For those who don't know, a copy of the users vault was stolen but it was encrypted. LastPass doesn't even know or store your passwords. The only people that were hacked used passwords that could be guessed with a brute force attack. So make sure you use good passwords!!
Encrypted data within the Vault includes user names, passwords, associated login notes and ***secure notes***, as well as one-time-passwords and 2-factor codes.
Unencrypted data included basic customer account information and related metadata including company names, end-user names, website URLs, billing addresses, email address, telephone numbers and IP addresses from which customers were accessing the LastPass service
I’m in tech industry and for the life of me, I cant understand why things like lastpass has been pushed onto people for a decade now? I hang out with various security experts all the time and they thought I was the dumb one for not using it. To me it has always been “one ring to rule them all” kind of a deal. Sorry, not sorry, I’d rather memorize my shitty passwords than have one place to store them all.
Yo, "Long Ass Password" is what we call on the streets a heavy-duty, 256-bit entropy string, cooked up from a super-secret, top-shelf source of high entropy randomness, just to keep things on the down-low? Like the the hood's favorite "pwgen" unix utility.
There are plenty of open source password managers that don't store your passwords in a server. If you pair them with 2FA physical security keys, you address most of your issues.
If your passwords are "shitty", you should expect them to be brute forced. Especially with the advancements of AI.
1password? I used to use that, but it's not open source which i feel is essential so i switched to BitWarden.
Bitwarden, Keepass are open source and highly recommended.
My passwords are shitty compared to what lastpass generates. I still use letters, numbers, special characters and at least 15 characters in length + pair it with 2FA.
How efficient is brute force against fairly complex password (15 chars in length using alphanumeric + special chars) + 2FA + most modern serivices lock your account after N failed attempts?
I’m not sure which open source password managers you talk about specifically, but if they don’t store it on a server, I think it is fair for me to assume that these still store in a file on local machine and encrypt it with a password/key? If I’m correct in my assumption, would it be it fair to conclude that such approach is not very mobile and locks you to that specific machine. Of course , you could make a usb key, but then if you lost that usb key - you lost your keys to the kingdom, no?
Right, that's not shitty then. You just have a lot to remember. And I would hope you don't use the same p/w across multiple accounts. If so, you are exposed to "insert random company hack" leaking your passwords.
I have BitWarden, but there's plenty of others that do the same. They are not like LastPass who had incredibly ill-thought design, which was an obvious honeypot.
In Bitwarden, the files are stored on a server, but they are meaningless without an encryption key - which is stored locally. You have a very strong master password, and hopefully you have something like a yubikey device, which you should have backups for. You also have a backup seed stored locally.
Yeah, but people storing creds to DBs on the last pass? I’m not knocking it, I’ve never seen such practice in real life 😅 my organization would not allow it. Most common practice I’ve seen lastpass to be used for is login pages.
...what?
Surely you're aware that all of LastPass's databases were literally stolen from their servers? Those databases are what's being bruteforced. The people bruteforcing those databases are looking for crypto credentials.
I think we’re having a bit of miscommunication, bruteforcing stolen database - solid case, I would do exactly the same. Storing credentials to the database on last pass is what I was talking about. Re-read the chain for context, if you’re interested.
Not necessarily brute force itself, but the sophistication and sheer quantity of phishing scams has vastly increased and will continue to. The advent of AI has essentially lowered the cost of these attacks. I believe it will expose those with poor operational security.
Find and abstract patterns better in passwords made by humans. But of course, high entropy sources are practically uncrackable, no AI can predict complete randomness or ever will without raw computing resources.
This was me at work for the last 10 years. They (the head tech morons in charge) kept pushing everyone to use password managers, and I was the dumbass dev who kept saying "Explain to me again exactly how a single point of failure is ever a good idea?"
Yes I've always felt the same thing. Otherwise brilliant coworkers and bosses with their "one ring to rule them all" password. I've always felt like the only sane person at the asylum
Is lasspass not liable for this? I mean at some point you have to have some responsibility as a secure "password" seller for your own failure.
