I’m guessing you’re in favor of counterfeiting currency, then?
I’m guessing you’re in favor of counterfeiting currency, then?
The problem was that they were grandfathering existing users without notification every time they increased their PBKDF2 iterations. I think the current recommendation is 100,100 iterations, and LastPass was implementing that for new users. But it wasn’t updating that for existing users, resulting in some having as few as 5000 iterations, making that user’s encrypted data much easier to crack. You could change the iterations in the settings, but that required knowing that you needed to do this, and LastPass should have either changed it automatically or notified users that they needed to change it.
I was paying LastPass to be the security expert so I didn’t have to learn all the ins and outs of data encryption, and they failed at that task.
Depends on where your workstation is. If somebody breaks into my house and is in my office 10ft from where I sleep, them seeing my passwords is the least of my concerns.
FWIW, I do use a password manager. But writing things down offline isn’t that bad, depending on the situation.
In cases like this, creating artificial scarcity is very important. Without scarcity, no producer would finance new movies because there’s no way to make back their initial investment. So just like with patents, we create artificial scarcity by giving the people who made the movie exclusive rights to decide who can watch it.
Even though scarcity isn’t enforced upon us like with most goods, it’s in literally everyone’s best interest to create (and enforce) that scarcity.