While their advice ultimately did work, it did so by dismantling my MFA protection instead of working with it: it was a matter of fitting a square peg into a round hole, with advice that was designed for a problem that I did not have - that was, in some ways, the opposite of my problem. Moreover, when I did figure out how to get into my email, I saw that what they sent me looked slipshod and off-target, and might thus confuse or be ignored by some users.
Instead, they sent me emails that I did not see until nine hours after my inquiry. In my case, when LastPass did respond, they ignored my request for contact by phone, because I could not get into my email account. They took hours to respond coherently they warned users that a response could require as long as three days and I saw complaints from users who were locked out of their accounts for weeks. The primary failing of LastPass in that situation was the poor quality of its tech support. LastPass, a popular password manager (PM), was a key part of the problem described in the previous post.
The present post explores in more detail both those problems and the resulting precautions. At the end of that post, I sketched out some precautions that seemed likely to protect against a recurrence of that unpleasant situation. In that situation, my MFA scheme left me unable to log into most of the websites I used most frequently. If you are really paranoid, use all 42 characters, which gets you almost 256 bits of entropy, which is considered unbreakable.In a previous post, I described a situation involving two-factor authentication (2FA, which counts as a form of multifactor authentication, or MFA). That will give you 128 bits of entropy, which should be enough for all but state actors. I recommend you use 22 rather than 16 characters for your password. I first whipped it up as a bash one-liner, then automated the process. put the empty string through and note the first three characters of the output). Then keep a note of the non-secret part of each (e.g amazon in this example), and a short hint as to the passphrase (e.g. BrownFluffyBatmobile), mangle them together somehow ('(amazon::BrownFluffyBatmobile)'), shove that through sha256, convert to base64, take the first 16 characters and use the result as your password. Basically take something like a website name (e.g. It's quite primitive, but I have my homemade password manager, which is naturally free of those free-for-a-while-then-premium bait-and-switch shenanigans we see again and again.
0 kommentar(er)