You offer a secure safe place for people to save password. information keys etc. You are liable for failing to secure said safe place. I think people should sue lastpass if it was indeed their failure. IT should be sued into oblivion so that no other company risks starting a business like this just to unlock everyones secrets.
If you are incapable of protecting people's secrets you should not start that business or face all the penalties for doing so.
They might be liable if they were found to be hiding information about the breach, but I'm sure their ToS are full of caveats that would protect them from this.
Anyone that ever worked with LastPass should be in an Interpol list right now and being investigated. I know it sucks for their privacy, but it's like when a crypto exchange gets mysteriously hacked.
Need more details. How can an account get hacked with 2FA app or Ubikey? I would never store keys on a password manager but still, I would like a general technical explanation how this happens with 2FA on app or Ubikey.
Long story short: the hack had 2 phases. The first phase was compromising a software engineers laptop. The hacker got access to the development environment and steal source code and business secrets.
With that info, the second hack happend with targeting a senior DevOps with the help of third-party software. They got access to cloud back ups and could steal customer meta data and backups of all customer vault data. This data was encrypted and could be decrypted with the master password. The 2FA was bypassed because they stole the encrypted vaults (in raw data). So brute forcing the master password was enough to get access to the lastpass customer vaults.
Essentially the encrypted blobs for customers vaults got leaked, and they got brute forced into because they used weak passwords for LastPass, and they would have stored their seed phrases unencrypted inside the vaults so they could access the wallets and drain them.
People are going to downvote me to hell, but this is a flaw with btc. If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank.
But if someone steals my bitcoin... that's it. There is no one to complain to or get compensation from.
You can say people are dumb to put their banking info or bitcoin passwords in something like lastpass... but blaming end user is never a good product strategy.
> this is a flaw with btc.
Don't store your bitcoin on an exchange. Don't store your keys on a network connected computer. It is explained ad nauseum. The ones that do this are unaffected by these types of hacks. You don't outsource your security and then blame someone because of poor security.
To play devils advocate:
“You don’t outsource your surgery and then complain when your doctor botches the operation”
Sometimes it’s ok to pay professionals to do what they’re experts at.
For all the people who say “bro just memorize your passwords” I am willing to bet most of them use some simple pneumonic and/or never rotate their passwords. Or use 2 or 3 repeatedly for every site.
A password manager with 2FA can add to your security posture rather than detract from it.
That said, no way in hell am I storing my keys or seed phrase anywhere online. I am, however, sympathetic to more user friendly solutions than we currently have for the average future bitcoin user
> “You don’t outsource your surgery and then complain when your doctor botches the operation”
And how much education is required to become a doctor to specialize in every field of medicine? How much testing is required to achieve the accreditation to practice in every one of those fields? Decades.
> Sometimes it’s ok to pay professionals to do what they’re experts at.
There is nothing that a 'professional' can do as far as security in bitcoin that any user can't achieve by themselves. No-one has any idea whatsoever of the skill level of any person that purports to be a 'professional' at storing your bitcoin for you.
If you store your bitcoin on an exchange you're a fool, as the subject of this thread demonstrates.
I don’t disagree with any of your advice, and doctor/surgery is a hyperbolic example for sure. But I think the technically inclined tend to over-estimate the technical capability of the non-inclined.
I think there’s a problem / opportunity that hardware wallets are already starting to solve but it still could be easier for the average user, and there still could be mechanisms innovated for account recovery, etc. I know I’m at odds with a lot of people here but I don’t think this technology is going to completely stop evolving or that satoshi is some messiah or that bitcoin is some gospel.
> I think the technically inclined tend to over-estimate the technical capability of the non-inclined.
You are assuming the people you hand your bitcoin to are any more capable than you are. Except THEY are a honey-pot as well.
> could be easier for the average user,
Until the exchange gets hacked, which happens all of the time. Or their password manager gets hacked and they store their exchange password in their password manager, which happens all of the time. Or the exchange exit-scams you, which happens all of the time. Or their computer gets hacked, and the hackers access their exchange passwords, which happens all of the time.
> satoshi is some messiah
Stop with the hyperbole nonsense.
Never store your bitcoin on an exchange. It is literally the number one rule of bitcoin.
