EmailDiscussions.com - View Single Post - Necessary Security Discussion to start 2019 right

ioneja · 13 Jan 2019, 09:46 AM

This thread has me completely re-evaluating my security game plan... thanks again. I just discovered I have older Yubico keys that should be updated.

Plus, more importantly, and on a related note, I'm getting a little nervous about LastPass... it just dawned on me that I've given LastPass so much power in my life and for 15 minutes today, I couldn't remember my LastPass password. That freaked me out a little. I use Yubikey with LastPass too, and because of this thread I realized they still haven't updated to U2F or FIDO2.

During that brief period of panic when I couldn't remember my password, I caught up on LastPass security issues and password recovery and that did NOT make me feel more secure. In fact, I just didn't realize how consumer-friendly LastPass had become... it should be VERY hard for me to get back into my LastPass account. Eventually I remembered my password, and I was able to get back in... but even if I didn't remember it, there was still relatively too easy of a recovery method IMO. That really bugs me now about using such a consumer-friendly cloud password service. Not to mention I've never felt completely comfortable with my passwords relying on the cloud so much. So I think after this little experience, I'm going to migrate back to a self-managed approach for password management with open source software like KeePass.

Anyway, thanks again for a great thread. I think I have some more homework to do, but I will be more secure when I'm done.

13 Jan 2019, 09:46 AM	#34
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	This thread has me completely re-evaluating my security game plan... thanks again. I just discovered I have older Yubico keys that should be updated. Plus, more importantly, and on a related note, I'm getting a little nervous about LastPass... it just dawned on me that I've given LastPass so much power in my life and for 15 minutes today, I couldn't remember my LastPass password. That freaked me out a little. I use Yubikey with LastPass too, and because of this thread I realized they still haven't updated to U2F or FIDO2. During that brief period of panic when I couldn't remember my password, I caught up on LastPass security issues and password recovery and that did NOT make me feel more secure. In fact, I just didn't realize how consumer-friendly LastPass had become... it should be VERY hard for me to get back into my LastPass account. Eventually I remembered my password, and I was able to get back in... but even if I didn't remember it, there was still relatively too easy of a recovery method IMO. That really bugs me now about using such a consumer-friendly cloud password service. Not to mention I've never felt completely comfortable with my passwords relying on the cloud so much. So I think after this little experience, I'm going to migrate back to a self-managed approach for password management with open source software like KeePass. Anyway, thanks again for a great thread. I think I have some more homework to do, but I will be more secure when I'm done.