugog servisa. https://alternativeto.net/news/2022/...pricing-plans/ https://unitednewspost.com/news/tech...words-hostage/

26.08.2022., 06:16	#93
SPLiFF Premium Moj komp Datum registracije: Dec 2004 Lokacija: Osijek Postovi: 2,020	Evo jedne dobre alternative, SafeInCloud koristim 8 godina, bazu držim na svom cloudu, desktop app je free a iOS se plaća jednokratno, lijepo izgleda, ekstenzije rade dobro i ima jako puno mogućnosti personalizacije unosa poput KeePass-a. Inače paralelno koristim i Dashlane ali samo zato što nisam bio svjestan da SafeInCloud ima 2FA + ne plaćam ga (uvalio se u family).

01.12.2022., 11:22	#97
Libertus Premium Moj komp Datum registracije: Jul 2017 Lokacija: Ramura Postovi: 2,479	Imate Mozilla Sync tj. Firefox Sync. Vaše lozinke kriptirane vašom glavnom lozinkom. Mana, ako ju zaboravite, bye bye lozinke.

01.12.2022., 12:48	#99
Neo-ST Buying Bitcoin Moj komp Datum registracije: Feb 2007 Lokacija: Croatia Postovi: 7,975	Najbolja alternativa Lastpass-u ?

01.12.2022., 12:53	#100
vlatko27 Premium Moj komp Datum registracije: Oct 2007 Lokacija: Zagreb Postovi: 668	Bitwarden. Ili Keepass ako hoćeš malo više DIY.

01.12.2022., 16:54	#104
Neo-ST Buying Bitcoin Moj komp Datum registracije: Feb 2007 Lokacija: Croatia Postovi: 7,975	Postoji li neki jednostavan način kako prebacit zilijun logina i passova sa Lastpass u Bitwarden?

01.12.2022., 17:02	#107
pdx Premium Moj komp Datum registracije: Dec 2009 Lokacija: krk Postovi: 482	A sto kad ste prebacili na bitwarden, delete baze na last pass ?

01.12.2022., 17:26	#108
prileee laser Moj komp Datum registracije: Oct 2009 Lokacija: Split Postovi: 2,273	Da, ima opciju brisanja accounta i svega tamo. Sent from my iPhone using Tapatalk __________________

01.12.2022., 18:34	#109
1v@n The mighty pirate Moj komp Datum registracije: Sep 2007 Lokacija: London Postovi: 8,638	Povećali su broj ljudi koje mogu ubaciti u Dashlane Family. Imam 7 slobodnih mjesta, pa ako je netko zainteresiran, nek se javi. Trenutno nas je troje, godina je 60 dolara, pa dijelimo po broju korisnika. Imate ovdje detalje https://www.dashlane.com/pricing?page=personal Zadovoljan već godinama, bez prigovora. Radi na svim OS-ovima i svim browserima. __________________

01.12.2022., 19:55	#110
bAKeth Premium Moj komp Datum registracije: Oct 2016 Lokacija: . Postovi: 54	Tek nedavno mi se javila potreba za nekim password managerom. Nakon malo istraživanja se odlučio za Bitwarden umjesto LastPassa i vidim da sam dobro odlučio.

02.12.2022., 11:03	#113
vlatko27 Premium Moj komp Datum registracije: Oct 2007 Lokacija: Zagreb Postovi: 668	Bitwarden je fantastično rješenje i plaćam 10$ premium samo da ih podržim. Godinama sam koristio free na svim uređajima i nevjerojatno je šta nude besplatno naspram konkurencije.

02.12.2022., 11:43	#114
pdx Premium Moj komp Datum registracije: Dec 2009 Lokacija: krk Postovi: 482	Eto ga, dobio i Lastpass perm delete. Bitwarden here we go

03.12.2022., 16:54	#115
Ico2005 Premium Moj komp Datum registracije: Apr 2006 Lokacija: Slavonija ravna Postovi: 449	također... bitwarden, lastpass upravo trajno obrisan

25.12.2022., 19:47	#117
NoNic2 Registered User Datum registracije: Dec 2008 Lokacija: zadar Postovi: 50	Baš mi je drago da nisam imao posla sa lastPass-om. Igrom slučaja sam odabrao Bitwarden i ovaj put u potpunosti pogodio. Mislim ljudi čak plate pro verziju samo na ih podrže, što više dodati...

25.01.2023., 17:01	#120
kvaju Registered User Datum registracije: Jan 2008 Lokacija: Cirkus Postovi: 633	Imao sam prije LastPass, i prije nekih 5 godina sam prešao na Bitwarden. Nisam odmah brisao LP, dok se ne uvjerim da je BW ok, i da šifre budu tu još neko vrijeme. No kako BW radio ok, smetnuo sam obrisati skroz LP, tek neki dan sam se logirao u LP i obrisao račun. Šta bi radili na mom mjestu, da mjenjam šifre jer sam radio export iz LP u BW kada sam prelazio? Sent from my Pixel 7 using Tapatalk