Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • NOT_RICK@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I heard people’s LastPass accounts were getting compromised after that theft, but I also don’t know how strong their master passwords were.

    • Zagorath
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Yeah at this point it’s considered likely that LastPass vaults are being cracked, based on LP being the common link between various other accounts that are being breeched.

      A small number of rounds of encryption being the default for users with old enough accounts is believed to be a significant part of the issue. It means even if their password was a good one, the vault can be brute forced comparatively quickly.

      • wols@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If their password was actually good (18+ random characters) it’s not feasible with current day technology to brute force, no matter how few PBKDF2 iterations were used.

        Obviously it’s still a big issue because in many cases people don’t use strong enough passwords (and apparently LastPass stored some of the information in plaintext) but a strong password is still good protection provided the encryption algorithm doesn’t have any known exploitable weaknesses.