'One billion' affected by Yahoo hack

[lettice]

I use 3 different PCs, 2 tablets and 2 android phones to access password-protected sites. Can I install lastpass on all of them and have them synchronise passwords so I can still use any one of them at any time? Are the password vaults stored locally or only on the web?

Ta.

https://lastpass.com/features/

If you need something more depth, check out the Twit network Security now Lastpass run throughs that Steve Gibson regularly does and he delves deep down into its workings.
Even one he did with the CEO of LastPass.

[marjohn56]

I for one don't allow the devices to remember passwords, except for a few sites that are read only and/or contain no personal data. I always copy and paste password from mSecure, tedious I know but it's something I've now got used to doing.

- - - Updated - - -

https://lastpass.com/features/

If you need something more depth, check out the Twit network Security now Lastpass run throughs that Steve Gibson regularly does and he delves deep down into its workings.
Even one he did with the CEO of LastPass.

Look very interesting, I think I'll run it up.

The only thing that concerns me is that if it automatically completes the password and login, what happens if someone has access to your device, albeit that's unlikely I know.

[lettice]

Look very interesting, I think I'll run it up.

The only thing that concerns me is that if it automatically completes the password and login, what happens if someone has access to your device, albeit that's unlikely I know.

Just use the lastpass Master password reprompt
https://lastpass.com/support.php?cmd=showfaq&id=7656

[Scubbie]

Well I see that Yahoo! sent out their statutory email last night/early this morning and Sky have followed with their email this afternoon.

In case there is anyone unsure you should have received an email for any affected account from Yahoo! but it appears that Sky has sent out an email for everyone.

If you intend to continue and have a Yahoo! or Sky email account (see previous posts in this thread) then my personal advice would be:

• Do change the password for each and every Yahoo! and Sky email address if you didn't already do so earlier this year
• For any Yahoo! email addresses check the security information and any potential recovery information too, such as secret information
• If you are a member of any Yahoo! Groups, it may be worth posting a message their too as many could be affected who are no longer active, but a friendly request will help with the group's security
• Don't use the same password on all your email accounts
• If you don't wish to use a password safe, such as 'Last Pass', then use another method to keep your passwords easier to remember. One option might be to use a theme, for example 'the scientific names of plants'
• Don't use obvious passwords. There are many examples but one might be dates of birth and anniversaries, others include names of pets. The worst example is 'Password' or 'Password123'
• Don't write down your password. Find some other method if you need to remember it
• Do keep your computer, tablet and phone secure. Back up your data regularly and consider encrypting the device
• Don't open any suspicious emails. Recently I've noted a rise in the number of spam emails. They appear to have urgent messages that need my attention and all come with an attachment. Don't open it! If it appears from a legitimate source (i.e. Sky) send it to the 'Spam' email address as an attachment so that it can be dealt with

I know it's a pain, but please do use different passwords for any groups and forums you are a member of to that of your email address/es too. Whilst SkyUser does it's best to ensure that things are safe, sadly this hasn't been the case with a variety of sites already.

Finally, of sad note is just how long it's taken for Yahoo! to let people know that they were hacked. In both cases (earlier in September and this latest instance) the hacking took place more than a couple of years ago. With this in mind please consider changing your passwords periodically. One place I worked at required everyone to change their password for the mainframe sign on once a month or every 30 days. PCs don't have this automatic requirement, but it is worth thinking about this, or at least changing your passwords once every 3-6 months.