In addition to making all of these vaults that much easier to crack, that’s a hell of a way to treat your long-standing customers. Some older customers found that they were still at 500 iterations or even lower. If you haven’t already checked, check the iterations on your account – I’ve been a paying customer for seven years and my account was still left at 5000 iterations. However, they never publicized the default or how to change the iterations to whatever LP’s current default was and, worse, represented that they had automatically upgraded the iterations on every account as security standards increased but did not actually do so. LP says that you should be safe IF your iteration count was set at LP’s “default” of over 100,000 iterations - if your current iteration count was less and your vault got cracked, well, they made it clear that this would be the customer’s fault. There was absolutely no good reason for LP to store this unencrypted were out in the open meaning that anyone who got the vault now knows to target you with phishing campaigns that are much more credible because they are coming specifically from the sites and accounts that you visit and reference specific details about you.
Sure, maybe your passwords were still encrypted but all the information about sites you visited, such as the URL, etc. LP had certain very sensitive data that wasn’t even encrypted in the vault that was taken. The reasons included:ġPassword has an extra layer of security between the vault and your password which, as has been noted, means that simply sealing the vault – even if they have your password, does not permit people to access the vault. Last month I moved to 1Password and changed all my passwords. Like you, I was with LP for at least seven years as a paid Premium member.
0 kommentar(er)