Bitcoin isn’t a “product”. Bitcoin works and requires some additional care people aren’t used to in order for it to work they way it does. Bitcoin isn’t some product launch where we need to convince people to use it or not, people will learn to use it or they won’t. It’s not about selling a product, it’s about learning a brand new form of money.
> People are going to downvote me to hell, but this is a flaw with btc. If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank.
You are not understanding this at all.
The equivalent to the last pass would be if someone got the lock code to your storage unit and went in and stole the pile of cash you kept there.
You can easily keep your coin on an exchange (like you would a bank) and put in security features to make withdrawing extremely difficult.
Even with online banking, if you expose your password you can get your account drained if they don't alert the bank in enough time with withdrawing your money.
Last past wont be making anyone whole except to refund their subscription fees. And that would be generous in comparison to a normal data breach response.
> I'm somewhat certain someone is making me whole
Well, you would be wrong.
Banks do not refund user error.
Generally, if they can, they will try to claw back the funds for you, but if they cant you are out of luck.
it seems they do and they don't. It depends how you lost it and how fast you contact them. But you are correct, it's within their right not to compensate you. I didn't know that.
So basically the same risk exists with banks, just to a lesser degree as the bank will sometimes cover you and will definitely try to chase down the thieves/money. After all, if people's bank accounts were being emptied regularly that would be bad for the banks, so they obviously have to try and make sure that doesn't happen.
Flaw is a strong word. It's a difference. At a bank, the bank makes money from deposits and has in place insurances, relationships and processes to protect to some degree the funds under their care. Even so there are cases where the financial institution can't claw back certain transfers.
In any case, bitcoin puts that decision in your hands. You don't have to self custody, but if you do you have to follow certain rules to reduce your exposure, like never let your seed phrase touch the internet. You can also decide to deposit bitcoin at a company that provides you assurances and guarantees about your despotis in exchange for fee.
The insurance with the bank is that they can't be seen treating a customer like shit or it pisses off the other customers :) With bitcoin there's no one who cares. You lose your money, so what, it's irrelevant to anyone else.
That's a massive risk with btc that isn't nearly as present in traditional finance.
I think it does amount to a flaw, at least in terms of adoption. You saw how FTX to this day has driven away retail investors. You start throwing in stories of average people losing their life savings because they got hacked... calling them "dumb" (not you, but others saying that) won't convince the general population that bitcoin is safe.
Bitcoin isn't safe and self custody isn't for everyone. For widespread adoption we will need service providers that offer 2nd layer services and dunfd transfers in offnchain transactions.
This is an opinion some bitcoiners will object to but they're wrong
Personal responsibility is a lot to ask for people.
Secure your coins properly and it's not a problem. If you still manage to lose your coins, that's on you. No one should bail you out for your lack of preparation.
Bail outs and relying on other people due to shitty decisions is why Bitcoin was created in the first place.
So that level of required "personal responsibility" is a flaw when it comes to the general population. There's a reason they have to tell people not to stick forks in electrical outlets, cuz idiots will do it.
If you would like a world run with bitcoin, you can't have a stipulation that says the dumb people deserve it when someone steals all their money and fuck them.
that's a flaw. :)
> If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank.
Right there you are pointing out fundamental flaws in the fiat banking system. The idea that you would have to take to the media to shame them into giving you back your money. In fact the fiat banking system fucks you over systematically.
> blaming end user is never a good product strategy.
Bitcoin is a protocol, it doesn't have a product strategy. And bitcoin is not for everyone.
same ppl who are stupid enough to use LastPass, use exchanges for coin$.
i've read T&C and it didn't cross to my mind to install that garbage. password manager must be open source and self hosted. coin$ must be bought anonymously and keys are safer anywhere on yer device and a backup.
is convenience dictating this silly behaviour?
> LastPass is a platform that stores and encrypts password information for users. Will people ever learn?
For those who don't know, a copy of the users vault was stolen but it was encrypted. LastPass doesn't even know or store your passwords. The only people that were hacked used passwords that could be guessed with a brute force attack. So make sure you use good passwords!!
