Jump to content
IGNORED

43 million passwords hacked in Last.fm breach

o00o

By o00o
in General Banter

Recommended Posts

cloud capture Grand Master

cloud capture

Posted
Posted

I have a little notepad I've been neatly writing my login/pw down in for the last 15 yrs.  It's ridiculous how many different login/pw's I have.  This is also because I change important ones often.  On the positive side, I haven't had to reset a lost pw in a long time.

Link to comment
Share on other sites
caze Grand Master

caze

Posted
Posted

I still use it, used to use it to favourite new tracks, but rarely did that enough to actually keep track of everything I meant to. Been mostly using youtube for that these days.

Link to comment
Share on other sites
QQQ Mentor

QQQ

Posted
Posted

 

People still use last.fm?

yeah, did it become uncool in the last few years or something?
they updated it at some point and now it's "last.fm beta". there are ads EVERYWHERE, the new design is ugly and i think they removed the radio and recommend music for non-paying members.

 

last.fm used to be my favourite and most visited website.

 

RIP old last.fm

Link to comment
Share on other sites
  • 3 weeks later...
oscillik Grand Master

oscillik

Posted
Posted

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

Link to comment
Share on other sites
o00o Grand Master

o00o

Posted
  • Author
Posted

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

 

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

Link to comment
Share on other sites
o00o Grand Master

o00o

Posted
  • Author
Posted

 

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

 

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

 

 

Is it possible to still use these logins on a smartphone? how does the key work there? 

Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

 

 

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

that key looks cool. Going to check this

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

Is it possible to still use these logins on a smartphone? how does the key work there?

I'll have to come back and give a proper response when I'm home after work, but there are a few ways.

 

In short, if you're the type that doesn't 'remember this device' when logging into your services, there's going be extra steps each time you log in.

 

If you're the type that doesn't mind 'remembering this device', then it's a bit easier for you, and also gives the added protection of a multi factor authentication method

Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

I think the question was more - How are you meant to plug it into devices that dont have full size USB ports

Yep, I know. I'm not going to try to reply to this in detail on a mobile phone, whilst I'm supposed to be refactoring PHP at work, though
Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

Okay, so in order to use the Yubikey in conjunction with a mobile phone, you're better off getting the Yubikey Neo which supports NFC - then services such as Google, Dropbox, etc will authenticate via NFC with your Yubikey.

 

If you don't have NFC on your mobile phone (or don't want to spend the extra money getting the Yubikey Neo), then you can authenticate using an alternative Multi Factor method:

 

Google, Dropbox, and LastPass allow you to use codes generated by the Google Authenticator app.

 

Here's Google's Multi Factor Authentication support pages for more information there.

 

Dropbox's help

 

LastPass's help

 

Even if you don't use a Yubikey, you can still benefit from Multifactor Authentication by using the Google Authenticator app

 

q7OMV2A.png

 

as you can see, I've got a few services set up on mine already

Link to comment
Share on other sites
Bechuga Grand Master

Bechuga

Posted
Posted

I've decided to stop using Last fm, although not because of the data breach but because why on Earth do I care if other people see what I hear? A week on and there is no loss.

 

Plus it's nice to listen to music and not give a shit if the tags are right. The buggy scrobbler that kept crashing did not help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.