http://allthingsd.com/20130426/livingsocial-hacked-more-than…
The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
The database that stores customer credit card information was not affected or accessed.
The database that stores merchants’ financial and banking information was not affected or accessed.
"(2) don't use password on more than one site."
dont use the same password will be hard, thats means you will need to record them which make this method isnt safe aswell.
oh, the livingsocial kept your creditcard number, make sure you login and remove them.
means you will need to record them which make this method isnt safe aswell.
I use keepass, but i suppose you could work record them safety.
password card is one example.
You could also have a base password, then adding a word somewhere into it.
What happens when keeppass or the app you are using gets hacked? ..
keepass is encrypted, so they need my master password.
If it is hacked, then i have to go through and reset about 100 accounts.
I don't store banking passwords on it though
I use LastPass and similarly don't keep my banking passwords on it.
My life would still be complete hell if it were hacked, but at least I'd still have some money!
We'll be discussing the "tips to keep you safe online" in this thread:
http://www.ozbargain.com.au/node/101497
As for me though,
I have been a paying customer for LastPass for a few years now where they remember the password for me, and keep them sync across multiple devices. Yeah I know "paying for something" on OzBargain — what am I thinking?! However as Davo has suggested there are quite a few alternatives.
I also do password generation base on a master password. Basically I wrote a simple script that
Anyway. This day and age there's really no excuse for re-using the same password across multiple sites.
So by the time you end up typing your 16 character long password, the deal would have been ozbargained..
That's why you (1) write a script to automate that (2) use cut and paste :)
Actually no, provided you're signed in to LastPass, LastPass types it (and your username) for you.
Scotty, I'm also a paid up LastPass customer, but I don't actually see what I'm getting.
I find their Android App is so slow to be completely pointless.
Is there something I'm missing (apart from supporting a service that I use daily financially)?
supporting a service that I use daily financially
That's a good thing, isn't it? :)
Well I am saying it on OzBargain that paying for service and keep the developers fed is a good thing. Otherwise you get ads, like on, hmmm ozbargain :)
Well it's $12/year but the only "feature" you get is mobile support. I actually use their Android app quite a bit although unfortunately the only integrated browser is Dolphin. It can be slow to log in depending on your connectivity. So if I'm sure my local DB is sync'ed, I'll just force a local login which is a lot faster.
keepass has a free app for android, works fine.
Yeah, I'm cool with supporting the Developer(s) of an awesome service.
Just like I'm cool to turn off Adblock here.
Part of my problem is that I "need" to upgrade my SGS to a more powerful beast to make LastPass Android usable. (however, it's perfectly fine for the majority of tasks)
And perhaps change my Master Password to be more mobile keyboard friendly.. At the moment I need to use 4 different keyboard screens and chop and change between them!
Lastpass was fine on my old Nexus One though, although their Android app sites leave a lot to be desired. Also I would really like more native integration like on Chrome for Android (although it's already available as plugin for Dolphin and Firefox on Android).
@Davo - I think what's attractive about lastpass is the synchronisation. Keepass Android sync is a lot more fiddly…
ahh yes, you're correct.
I've started using google drive with keepass. The shortcut on each desktop is directed at the keepass database on the Gdrive. I havent yet tried it with android, but so far with all my machines (including work computers) it seems to work fine.
Yeah this happened a few days ago, and it affects pretty much all LivingSocial sites. As LivingSocial is developed with Ruby on Rails, it was rumoured that it was hacked with recent ActiveRecord vulnerability.
The thing is, not all hash algorithm are the same. Some have vulnerability with bad clashes (md5), some are created for efficiency to quickly find hash value, and some are designed specifically to be slow to be used to product password hashes. We have no idea which one LivingSocial uses.
Anyway. This day and age you can pretty much be sure that website would be hacked sooner or later. This week it's LivingSocial, and next week it might be Amazon or OzBargain (!!) so make sure you (1) don't use common words as password (2) don't use password on more than one site.