Mutahar uploaded a video talking about the LastPass breach and I wanted to share some thoughts.
Personally, I find it really disappointing that Mutahar says that using notepads and text files is an acceptable method, and in interest of ‘not shilling’ any particular service, never mentions using an offline password manager like Keepass. This has lead to people flooding the comments saying how right they were for using insecure methods like writing it down in plaintext or just memorizing them all (which is probably them just memorizing permutations of the same shitty password) and how they will NEVER trust any password manager and how “stupid” they are as a concept etc etc.
People aren’t going to take away his advice to find a secure solution, they’ll instead just take away the idea that “LastPass bad, LastPass = password manager therefore password manager = bad”
IMO, Mutahar has ended up just validating people’s uninformed assumptions instead of properly educating them. Way to go I guess…
Unfortunately many people will never understand that because they’ve left the video thinking “Ha fuck password managers, I’m the smartest for writing it down in a notebook! All those people are stupid!”
SomeOrdinaryGamers should probably stick to producing gaming content in my opinion.
(I’ve never watched the guy nor I plan to, but his yt name suggests he produces Gaming content, please don’t get offended people)
Youtube is full of unresearched content taken from a blog post or something.Very few produce “good content”; few being Techlore and The hated one. It’s advisable for anyone looking for digital privacy and security, not to listen to the advice of some gaming youtuber who shares their thoughts occasionally on privacy and security stuff. I would also suggest people to get off of Youtube.
You all seem interested in lastpass:
Get off of it.
Last day I recieved an email from someone asking me to give their thoughts on this video. Spoiler alert: It’s similarly bad. Let me know your thoughts.
I don’t know why you’re so negative about this video. In his video he recommends storaging your passwords vaults on a local server or computer. He says that you need strong passwords and shows how you can check that so saying because he doesn’t mention keepass that is leads people to use shitty passwords is just wrong. He isn’t saying a notepad is a acceptable methode he is saying that he doesn’t judge what you’re using. Saying that he uninformed people is just wrong. He says how you need strong passwords and because his content isn’t all about privacy and security maybe new people gone care about it.
I think saying you need to use this this and this service for privacy and sercurity is just the wrong way to educate people.
From what I understood from this video, he is explaining why strong and unique passwords are much better than using the same bad password everywhere like on forums with open source software. Using strong passwords and storing them on your own device, even in plaintext, would eliminate the main threat he explained which was combo lists used on other sites.
It would also be much harder to obtain the passwords if they were stored in the notes app on the phone, and the malware would have to know it is the password and what site it was used on, as well as the username or email. People who use the same username or email on all sites wouldn’t need to keep that in their notes, and malware would have to be placed on the device before that can be exfiltrated (kind of like air-gaped systems).
Still would be better to use KeypassXC or Bitwarden, but the video still delivers a good message that you need strong and unique passwords for every site and going 2 steps forward and 1 step back is still better than standing in the same place. We all started somewhere, people starting may begin in ways we don’t agree with but it is better they get educated about ways to secure things piece by piece so they don’t get overloaded.
That was also how I understood it, your “password manager” can be a plain text file on your computer as long as the passwords are strong and unique for each website.
And? what’s wrong with keeping track of them in a notebook? there’s nothing stupid about that. Muta is less a “you want privacy? here’s exactly how to do that” type of person and just informs people, gives a couple suggestions, and lets other people make decisions based on that information. Using a physical notebook to store passwords is just as fine as using a digital password manager.
People have a tendency to stick to the idea “if it ain’t broke don’t fix it.” I doubt most of the people who were like “fuck password managers” will ever switch to secure Password managers.
I suppose I don’t have to go on a rant of how storing passwords on paper notes or in a plain text is a bad idea.
He could have explained how lastpass did a crappy job of storing customer metadata unencrypted, used dated algorithims etc in simple terms and then recommded better password managers such as Keepass. (1password also uses PBKDF2 which is crackable using currently avaliable GPUs if the password is not significantly long enough(30 chars).).
