HackerTrans
TopNewTrendsCommentsPastAskShowJobs

alex-

no profile record

comments

alex-
·4 ปีที่แล้ว·discuss
Yes, a secret key like this could have made this breach much less concerning. Assuming you trust the company to not also lose this data (that they generate and claim to not store). What I was really hoping to find was a paid, cross platform, cloud sync'ed solution that can be setup to require your password and physical key to decrypt. i.e. have 2FA protection from a data breach like this.
alex-
·4 ปีที่แล้ว·discuss
I initially assumed I would be safe because of 2FA. Sadly it looks like this is not the case, the second factor is used to access the encrypted data, not decrypt the data. As the attacker already has the encrypted data, they have bypassed the stage where 2FA is providing protection. This appears to also be the case for 1password and bitwarden, so not specifically a lastpass failure.
alex-
·4 ปีที่แล้ว·discuss
This makes me think of something Antoine de Saint-Exupery said, "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away."