[Lex Computer & Tech Group/LCTG] LastPass confirms users' password vaults were stolen by hackers

Alan Millner armillner48 at gmail.com
Thu Dec 29 13:14:28 PST 2022 

I put my passwords on my paper rolodex.
It has never been hacked.

Alan Millner
amillner at alum.mit.edu
781-862-7893
48 North St., Lexington MA 02420



On Dec 29, 2022, at 3:55 PM, Jon Dreyer <jon at jondreyer.org> wrote:

My approach is a bit more work, but it makes me feel safe despite how theoretically easy it would be to break it.

I have a text file in an unlinked, and trivially password protected, Web page. That file looks like a list of my passwords, but it isn't quite. Each password in the file is a randomly generated string, but what the attacker (except for you all) doesn't know is that the actual passwords are those random strings but with my own personal tweak. When I log in to, say, my bank account, I copy/paste the string from the file into the password field and then tweak it.

So the only way I'm screwed is if they find this file and figure out my ttweak (and there's no clue that one is needed except that the passwords don't work). Cryptographically unsafe, but it feels pragmatically pretty safe to me, since you can break into millions of accounts if you hack lastpass, but you can only get my accounts if you hack this.

Somebody who doesn't have their own Web site could do this with something like a google doc or google sheet.

And I also use 2FA for important sites as well.

-- 
Jon "I Don't Have To Outrun The Bear; I Just Have To Outrun You" Dreyer
Math Tutor/Computer Science Tutor <http://www.passionatelycurious.com/>
Jon Dreyer Music <http://music.jondreyer.com/>===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to armillner48 at gmail.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/armillner48@gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221229/8c9b8903/attachment.htm>

More information about the LCTG mailing list