43 million passwords hacked in Last.fm breach

Yeah, 1password is great.

Last.fm on the other hand is a sad relic of the mid-2000s internet. So much potential squandered. 

I have a little notepad I've been neatly writing my login/pw down in for the last 15 yrs.  It's ridiculous how many different login/pw's I have.  This is also because I change important ones often.  On the positive side, I haven't had to reset a lost pw in a long time.

  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

yeah, did it become uncool in the last few years or something?

I still use it, used to use it to favourite new tracks, but rarely did that enough to actually keep track of everything I meant to. Been mostly using youtube for that these days.

  On 9/2/2016 at 11:31 PM, eugene said:

 

  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

yeah, did it become uncool in the last few years or something?

last.fm used to be my favourite and most visited website.

RIP old last.fm

I moved over to a paid LastPass account, and I use a Yubikey 4

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

What happens when you physically lose Yubikey?

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

that key looks cool. Going to check this

  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

https://www.yubico.com/products/yubikey-hardware/

  On 9/19/2016 at 3:08 PM, oscillik said:

 

  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

 

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

 

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

 

that key looks cool. Going to check this

 

 

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

 

Is it possible to still use these logins on a smartphone? how does the key work there? 

  On 9/19/2016 at 3:16 PM, o00o said:

 

  On 9/19/2016 at 3:08 PM, oscillik said:

 

  On 9/19/2016 at 2:53 PM, WNS000 said:

What happens when you physically lose Yubikey?

Solution 1: Buy multiple Yubikeys to associate with your accounts - pretty much everywhere that supports Yubikey allows multiple keys to be associated so that you can keep one (or more) in a safe place in case you lose it (I bought two so I could have a backup one just in case)

 

Solution 2: Don't be so fucking dozy, and keep your important shit close to you at all times.

  On 9/19/2016 at 2:57 PM, o00o said:

 

  On 9/18/2016 at 10:04 PM, oscillik said:

I moved over to a paid LastPass account, and I use a Yubikey 4

 

To secure everything and anything that supports it (Google, Dropbox, LastPass, etc).

 

Means even if someone does manage to get hold of my password for LastPass, or my Google account, they aren't getting in without that key.

 

  On 9/2/2016 at 6:32 PM, Joyrex said:

For the new forum I am thinking about implementing strong passwords and two-factor authentication...

That's a cool idea Joyrex, however I hope you're not thinking of using SMS as two-factor authentication - NIST announced recently that they regard it as insecure

that key looks cool. Going to check this

The one I have is the Yubikey 4, however you can go for the FIDO U2F version which is cheaper (but not supported by Lastpass)

 

https://www.yubico.com/products/yubikey-hardware/

Is it possible to still use these logins on a smartphone? how does the key work there?

In short, if you're the type that doesn't 'remember this device' when logging into your services, there's going be extra steps each time you log in.

If you're the type that doesn't mind 'remembering this device', then it's a bit easier for you, and also gives the added protection of a multi factor authentication method

I think the question was more - How are you meant to plug it into devices that dont have full size USB ports

  On 9/19/2016 at 3:31 PM, mcbpete said:

I think the question was more - How are you meant to plug it into devices that dont have full size USB ports

Okay, so in order to use the Yubikey in conjunction with a mobile phone, you're better off getting the Yubikey Neo which supports NFC - then services such as Google, Dropbox, etc will authenticate via NFC with your Yubikey.

If you don't have NFC on your mobile phone (or don't want to spend the extra money getting the Yubikey Neo), then you can authenticate using an alternative Multi Factor method:

Google, Dropbox, and LastPass allow you to use codes generated by the Google Authenticator app.

Here's Google's Multi Factor Authentication support pages for more information there.

Dropbox's help

LastPass's help

Even if you don't use a Yubikey, you can still benefit from Multifactor Authentication by using the Google Authenticator app

as you can see, I've got a few services set up on mine already

I've decided to stop using Last fm, although not because of the data breach but because why on Earth do I care if other people see what I hear? A week on and there is no loss.

Plus it's nice to listen to music and not give a shit if the tags are right. The buggy scrobbler that kept crashing did not help.

^ Yeah, it was just a waste of time for me.

  On 9/2/2016 at 7:56 PM, ghOsty said:

People still use last.fm?

why did people use it in the first place? i never understood what it did besides tell everyone what you were listening to

When more people used it the site seemed to offer decent recommendations based on your listening habits. Not still much anymore.

Yeah, recommendations, finding "friends" and notifications of incoming tours/events based on your listening stats.