Jump to content
The Future of WATMM (please read)
IGNORED

43 million passwords hacked in Last.fm breach

o00o

By o00o
in General Banter

 Share
Follow 0

Recommended Posts

doublename Grand Master

doublename

Posted
Posted (edited)

Yeah, 1password is great.

 

Last.fm on the other hand is a sad relic of the mid-2000s internet. So much potential squandered. 

Edited by doublename
Like Like ×
cloud capture Grand Master

cloud capture

Posted
Posted

I have a little notepad I've been neatly writing my login/pw down in for the last 15 yrs.  It's ridiculous how many different login/pw's I have.  This is also because I change important ones often.  On the positive side, I haven't had to reset a lost pw in a long time.

Like Like ×
eugene Grand Master

eugene

Posted
Posted
  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

yeah, did it become uncool in the last few years or something?

Like Like ×
caze Grand Master

caze

Posted
Posted

I still use it, used to use it to favourite new tracks, but rarely did that enough to actually keep track of everything I meant to. Been mostly using youtube for that these days.

Like Like ×
QQQ Mentor

QQQ

Posted
Posted (edited)
  On 9/2/2016 at 11:31 PM, eugene said:

 

  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

yeah, did it become uncool in the last few years or something?
they updated it at some point and now it's "last.fm beta". there are ads EVERYWHERE, the new design is ugly and i think they removed the radio and recommend music for non-paying members.

 

last.fm used to be my favourite and most visited website.

 

RIP old last.fm

Edited by QQQ
Like Like ×
  • 3 weeks later...
oscillik Grand Master

oscillik

Posted
Posted

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

Like Like ×

4z0gkb5h.jpg

o00o Grand Master

o00o

Posted
  • Author
Posted
  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

Like Like ×
oscillik Grand Master

oscillik

Posted
Posted (edited)
  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

Edited by oscillik
Like Like ×

4z0gkb5h.jpg

o00o Grand Master

o00o

Posted
  • Author
Posted
  On 9/19/2016 at 3:08 PM, oscillik said:

 

  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

 

 

Is it possible to still use these logins on a smartphone? how does the key work there? 

Like Like ×
oscillik Grand Master

oscillik

Posted
Posted
  On 9/19/2016 at 3:16 PM, o00o said:

 

  On 9/19/2016 at 3:08 PM, oscillik said:

 

  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

YubiKey-4-1000-2016-444x444.png

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

that key looks cool. Going to check this

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

Is it possible to still use these logins on a smartphone? how does the key work there?

I'll have to come back and give a proper response when I'm home after work, but there are a few ways.

 

In short, if you're the type that doesn't 'remember this device' when logging into your services, there's going be extra steps each time you log in.

 

If you're the type that doesn't mind 'remembering this device', then it's a bit easier for you, and also gives the added protection of a multi factor authentication method

Like Like ×

4z0gkb5h.jpg

mcbpete Grand Master

mcbpete

Posted
Posted

I think the question was more - How are you meant to plug it into devices that dont have full size USB ports

Like Like ×

I haven't eaten a Wagon Wheel since 07/11/07... ilovecubus.co.uk - 25ml of mp3 taken twice daily.

oscillik Grand Master

oscillik

Posted
Posted
  On 9/19/2016 at 3:31 PM, mcbpete said:

I think the question was more - How are you meant to plug it into devices that dont have full size USB ports

Yep, I know. I'm not going to try to reply to this in detail on a mobile phone, whilst I'm supposed to be refactoring PHP at work, though
Like Like ×

4z0gkb5h.jpg

oscillik Grand Master

oscillik

Posted
Posted

Okay, so in order to use the Yubikey in conjunction with a mobile phone, you're better off getting the Yubikey Neo which supports NFC - then services such as Google, Dropbox, etc will authenticate via NFC with your Yubikey.

 

If you don't have NFC on your mobile phone (or don't want to spend the extra money getting the Yubikey Neo), then you can authenticate using an alternative Multi Factor method:

 

Google, Dropbox, and LastPass allow you to use codes generated by the Google Authenticator app.

 

Here's Google's Multi Factor Authentication support pages for more information there.

 

Dropbox's help

 

LastPass's help

 

Even if you don't use a Yubikey, you can still benefit from Multifactor Authentication by using the Google Authenticator app

 

q7OMV2A.png

 

as you can see, I've got a few services set up on mine already

Like Like ×

4z0gkb5h.jpg

Bechuga Grand Master

Bechuga

Posted
Posted (edited)

I've decided to stop using Last fm, although not because of the data breach but because why on Earth do I care if other people see what I hear? A week on and there is no loss.

 

Plus it's nice to listen to music and not give a shit if the tags are right. The buggy scrobbler that kept crashing did not help.

Edited by Bechuga
Like Like ×

Nebraska Grand Master

Nebraska

Posted
Posted
  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

 

why did people use it in the first place? i never understood what it did besides tell everyone what you were listening to

Like Like ×
doublename Grand Master

doublename

Posted
Posted (edited)

When more people used it the site seemed to offer decent recommendations based on your listening habits. Not still much anymore.

Edited by doublename
Like Like ×
Ego
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Follow 0
Go to topic listing
Next unread topic

  • Recently Browsing   1 Member

×
Mentor
Your Current Rank
Mentor
1,548 points until your next rank
×