• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 29 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered!
  • TUG started 29 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Check out our happy birthday post here: Happy Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Come check it out for a chance to win a Free TUG membership (or renewal) just for helping out!

    Read more here
  • TUG has now saved timeshare owners more than $19,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $19 Million dollars
  • Our 2022 Timeshare Survey is now complete and the full results as well as our expert and witty analysis of each question is available here: Here We hope you enjoy reading the results as much as we did!
  • Follow the TUG Member Banner as it travels the world on vacation with Timeshare owners! Also sign up to get the banner sent to you so you can submit a photo of your vacation with the banner to share with TUG! Banner Thread
  • Sign up to get the TUG Newsletter for free! 50,000+ subscribers! Latest resort reviews and the most important topics discussed by owners during the week!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    Read more Here
  • A few of the most common links here on the forums for newbies and guests!

Is Anyone Concerned About Their Password Manager (LifeLock and LastPass compromised)?

klpca

TUG Review Crew: Veteran
TUG Member
Joined
Sep 11, 2006
Messages
7,767
Reaction score
6,577
Points
749
Location
CA
Resorts Owned
SDO, Quarter House, Seapointe, Coronado Beach, HGVC Bay Club, Carlsbad Inn
I don't get the deal about changing passwords periodically.
If no one "found" your password in the last 90 days, I'd
think that means it's still a good password going forward.
.
I have always understood it that the compromised data (passwords, ssn's etc) are available for sale. You just don't know when it will happen. If you have been exposed in a data breach it's already out there. I know that the chrome password manager will tell you if you have a compromised password.

There's also the lag time where a company is unaware that the breach has occurred. I don't want to find out the hard way.
 

joestein

TUG Member
Joined
Jul 13, 2005
Messages
2,076
Reaction score
1,742
Points
524
Location
Marlboro, New Jersey
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
 

dioxide45

TUG Review Crew: Expert
TUG Member
Joined
May 20, 2006
Messages
41,506
Reaction score
14,023
Points
1,299
Location
NE Florida
Resorts Owned
Marriott's Grande Vista
Marriott's Harbour Lake
Sheraton Vistana Villages
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
It is rare that plain text passwords are compromised. What is compromised is usually encrypted passwords. The longer the password, the longer it would take them to decrypt it. Thus why you want longer passwords vs shorter but harder to remember ones;


As for basic sites, as long as you don't use the same password for sensitive sites such as banking or sites that may store your payment information then you should be fine. In either case, if you are using some kind of password keeper software (like the ones mentioned in the thread title), then why not create a complex password for all sites you sign up for since you don't need to actually remember them all.

Edited to add;
It seems that easy to remember phrases are good to use, easy to remember and still hard to crack; Something like "mydogwenthikingtobuysomecarswith50$"
 

sponger76

TUG Member
Joined
Jun 30, 2022
Messages
441
Reaction score
258
Points
113
Location
Texas
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
Each additional character makes the possible combinations to guess the password exponentially larger, which in turn means it takes exponentially longer to guess by brute force (trying different combinations over and over and over...). With a long enough password and enough possible characters to choose from (which is why adding in numbers and special characters is encouraged) for each space, it could take even a high-powered computer years to crack it. Shorter passwords, especially with only letters, can take considerably less time.
 

youppi

TUG Member
Joined
Apr 21, 2015
Messages
1,602
Reaction score
546
Points
224
Location
Montreal, Canada
It is rare that plain text passwords are compromised. What is compromised is usually encrypted passwords. The longer the password, the longer it would take them to decrypt it. Thus why you want longer passwords vs shorter but harder to remember ones;


As for basic sites, as long as you don't use the same password for sensitive sites such as banking or sites that may store your payment information then you should be fine. In either case, if you are using some kind of password keeper software (like the ones mentioned in the thread title), then why not create a complex password for all sites you sign up for since you don't need to actually remember them all.

Edited to add;
It seems that easy to remember phrases are good to use, easy to remember and still hard to crack; Something like "mydogwenthikingtobuysomecarswith50$"
a passphrase is very good as password and easier to remember it but you must create an unknown one like you did in your example and not use a common or famous citation like betterlatethennever, tobeornottobethatisthequestion because hackers may try those passphrases like they try password, abc123, qwerty, all other well known weak passwords and all compromise passwords from lists available on the dark web.
 

Breezy52

TUG Member
Joined
Apr 10, 2018
Messages
169
Reaction score
110
Points
104
Resorts Owned
Worldmark Platinum Owner
I use Last Pass. I use a very very difficult master password and yes now I've changed it. Since they were hacked, although all is encrypted, I've changed PW on all my financial accounts. I use the longest most complicated ones allowed by a given site. Unfortunately there are still many sites that have smallish password criteria.

The biggest change I've made is to eliminate allowing my main bank to have access to all my outside accounts. I liked that so I can see them in one place. Inconvenient but I don't trust that anymore. Also have been advised to never let your password manager know your email password. And I'm considering using more than one password manager thereby splitting up accounts. Sigh.....
 

joestein

TUG Member
Joined
Jul 13, 2005
Messages
2,076
Reaction score
1,742
Points
524
Location
Marlboro, New Jersey
I use Last Pass. I use a very very difficult master password and yes now I've changed it. Since they were hacked, although all is encrypted, I've changed PW on all my financial accounts. I use the longest most complicated ones allowed by a given site. Unfortunately there are still many sites that have smallish password criteria.

The biggest change I've made is to eliminate allowing my main bank to have access to all my outside accounts. I liked that so I can see them in one place. Inconvenient but I don't trust that anymore. Also have been advised to never let your password manager know your email password. And I'm considering using more than one password manager thereby splitting up accounts. Sigh....

My company offers me a free lastpass account, but I havent used it.
 

MdRef

Guest
Joined
Sep 15, 2021
Messages
1,302
Reaction score
1,257
Points
173
Resorts Owned
Las Vegas, Orlando
Use a password manger or don't use a password manger. We all make a choice. Any site that makes use of my personal information, financial information, SS number, DOB, etc. is stored elsewhere. Never on a computer with access to the web. More time consuming of course. Safer? Absolutely. I also change those passwords once a month, regardless. Irrational paranoia? Perhaps. I think of it as felicitous caution.

Nonetheless, an interesting article.

 

Breezy52

TUG Member
Joined
Apr 10, 2018
Messages
169
Reaction score
110
Points
104
Resorts Owned
Worldmark Platinum Owner
My company offers me a free lastpass account, but I havent used it.
I get it through my son’s family plan, which he gets from his employer. Part of what makes me trust it is that it’s a large international company that is still using it when they tell their employees to get off it I guess I will too.
 
Top