LastPass security breach linked to $35 million stolen in crypto heists
www.theverge.com
Researchers found that almost every victim was a LastPass user.

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • Karyoplasma@discuss.tchncs.deEnglish
    16·
    1 year ago

    Forcing a password change after a period of time has shown to make people gravitate towards the simplest passwords that are still within the policy or other, even less secure, solutions. That’s why security standards nowadays advise to not implement forced password changes.

    • Sarsoar@lemmy.worldEnglish
      3·
      1 year ago

      My last job got around the “make people gravitate towards the simplest passwords” issue by giving you a list of 10 randomly generated strings you could pick. ( you could refresh the list a few times though)

      So what happened anyways, like the person you are replying to said, is we had passwords written everywhere. One guy kept a sticky not on the back of his badge (which got turned around alot so he would walk around with his password showing), another kept it on a sticky under his keyboard, and just in general we would find passwords written everywhere.

    • drphungky@lemmy.worldEnglish
      1·
      1 year ago

      My password manager password has been the same for years, and is like 30+ characters long. All my passwords since I started using it are random ass strings of letters, numbers and symbols. It’s great.

      My work windows password that needs changed every 3 months? Guess who’s on [SIMPLE PASSWORD]8! and about to change to [SIMPLE PASSWORD]9!?