Lastpass was down today apparently.

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Not understanding the complaints here.. There are always going to be issues that might cause a problem with access to online services outside the control of the company providing the services. Be it an isp issue for some users, be routing issues outside control of the company providing the services, be it DC issues where company provides services. From their blog post it sure seems like they are on top of the issue.

If you use the browser ext, it would not been an issue you would of just used your offline cache. If your not using browser ext then you clearly are not using the tool as designed, but you could always access your passwords with the use of their offline tool https://helpdesk.lastpass.com/lastpass-on-the-go-2/lastpass-pocket/

As to the debate of printing out passwords. While this might be useful in a company, old company we did it when we changed all the local admin accounts. But these passwords were never used, and I was really the only one that knew what they were changed too. They were locked in the safe at the facility that you even needed controlled access to even get to the safe, and then you needed the safe combo.

As to printing out your personal passwords and putting in safe at a bank, this clearly makes it a pain to change passwords and update your backup list. You might be better off just storing this backup hard copy at your location.

Is printing out passwords and leaving them on your desk a bad idea - sure!! But if your going to print out your passwords as part of a emergency DR or Backup I don't see a problem with it - as long as this hardcopy is stored securely with controls on who has access. The pain here is keeping this list updated when you change your passwords.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

Is printing out passwords and leaving them on your desk a bad idea - sure!! But if your going to print out your passwords as part of a emergency DR or Backup I don't see a problem with it - as long as this hardcopy is stored securely with controls on who has access. The pain here is keeping this list updated when you change your passwords.

 

The_fonz_thumbs_up.jpg

Grand Master

HawkMan

Posted
Posted

Do yourself a favour and just use KeePass.

 

But. KeePass is horrible. almost as horrible as roboform... so... no.

So I'm guessing you do not regularly change any of your 350 passwords?  There's some good security.

 

Changing passwords frequently or even regularly does not inherrently make them safer or more secure. it's a fallacy. in fact regularly changing password are more likely to make them less secure. 

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Changing passwords frequently or even regularly does not inherrently make them safer or more secure. it's a fallacy. in fact regularly changing password are more likely to make them less secure.

Agree 100% with this statement, the only time passwords to be honest need to be changed is if there is a chance they have been compromised. Person leaves or is no longer authed to access something that they might have passwords for, etc.

The one good reason to change passwords on a reg basis is if there is chance that over a period of time passwords are exchanged with people that shouldn't have them.. Let say for example a tech your working with is given a password, now normal controls should mean this password is then changed right after his access is no longer required. But this process may or may not happen. If that is the case then a reg change to the passwords could now remove that unauthed access.

Changing passwords say every 90 days for the sake of changing them agreed is a bit of fallacy, and forcing users to change their password every X days for no reason other than changing it doesn't buy you much security. If your worried about someone brute forcing the password then you should make it very frequent that the passwords need to be changed, etc. Better security would be lock out policies that require manual unlock by someone who will look into the reason for the lock out. Control on how many attempts per second, alerts on such attempts, etc. etc.

If the password is secure, and has controlled access to has it.. Say only YOU!! Then changing it on schedule can be more pain and could even be debated that the process could cause lost hours, lock outs, people writing them down be cause they can't remember it because they have to change it so often, etc.

Now in light of such things as a site you visit has been compromised, or things like heart bleed that come to light or hackers have a billion accounts, etc. It might be a good idea to not only change your passwords but re-evaluate the overall security of your passwords. If using a tool like lastpass they have a built in security scan that will list all your sites that have duplicate passwords, score on security of them, are you using multifactor, etc.

Since your not having to type these passwords with such a tool, make sure that all your passwords are using max length a site allows for - make sure your sites are not using duplicates, etc.

Every single time I had to change all the local passwords I would bitch about how it was a pointless waste of time - they are all 20 characters long, they are not even used (so no chance of leakage by someone watching them be typed in or exchanged with people who then leak them since they are locked in a safe and nobody knows them in the first place). You have to gain access to a controlled room to even use them since they are "local" you can not even use them across the network. But they had to be changed just the same for "audit" reasons..

Grand Master

exotoxic

Posted
Posted

Interestingly Lastpass being down exposes what Is pretty much a massive flaw in their multifactor setup in that if you permit offline login you can completely bypass multifactor authentication.

 

Expalin more, is it some sort of exploit?? I just tested, switched off router and couldn't login to lastpass (browser extension) without inserting my yubikey.

Grand Master

primexx

Posted
Posted

Changing passwords frequently or even regularly does not inherrently make them safer or more secure. it's a fallacy. in fact regularly changing password are more likely to make them less secure. 

