The tricky part of this is that some keys are for former customers with many PoCs that have themselves left.
Vent: I have customer API keys in my secure notes, and while luckily not many and most are easily changeable, the fact is they're there. Many of them are probably dead and gone, but still, it's not like I can just follow "We recommend you change your passwords!" type of guidance so easily. Vent: I have 1000s of passwords in there. I need the flexibility of it being on PC, Mac, Android, and others, so KeePass is out of the question. My trust in any hosted provider is now generally broken, but I still want the convenience. Is anyone realistically looking at other providers (bitwarden hosted, dashlane, 1password, etc.?). If the data is truly offline and in the hands of the adversary, MFA is no longer in play, correct? There's nothing online to authenticate against, so unless the MFA process salted the password somehow, I can't see how MFA protects anymore. The length is obviously strong and is a nonsensical sentence, but in the end, the words are dictionary. I have a 30-character master password in the "correct horse battery staple" XKCD style, so more of a passphrase. Cannot live without it and gladly pay the renewal for premium every year. I'm an avid LastPass user have been for years. I also just need to vent on a few of these. I have questions about the LastPass breach that extend past my area of expertise. Throwaway account for obvious reasons, but I'm a common lurker and contributor to r/sysadmin.
0 kommentar(er)
