l****z
发帖数: 29846 | 1 【 以下文字转载自 USANews 讨论区 】
发信人: lczlcz (lcz), 信区: USANews
标 题: lastpass被黑了,用的人赶紧去改密码吧
发信站: BBS 未名空间站 (Mon Jun 15 19:09:40 2015, 美东)
One of the most popular password security companies just admitted it was
hacked
Cale Guthrie Weissman
Jun. 15, 2015, 3:27 PM
LastPass, a popular password manager program, just admitted it's been hacked.
In a blog post published today, LastPass’s Joe Siegrist writes, "The
investigation has shown ... that LastPass account email addresses, password
reminders, server per user salts, and authentication hashes were compromised
."
LastPass works by having users choose one strong master password that they
must remember. When they log into LastPass, they use this strong
authenticator to gain access to a list of all of their other passwords,
which are stored in encrypted form on LastPass' servers.
LastPass’ servers do hold a list of all of its users passwords, but because
they are encrypted (meaning they are heavily ciphered making it nearly
impossible to crack), it's highly unlikely any hackers would be able to
decrypt LastPass' password trove.
Further, the encryption and decryption happens on the users' devices,
meaning that LastPass has no way to access any of its users' non-ciphered
passwords.
It's important to note that this breach does not mean that hackers have full
access to the passwords of every LastPass user. What it does mean, however,
is that if users use a weak master password or have used the same password
for another website, there’s a likelihood that hackers could gain access.
To fix this, all LastPass users should change their master password if it is
weak. Also, users should implement multi factor authentication, making it
even harder for hackers to gain access.
Users, however, need not have need to change the passwords stored in
LastPass. | a*****y
发帖数: 33185 | 2 哈哈哈哈,我早就预见到有这一天了,把密码交给app管,最后app被hack了。 | s*****m
发帖数: 13092 | | n******n
发帖数: 12088 | 4 不怕黑?
【在 s*****m 的大作中提到】
: 只用keepass
| N*****m
发帖数: 42603 | 5 又不联网,在自己的机器上,怎么黑?
【在 n******n 的大作中提到】
: 不怕黑?
| N*****m
发帖数: 42603 | 6 好交钱,也够脑残的
【在 a*****y 的大作中提到】
: 哈哈哈哈,我早就预见到有这一天了,把密码交给app管,最后app被hack了。
| a*****g
发帖数: 19398 | 7 看起来反而比较可靠
hacked.
【在 l****z 的大作中提到】
: 【 以下文字转载自 USANews 讨论区 】
: 发信人: lczlcz (lcz), 信区: USANews
: 标 题: lastpass被黑了,用的人赶紧去改密码吧
: 发信站: BBS 未名空间站 (Mon Jun 15 19:09:40 2015, 美东)
: One of the most popular password security companies just admitted it was
: hacked
: Cale Guthrie Weissman
: Jun. 15, 2015, 3:27 PM
: LastPass, a popular password manager program, just admitted it's been hacked.
: In a blog post published today, LastPass’s Joe Siegrist writes, "The
|
|
