- #106
vela
Staff Emeritus
Science Advisor
Homework Helper
Education Advisor
- 16,098
- 2,745
According to Gosney, much of the vault was unencrypted, so there is no need to crack the master password to access a lot of the information. This revelation is the one I found most surprising. Like others, I assumed the entire vault would be encrypted since that would have been the obvious design choice when storing a vault in the cloud.fluidistic said:the entire encrypted vault of people, meaning that if they could crack the master password, they would gain access to the personal info of people.
The assumption should be that a breach will happen allowing crackers to get a copy of the vault, and the goal should be to design the software so it is still prohibitively difficult for the crackers to access any information inside the vault. LastPass, the password manager, clearly doesn't meet this criterion. That's a problem with the LastPass software.Vanadium 50 said:Can the PWM company lose their customer data. Sure. Every company can, many have, and those that haven't just haven't yet. Many, likely most of these, have had an "inside man", so it's only a matter of time. That's certainly a problem, but it's not the PWM's problem. Maybe it's PWM Corps's problem, but so long as they don't keep your master password (I don't believe any of the major PWMs do) it's not a PWM problem.