It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

LastPass Gets Hacked – Time for Passwordless Logins?

page: 1
2

log in

join
share:

posted on Jun, 23 2015 @ 11:26 AM
link   
Hack Brief: Password Manager LastPass Got Breached Hard

"EXPERTS RECOMMEND PASSWORD managers like LastPass as the easiest way to generate unique, strong security codes for every one of your online accounts—which sounds great, until that password manager itself is cracked, potentially offering attackers access to all the accounts it was designed to protect." www.wired.com...



Password manager service LastPass announced last week that they experienced a data breach that exposed users' email addresses, encrypted passwords and cleartext password reminder hints.

Following the good advice to never use the same password twice, and to choose passwords that are difficult to guess (and remember), many people use password management sites such as LastPass. But the problem with using a Web-based third party to store your passwords is that they can get hacked, too.

LastPass certainly took many security precautions, and some of them worked. For example, LastPass never had access to customers' master passwords in cleartext. But they did store other information about users in cleartext, and it's this compromised information that can be used to guess weak master passwords.

cointelegraph.com...


The cryptocurrency community has shown great excitement recently at the world's first Secure Quick Reliable Login (SQRL) that utilizes QR codes and the public-key cryptography behind Bitcoin to achieve passwordless login. This development prove that usernames and passwords are far from necessary in order to achieve secure client-server "relationships" online.

But will either of them take off? Will another approach entirely prove to be more appealing?

It'll all come down to how many data breaches consumers are willing to put up with.



posted on Jun, 23 2015 @ 11:33 AM
link   
We should use a password based on our DNA or something. I mean it's 2015. I have a robot that cleans my floors and a litter box that cleans itself, yet I still have to make sure to include a number and special character in my password.



posted on Jun, 23 2015 @ 11:42 AM
link   
a reply to: MystikMushroom

Retinal scan or fingerprints, DNA is too easy to obtain...although apparently so are fingerprints ( Hackers recreate fingerprints using public photos ).

Retinal scan is probably the safest, modern tech should be easily able to accomplish this on the cheap.



posted on Jun, 23 2015 @ 11:53 AM
link   
a reply to: MystikMushroom


…yet I still have to make sure to include a number and special character in my password.

If its on line its "out there" and ultimately vulnerable.

Thats why I can't figure out why people do their banking on line. We accept the security measures they say they employ.

But really? To my mind thats like mailing cash by postal service. It might get there and then again…



posted on Jun, 23 2015 @ 11:55 AM
link   
a reply to: woogleuk

I mean based on our DNA. Use a unique sequence of numbers or something from a polynucleotide sequence of your DNA or something.



posted on Jun, 23 2015 @ 11:57 AM
link   
at least for PC and tablet/phone based applications, i wonder when they will just do facial recognition. You have a camera pointing right at you while logging in, right?



posted on Jun, 23 2015 @ 12:01 PM
link   

originally posted by: woogleuk
a reply to: MystikMushroom

Retinal scan or fingerprints, DNA is too easy to obtain...although apparently so are fingerprints ( Hackers recreate fingerprints using public photos ).

Retinal scan is probably the safest, modern tech should be easily able to accomplish this on the cheap.

Still vulnerable but not as much so. Combinations of Iris, fingerprint, facial recognition and (DNA might) be used in the future. Called Biometrics, it is currently being used in India, and has been used in Iraq and Afghanistan to track them terrs.

Article
edit on 23-6-2015 by intrptr because: edit in ( )



posted on Jun, 23 2015 @ 12:01 PM
link   
I am a big fan of a hardware/chip and pin combo. The gov't uses a Common Access Card (CAC) and it is my personal favorite. You aren't going to forget a simple pin, and without the hardware, you don't get in. Computers can easily be outfitted with card readers, and web sites can be configured to read your certification.

It isn't infallible, but simpler than passwords and a whole lot more secure. Something very similar could be applied to commercial/everyday use, like a USB dongle/pin combo, or any number of other things.

The key is combining two or more levels rather than just making passwords longer and longer.
edit on 23-6-2015 by Halfswede because: (no reason given)



posted on Jun, 23 2015 @ 12:06 PM
link   

originally posted by: bigfatfurrytexan
at least for PC and tablet/phone based applications, i wonder when they will just do facial recognition. You have a camera pointing right at you while logging in, right?


An artist in Chicago, IL has come up with a controversial way to use 3D printing that is probably eons apart from anything you heard the technology being used for. Leonardo Selvaggio is selling 3D printed face masks that are replicas of his own face, as a way to defy facial recognition and surveillance technology.

The idea arose with Selvaggio’s frustration at being constantly “surveilled”. According to Selvaggio, Chicago is the “most widely surveilled city” in the United States and employs a hi-tech surveillance system of over 25,000 cameras all networked to a single facial recognition hub.

“Working as an artist in Chicago, the most widely surveilled city in the nation, and seeing how it has affect the way I behave and think about public space, I have an overwhelming urge to protect the public from such surveillance. Everyone has a right to privacy,” Selvaggio says.

"In an Indiegogo project dubbed URME (phonetically, "you’re me"), Selvaggio offers three ways to buy his face, all sold at cost. The first is as a photorealistic, 3-D printed and hand-painted prosthetic mask. At a glance, it appears real to cameras and people alike." www.fastcodesign.com...



posted on Jun, 23 2015 @ 12:10 PM
link   
It is not the average user who needs to be continually subjected to new and innovative login schemes. It is the business community who needs to be continually updating their security protocols to prevent those with a vested interest from getting to that login information.

