I know some of you are LastPass users. If you have not got the email from LastPass, saying their servers were hacked then read this... https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ LastPass has not said how many users are affected but LastPass account email addresses, password reminders, salts, and password hashes were all compromised. Encrypted data has not been compromised, so your data should be safe unless you have a trivial LastPass master password and no 2nd factor authentication. Remember there is no 2nd factor authentication for mobile logins, so be sure that only your own mobile devices have access to your LastPass account. You may find your LastPass account locked down if you don't log on via a recognised device/ip address and LastPass will be prompting users to change their master password (I have not been prompted yet) Given that LastPass email addresses were stolen I am surprised LastPass has not suggested changing the LastPass email address for logon. I have done this already and deprecated the old email address as I don't want phishing emails purporting to come from LastPass. I have assumed that the LastPass security email address was also compromised so I have replaced that too.
Personally, I'd never trust a password manager of any sort, and it seems any website or internet service of any type, whether big or small are vulnerable to attack. I keep my passwords offline and off my laptop on a USB drive, all encrypted, and backed up to an external USB HDD. I also have different passwords for every website (last count: 290), but its becoming a pain, everything is online these days, not like the 90's where we did everything through the post. I miss the 90's when life was so much simpler.
never mind all that..... I hate when they upgrade something all of sudden, and one hasn't got a choice to join in or not. yesterday. as I turned on my laptop at work, Mozilla Firefox, I use, had a fit of modernization and went into screw everything up mode. I was quite happy with the oldwer version, infinitively happier. The process wiped everything I had on my laptop, cleared my saved work, totally wiped my hard drive of the backup and is playing hell if I don't have an account with them. Bugger that for a lark. not even the sync works. Admittedly I was so mad I would happily have thrown the laptop out of the window, without opening it first... Firefox....... Epic fail.
There is one online service where the only thing that could happen is that your account could vanish if their servers and backup failed, and the only way your data can be cracked is if your password gets compromised by a keylogger or the likes. If you lose your password you're stuffed as they can't decrypt your data, code is open source and subject to full scrutiny of the encryption technique and the technique is very very clever I read up on it 10 years back and have been using the service for secure storage of account details and the likes ever since.
It will get worse Dom, so much software now comes with legal terms that mean you have to let them update it remotely, Android is like that and Windows 10 will almost definitely be like that.
My worst password hates: Password must be changed every 30 days. Must contain at least one uppercase letter, one number, and one of those strange characters that can never be found on a different PC or Android keyboard. Cannot use the same character in the same position as the last 5 passwords. If you sign in from a new location you must verify that you are really yourself by entering a code sent to you by e-mail or SMS <==This last one is Hotmail. Aaargh!
