@Ravenlight said:
@Chavtheworld said:
I almost did check this out once, but it just seems like a target for people to aim for. If that thing is storing my passwords and autocompleting them, then they're in there and accessible for anyone who wants at them. And then they get all my passwords, and not just one. What's your thoughts on it?
Well, the only way for anyone to get into your Lastpass account is to break your Lastpass password. Being that you only need one password if you use Lastpass, you can devote your brainpower to remembering only one ultra-secure password, rather than 20 iffy ones. As always, your password is only safe as long as you remain smart about your security practices. If you share a computer with your mom who installs every toolbar and clicks on every advertisement, you're probably going to get pwned by malware eventually.
If you're still hella paranoid, you can go the extra mile and check out this article.
Cheers for that article.
@Subjugation said:
Yeah, I have to imagine something on their end isn't ultra secure. I've never had anything of mine hacked before, yet I got the email notification a while back (I actually made a thread about it) that some evil doer in China had attempted to log into my account with my password. My password isn't something simple like chinadontcare1234 either. I kind of wish there was a GW2 authenticator like the one Blizzard has, as in an actual physical authenticator. Even though I don't play any Blizzard games anymore, that thing gave me peace of mind.
Was fairly sure I couldn't be alone in thinking something was a bit iffy, security wise.
@MattyFTM said:
@Chavtheworld said:
@akzo said:
use a nonsense phrase that you will remember. Something like thebigorangewaterofasia, or something like that. It's much much harder to crack than say an eight digit password with symbols, numbers and upper lower case. Easier to remember as well.
Not by brute force it isn't - adding symbols increases the number of possible combinations so much more!
No, that's not the case. Length is far more important than symbols. Try it out at http://howsecureismypassword.net/ . "thebigorangewaterofasia" would take a desktop PC 2 quadrillion years to bruteforce. "L8£x@D0p" would take just five years to crack on a desktop PC. The main issue with those are, many sites have character limits on passwords, and it may not be possible to use such a long password on every site.
Ultimately though, I started using Lastpass a while ago. Using the same password on multiple sites just leaves you open to attack. There are so many password database breaches that have come to light recently, and I wouldn't be surprised if significantly more had been covered up or kept secret to avoid bad publicity. If someone hacks one account, they'll have access to all your accounts. Of course, it is theoretically possible for lastpass to be hacked and all your passwords out there, but lastpass' servers are super secure. It would take a hell of a hack. Plus, as a backup, have a unique, memorized password for your email address, and don't store that in Lastpass. Then, if the worst does come to the worst, you can still use password reset emails to gain access to your accounts. Also, use an email provider with two tier authentication, so even if someone does somehow hack your password, they can't access it.
Ultimately, you're never going to be 100% safe. That's impossible. But you can make it as difficult as possible for unwanted people to access your accounts.
The general consensus seems to be check out LastPass. I think I'll have to get on that some time. It doesn't store bank passwords and stuff right?
@TaliciaDragonsong said:
@Ravenlight said:
@Chavtheworld:
Get Lastpass and use it to remember complex passwords for you.
The best way to prevent against brute-forcing is to have a lengthy password with mixed case and special charcters. Lastpass has a password generator you can use to gin up your own. Something like this: uM7Z^GjbiAOruR4HN$eaz^JeQ#Ogh8m2
This, Lastpass' random generator is awesome. Just be sure to never forget your master password and if you're skittish write down (as in paper and pen!) your important ones. I know I do. Never been hacked or had my account stolen in any game. (which can just be luck, but still).
I was in the same boat using my current passwording scheme... Until yesterday :P So yeah, could just be luck haha. Or maybe LastPass is great!
Log in to comment