Fingerprints, retinal scans, and dna are useless if the server storing that information is breached. The problem needs to be addressed at the IT level, not the consumer level.



posted on Jun, 23 2015 @ 12:25 PM
link   
More sites should accept keys. One of the first things I do when getting a new server is setup ssh keys and disable entry by password.

a reply to: Klassified

That's definitely a part of it. It's not just a problem of lazy system admin who has a crappy password, either. Having setup complex systems before, once it's laid out, you can be weary of wanting to update anything and have bits screw up as a result. A proper admin will have a test environment setup to run updates, and a private repo setup to pull the screened updates to the servers at regular intervals. It's a bit of work, but a corporation should not be doing any less.
edit on 23-6-2015 by pl3bscheese because: (no reason given)



posted on Jun, 23 2015 @ 02:07 PM
link   
a reply to: wasaka

well then.



I guess its an obvious reality that I just ignored.

TBH, it seems that there is no way around having passwords hacked. Even biometrics are easily faked. Any biometric is easily faked.



posted on Jun, 23 2015 @ 02:48 PM
link   

originally posted by: bigfatfurrytexan
a reply to: wasaka

TBH, it seems that there is no way around having passwords hacked.
Even biometrics are easily faked. Any biometric is easily faked.

Secure Quick Reliable Login (SQRL, pronounced “squirrel”)
is a free and open-source program designed by Steve Gibson



" This method is thought to be impervious to a brute force password attack or data breach. It shifts the burden of security away from the party requesting the authentication and closer to the operating system implementation of what is possible on the hardware, as well as to the user. " en.wikipedia.org...

This solution is a product of Bitcoin development,
perhaps a "connect with Bitcoin" feature would
greatly benefit to the entire world.



posted on Jun, 23 2015 @ 04:48 PM
link   
reminds me of that guy who was so confident that his personal information was flawlessly under lock and key that he put his soc number on the side of a van. needless to say, that was an idiot move.



posted on Jun, 23 2015 @ 07:12 PM
link   

originally posted by: wasaka

originally posted by: bigfatfurrytexan
at least for PC and tablet/phone based applications, i wonder when they will just do facial recognition. You have a camera pointing right at you while logging in, right?


An artist in Chicago, IL has come up with a controversial way to use 3D printing that is probably eons apart from anything you heard the technology being used for. Leonardo Selvaggio is selling 3D printed face masks that are replicas of his own face, as a way to defy facial recognition and surveillance technology.

The idea arose with Selvaggio’s frustration at being constantly “surveilled”. According to Selvaggio, Chicago is the “most widely surveilled city” in the United States and employs a hi-tech surveillance system of over 25,000 cameras all networked to a single facial recognition hub.

“Working as an artist in Chicago, the most widely surveilled city in the nation, and seeing how it has affect the way I behave and think about public space, I have an overwhelming urge to protect the public from such surveillance. Everyone has a right to privacy,” Selvaggio says.

"In an Indiegogo project dubbed URME (phonetically, "you’re me"), Selvaggio offers three ways to buy his face, all sold at cost. The first is as a photorealistic, 3-D printed and hand-painted prosthetic mask. At a glance, it appears real to cameras and people alike." www.fastcodesign.com...


There's another way to avoid facial rec, beards for men, veils for women. Did anyone notice the announcement that "beards are unhealthy"? The mainstream pushed this for a bit, implying fecal matter and other vile bio contaminants fester in nan-hair. Funny huh? Women need to bring veils and silk gloves back into fashion to get fix.

As far as passwords go....it's an illusion. The only protection from invasions are anonymous, encrypted ISPs, proxy servers, killswitch protocols, and third market soft/hardware without more than one administrative backdoor.



posted on Jun, 23 2015 @ 07:45 PM
link   
I saw this hack mentioned last week. I couldn't believe people would trust putting their passwords out in the cloud.

It's like walking around in a bad neighborhood at night with 100 dollar bills hanging out of your pockets...



posted on Jun, 24 2015 @ 08:03 AM
link   

originally posted by: bigfatfurrytexan
You have a camera pointing right at you while logging in, right?

Wrong, not one of the computers I use at home or at work has a camera.



posted on Jun, 24 2015 @ 08:15 AM
link   
Passwords in themselves are flawed for a evolving technological society, due to the nature of passwords.

All a password is, is encrypted characters you chose `1st as a password, and then the computer masks that word or phrase with even more characters that represent that characters you chose, this is called encryption, and can take on various traits based on the algorithm chosen for the encryption.

The combination of characters your computer has that equals to your password, such as if you used bubbles as your password your pc might have some code for it like this: e392 d34d 2i3d 034s d34d 39d9 9293 2929 2923, based on the encryption.

With moore's law, basic passwords as they are today will be crackable faster and faster as time and tech increased.

Yes the longer the password is the longer it take to crack ( also known as brute forcing ) there are other ways, such as spying, phishing and of course malware to make you basically click a link and sync up a remote view connection for the attacker.

The best passwords will be a usb key you'll carry on you with a ever changing hash code ( group of numbers and letters that will be the sum of the passcode for you )

This is already in use by some, and many in governmental agencies.



new topics

top topics



 
2

log in

join