![]() ![]() They have paid hosting plans, but the product itself is open source and can technically be hosted anywhere.Įven after considering the single point of failure (eggs in 1 basket) argument and all of the real/perceived vulnerabilities inherent in the commercial & open source password management solutions they are hands down more secure than letting a browser manage credentials or storing passwords in a text/.xls file.Ī couple of free tools to consider are Sticky Password and LogMeOnce. ![]() It's easy enough to sync using OneDrive, btsync, Dropbox, etc.Īlternatively, Bitwarden seems like a viable open-source password manager. Personally, I'd stick with kdbx and clients like KeePassXC (desktop) or Keepass2android (mobile). Technically the API is open-source, but who here actually uses an open-source LastPass client? The client is proprietary closed-source software. All it would take is one LastPass update that messed with save settings, uploaded the data somewhere unencrypted, etc. Who cares about measly passwords when you've got unfettered access to the computer?īut yeah, I mean, whatever floats your boat. Kinda an egregious slip-up if you ask me. In 2017 LastPass even made an update that allowed for arbitrary remote code execution: For example, Tavis Ormandy, who tears apart software like it's nothing will tweet out about a vulnerability that he's found in LastPass and in less than 96 hours they've reached out to him, replicated his findings, and pushed an update.Īs a hacker, LastPass would be a great target. I also like them because they are VERY responsive to security researchers who find vulnerabilities in their code. LastPass supports a wide range from their own authenticator app that does push authentication to your device, Google authenticator, Yubikey, DUO, etc. What's important to remember with LastPass (or any password manager for that matter) it's only as strong as your master password, use one that isn't used anywhere else and turn on MFA. This encrypted blob is what is synchronized across machines and devices, LastPass never sees the contents of this blob. The way it works is by creating the database on your local computer as an encrypted blob. LastPass, or really any password manager is your best option for protecting your passwords, I use it for everything and I'll be honest that I don't even know what many of my passwords are because I leave it up to the app to generate account passwords for me. Play nice, support each other and encourage learning. We are not tech support, these posts should be kept on /r/techsupportĭon't be a dick. Low-effort content will be removed at moderator discretion from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam. Spam is strictly forbidden and will result in a ban. ![]() Sharing of personal data is forbidden - no doxxing or IP dumping No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. "How does HSTS prevent SSL stripping?" is a good question. Intermediate questions are welcomed - e.g. Offering to do these things will also result in a ban.Asking how to get into your "girlfriend's" instagram.This is not the place to try to find hackers to do your dirty work and you will be banned for trying. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not Hacking can be a grey area but keep it above board. "TeenagerĪrrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering". Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!īans are handed out at moderator discretion.Īnother one got caught today, it's all over the papers. This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials any beginner questions should be directed there as they will result in a ban here. What we are about: quality and constructive discussion about the culture, profession and love of hacking. A subreddit dedicated to hacking and hacking culture. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |