The concern with the latest Lastpass hack is that a hacker was able to download actual user password vaults.
Yes, everyone should use 2FA and prefer an app like MS Authenticator for OTP over the more common solution of using SMS. The YubiKey is just a much stronger key for 2FA. The future of password is going to be Passkeys:
But…“While user password vaults are still protected by their master passwords, the hacker may try brute force, phishing, or social engineering attacks.”
In my case, that means somehow getting my 16 digit pw of numbers, symbols, upper/lower letters, AND THEN get my Yubikey for that code. Foolproof? Of course not, but I feel safe.
I use Lasspass and 2 factor authentication. After reading this post, I am reading about possible additional steps including Yubikey (hardware authentication) and app authentication. Trying to keep with security stuff is painful for me so I try to remember that “a stitch in time saves nine”
I dont think so…if they have already downloaded the vault, they only need to crack the Master password. The 2FA only protects access to the passwords while accessing them through Lastpass security.
Agree, but at last count, I have +450. Yes, I could create my own file encryption, but having to de-crypt for every site would take a lot of time and energy.
I have 2 credit cards, 1 bank, one investment account. The PWs for these are memorized and locked away. I use one desk computer to access only these accounts. I keep my phone as close as my wallet and store some PWs there embedded with data that is only obvious to myself. For non-important sites I just use a common memorable PW. This works well for me. When I croke, the people that will take care of my/our finances know where to look.