LastPass No Longer Requires a Password To Access Your Vault - Slashdot
source link: https://it.slashdot.org/story/22/06/06/2111206/lastpass-no-longer-requires-a-password-to-access-your-vault
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
LastPass No Longer Requires a Password To Access Your Vault
Please create an account to participate in the Slashdot moderation system
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
-
›
And then your phone dies or gets lost/stolen...
And then your face or fingerprint unlocks *all* your accounts.
-
Oh wow you're so smart! So much smarter than security professionals who designed these systems. You were probably the smartestest person in all of your classes in highschool weren't you? It's a shame you aren't in charge of the world because nobody would make such stupid mistakes.
You should use your giant brain and tell people how to create single-use private/public key pairs that are only stored on a single device and are hashed individually based on the hardware of the device that scans your biometric f
-
Do you legitimately think you've thought of something remotely novel? Do you really feel you're working with a good - let alone perfect - set of information about this? Because from my vantage point, I'm looking at a person who - based on his initial reaction - appears totally incapable of judging of how unsuited he is to weigh in on the matter.
-
No, he thinks he's pointing something excessively obvious, something that "we're first, it's shiny" lastpass advertisement appears to utterly miss. That this is an utterly insecure thing that no one should lock all of their passwords behind.
-
Damn straight. KeePass database stored where convenient with a key file kept on your person. Why complicate things with fancy, hack-worthy bullshit?
-
-
-
-
I sign into bitwarden on my phone with biometrics all the time and have done for months.
Lastpass might well be the first to link web-login to the app biometric login though, which is a nice step.Of course, most of this passwordless stuff is BS... for most of them you still fall back on a password as soon as the new-shiny-passwordless-login-option fails or isn't available for some reason, in which case its not more secure than a password because its STILL secured by a password, and now you have another way TOO.
You can't make system more secure than the weakest link by adding other links.
-
Every time you use your password somewhere there's a risk you're entering it into a phishing login prompt.
Every computer that you type your password into is a computer that might have a keylogger installed on harvesting credentials.
Every server that stores a password is a server that might not have salted their database properly and could be theoretically brute forced.
-
My phone where I run the app could be hacked too. There is no perfect solution.
-
"Every time you use your password somewhere there's a risk you're entering it into a phishing login prompt."
2FA proxying is a thing. They send you to a fake lastpass login, you click "passwordless login baby!" they proxy that request over to the real lastpass, your phone beeps, you authenticate, and the bad actors are in.
Or the phishing page says... hey... oops there was an error. Something isn't working. We need to fall back to the recovery password, or we need to confirm your password, or whatever, and th
-
-
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK