Maybe he didn’t patch Meltdown and they’re just reading his new password as he generates it.
Is he speaking his password out loud as he says it? Does he have an Amazon Echo or Google Home? Is he in a room with glass windows? THEY COULD BE SHINING LASER BEAMS AT HIS WINDOWS
As far as I could tell from the headers and everything (plus all the information contained within) it’s legit.
I regenerated a new steam password on my Linux laptop this time so we’ll see if it gets triggered again (though I can’t prove a negative). I might just use this opportunity to reinstall my Windows desktop into Linux and give GPU pass through another attempt but, that’s a lot of effort.
Do you have your LastPass account itself secured with 2FA?
Yep via google authenticator
My LastPass sub is expiring. Really not sure about wanting to continue sub at $2/month. If it were $1/month, I would not have think twice but at double the price of the features I still use for free, I don’t really see a point.
Same, I’m letting mine go.
I would have been happy to continue at the old price even though I don’t use any of the features, but double is too much.
The only one feature I will miss is the ability share certain password with another LastPass user… is that available in the free?
Yeah pretty sure it is.
After a couple months of going free, I’m not regretting it. I’d have paid again for the $1 a month, but they convinced me that free works best for what I need.
Besides, if I ever needed quick tech support, I implemented the Enterprise version my workplace in 2016 based on my love of LastPass and could always use that provided the problem is question/answer based.
Yeah, no compelling reason to pay these days.
Lastpass is still fine and free, but Bitwarden is looking good these days. Waiting on its full security audit before trusting it, though.
Why is that?
I have no complaints with LastPass Premium still.
It’s an open-source high-quality solution. But until the audit is done, no go.
Interview with Sandor Palfy, CTO of Identity and Access Management at LogMeIn. (Cringeworthy opening paragraph, not much meat in the interview, but worth noting I guess.)
5 Questions on Password Behaviors with Sandor Palfy of LogMeIn
While this topic is active again, does anyone know much about the FIDO and other password-less authentication implementations that were launched the other day? Are they going to mean much for desktop users or is it more likely to be something of use for mobile where biometrics are increasingly built in? And, in practice, is it going to reduce the risk from data breaches or are all these sites going to have passwords as a fallback?
That’s either biometric or hardware authentication. So either your retina/face/fingerprint or a little USB key. I think it’s really dangerous as a single-factor authentication mechanism, because you can’t change your fingerprint. Once it’s stolen, you’re screwed forever.
Biometrics are a fantastic second factor. But they should never, ever, be used as a single factor.
Once your biometric ‘hash’ is hacked, how do you go about changing it?
While I haven’t delved into the FIDO specification, since Yubikey uses FIDO you would need to get several secret keys, not just your “biometric” hash but also a device hash. Since devices don’t send your biometric hash, but your biometric hash combined with time based secret keys (with shared secrets) what’s sent over the wire is only time and device sensitive info.
That’s the foundation at least behind Google Authenticator’s 2fa, and it seems like they would use at least the same requirements as a base for 1fa.