 

Very true, too many people equate "frequent change" with "secure". Although, frequent password changes carry no risk in reduction of security if you're already using a password manager. It just becomes merely inconvenient for very little gain.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft outs Windows 11 KB5095093 with long list of new features

      By wingliston · Posted

      After I installed KB5095093, the volume on my ARM laptop won't go above 20%. It's stuck on the hearing protection level, which is pretty much useless if you want to listen to anything. I rolled back.
    • Amazon Prime Day slashes Samsung's newest Galaxy Watch Ultra by 45 percent

      By Karthik Mudaliar · Posted

      Amazon Prime Day slashes Samsung's newest Galaxy Watch Ultra by 45 percent by Karthik Mudaliar Samsung’s flagship Android smartwatch has received one of its steepest Prime Day cuts. Amazon has dropped the 2025 Samsung Galaxy Watch Ultra in Titanium Blue to $357.24, saving buyers around $292 from its $649.99 list price. That's a 45 percent discount (purchase link below). The 47mm Galaxy Watch Ultra uses a titanium casing and a 1.5-inch Super AMOLED display with a resolution of 480 x 480 and peak brightness of 3,000 nits. It includes LTE connectivity, Bluetooth 5.3, Wi-Fi, NFC, and dual-frequency L1+L5 GPS for more accurate outdoor route tracking. The 2025 model has 64GB of storage, a 590mAh battery, sapphire crystal glass, 10ATM water resistance, IP68 protection, and MIL-STD-810H durability testing. Its health and fitness tools include heart rate monitoring, sleep coaching, Energy Score, Running Coach, body composition analysis, temperature sensing, and ECG support, where available. This model is best suited to Android users who regularly run, hike, cycle, or train outdoors and want cellular access without carrying a phone. The larger battery, rugged construction, bright display, and dedicated Quick Button also make it a stronger option than Samsung’s regular Galaxy Watch models for extended workouts and demanding environments. Grab the Titanium Blue Galaxy Watch Ultra before the Prime Day price resets: Samsung Galaxy Watch Ultra (2025) [Sold and Shipped by Amazon] Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Google begins rolling out its post-Epic Play Store billing model next week

      By Karthik Mudaliar · Posted

      Google begins rolling out its post-Epic Play Store billing model next week by Karthik Mudaliar Google has confirmed that its redesigned Play Store billing and fee structure will take effect on June 30, 2026, in the United States, the United Kingdom, and the European Economic Area. The changes will let eligible developers offer their own payment systems or send users to an external website for purchases, while separating Google’s platform service fee from the cost of using Google Play Billing. The rollout puts concrete dates and detailed rate cards behind the broader Android policy overhaul Google announced in March. That announcement followed a proposed settlement with Epic Games intended to resolve their long-running disputes over app distribution and payments, although the U.S. portion of the agreement still requires court approval. Under the new billing choice program, developers selling digital content or services can display an alternative payment option alongside Google Play Billing. They may also direct users to their own websites to complete a purchase. Developers can use Google’s standard payment-choice screen or design one that complies with the company’s user-interface rules. Choosing another payment processor does not eliminate Google’s cut altogether. The company will continue charging a service fee for transactions associated with apps distributed through Google Play, regardless of whether payment is handled by Google, an alternative provider, or a developer’s website. Google argues that this fee covers the value and infrastructure provided by Android and the Play Store. For developers earning up to $1 million annually, the service fee will generally be 10 percent. That rate also applies to auto-renewing subscriptions. When Google Play Billing is used in the U.S., U.K., or EEA, Google will add a separate 5 percent billing fee, and developers processing payments elsewhere will not pay that additional charge. This means Google’s familiar flat 30 percent commission is disappearing, but developers will not necessarily see a dramatic reduction on every transaction. An in-app purchase from an existing user processed through Google Play Billing can still reach a combined 30 percent. The biggest savings are likely to come from subscriptions, smaller developers covered by the $1 million tier, and companies able to move customers to their own payment infrastructure. Google is also offering lower rates through its Apps Experience and revamped Games Level Up programs. Apps and games that satisfy the company’s requirements can qualify for 15 percent service fees on new-install transactions and 20 percent on existing-install transactions. The criteria include performance and reliability standards, support for additional Android device categories, and selected platform features. Those program rates are scheduled to become available in the initial markets and Australia on September 30. For consumers, the immediate effect will depend on whether developers adopt alternative payments and pass any savings on through lower prices. For developers, however, June 30 begins a more flexible but considerably more complicated Play Store economy in which distribution, billing, install dates, revenue thresholds, and program participation can each affect Google’s final cut. Google is also separately developing a Registered App Stores program designed to simplify the installation of qualifying third-party stores. That initiative is expected to arrive with a major Android release later in 2026 and will launch outside the U.S. first. Google says the rest of the world will receive the changes by September 30, 2027, although billing rates for markets outside the US, UK, and EEA have not yet been announced.
    • The official Funny Pictures thread

      By PsYcHoKiLLa · Posted

    • 1TB Samsung T9 and Samsung 9100 PRO SSDs are now selling at great prices

      By morpheus6969 · Posted

      38% off a super insane price is still an INSANE price.

  • Recent Achievements

    • Dedicated
      Scoobystu earned a badge
      Dedicated
    • First Post
      Tom Schmidt earned a badge
      First Post
    • One Month Later
      D0nn13 earned a badge
      One Month Later
    • Rookie
      +ChiefOfNeo went up a rank
      Rookie
    • One Year In
      Tom Schmidt earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      464
    2. 2
      +Edouard
      177
    3. 3
      PsYcHoKiLLa
      124
    4. 4
      Michael Scrip
      81
    5. 5
      Xenon
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!