And now it's eBay's turn.

[glricht]

'Page Not Available'. Apparently word got around fast, their password change page is overloaded.

Just changed mine about an hour ago and it went right through.

 

[LifelineIT]

I'm just paranoid about passwords existing anywhere but in my head. As often as they get breached anymore, this is irrelevant, but the idea still bugs me. I also worry that by not knowing my actual passwords, if anything happens to Lastpass, I'm screwed. I've had too many customers become reliant on their fingerprint readers and then lose access to everything when it breaks.

Fwiw, lastpass actually had a breach last year. However, because of the very ingenious way they hash and encrypt everything on their end, there was no actual breach. Maybe a few thousand salted, hashed session ids were snagged, but nothing could be done with them. Also, because they give you an OSK if you want it, as well as auto fill, as well as the ability to initiate the login from behind their wall, its even a safer option than punching in passwords if there may be a key logger or trojan onboard.

A few years ago Google tested a badass two step. You'd go to a page and enter your user id. Then it would show you a 3d barcode, which you would snap with your phone. That would ping Google and let you in, but only if you used a registered phone. No passwords to type in. It was awesome in hotels.

 

[coffee]

I have been reading various articles on breakins and such and most of them pretty much point out that its not so much the user side that gets broken into but the server side. They harvest the username/passwords/phonebook from the servers. I guess you still should change your passwords and such but it just sounds like a repeating issue until the providers come up with something more protective of their servers.

BTW - I used to use a text file with all my user/passwords in it. However, I switched to figaro's password manager 2 for linux.


coffee