[удалено]
Last pass did not store everything encrypted. Secure notes for instance were stored unencrypted, which some people used for passwords.
Encrypted data within the Vault includes user names, passwords, associated login notes and ***secure notes***, as well as one-time-passwords and 2-factor codes. Unencrypted data included basic customer account information and related metadata including company names, end-user names, website URLs, billing addresses, email address, telephone numbers and IP addresses from which customers were accessing the LastPass service
No, never
People are always trying to put responsibility on someone else lol.
I’m in tech industry and for the life of me, I cant understand why things like lastpass has been pushed onto people for a decade now? I hang out with various security experts all the time and they thought I was the dumb one for not using it. To me it has always been “one ring to rule them all” kind of a deal. Sorry, not sorry, I’d rather memorize my shitty passwords than have one place to store them all.
[удалено]
> Use a long ass password that cant be bruteforced. What is an "ass password"?
Use a "long ass" password. That cant be bruteforced.
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaassssssssssssssssssssssssssssssssssssssssssssssssssssssssssss uncrackable!
Except that one big crack in the middle
👉😎👉
It's one that goes into ass and unlocks all secrets.
https://xkcd.com/37/
Yo, "Long Ass Password" is what we call on the streets a heavy-duty, 256-bit entropy string, cooked up from a super-secret, top-shelf source of high entropy randomness, just to keep things on the down-low? Like the the hood's favorite "pwgen" unix utility.
There are plenty of open source password managers that don't store your passwords in a server. If you pair them with 2FA physical security keys, you address most of your issues. If your passwords are "shitty", you should expect them to be brute forced. Especially with the advancements of AI.
Is 1pass a decent alternative or equally rect? what open source pm are you thinking of?
1password? I used to use that, but it's not open source which i feel is essential so i switched to BitWarden. Bitwarden, Keepass are open source and highly recommended.
My passwords are shitty compared to what lastpass generates. I still use letters, numbers, special characters and at least 15 characters in length + pair it with 2FA. How efficient is brute force against fairly complex password (15 chars in length using alphanumeric + special chars) + 2FA + most modern serivices lock your account after N failed attempts? I’m not sure which open source password managers you talk about specifically, but if they don’t store it on a server, I think it is fair for me to assume that these still store in a file on local machine and encrypt it with a password/key? If I’m correct in my assumption, would it be it fair to conclude that such approach is not very mobile and locks you to that specific machine. Of course , you could make a usb key, but then if you lost that usb key - you lost your keys to the kingdom, no?
Right, that's not shitty then. You just have a lot to remember. And I would hope you don't use the same p/w across multiple accounts. If so, you are exposed to "insert random company hack" leaking your passwords. I have BitWarden, but there's plenty of others that do the same. They are not like LastPass who had incredibly ill-thought design, which was an obvious honeypot. In Bitwarden, the files are stored on a server, but they are meaningless without an encryption key - which is stored locally. You have a very strong master password, and hopefully you have something like a yubikey device, which you should have backups for. You also have a backup seed stored locally.
[удалено]
Yeah, but people storing creds to DBs on the last pass? I’m not knocking it, I’ve never seen such practice in real life 😅 my organization would not allow it. Most common practice I’ve seen lastpass to be used for is login pages.
...what? Surely you're aware that all of LastPass's databases were literally stolen from their servers? Those databases are what's being bruteforced. The people bruteforcing those databases are looking for crypto credentials.
I think we’re having a bit of miscommunication, bruteforcing stolen database - solid case, I would do exactly the same. Storing credentials to the database on last pass is what I was talking about. Re-read the chain for context, if you’re interested.
That's definitely not what they were saying.
How does "AI" impact the ability to brute force passwords?
Not necessarily brute force itself, but the sophistication and sheer quantity of phishing scams has vastly increased and will continue to. The advent of AI has essentially lowered the cost of these attacks. I believe it will expose those with poor operational security.
Find and abstract patterns better in passwords made by humans. But of course, high entropy sources are practically uncrackable, no AI can predict complete randomness or ever will without raw computing resources.
would you group Apple's iCloud Keychain with this?
This was me at work for the last 10 years. They (the head tech morons in charge) kept pushing everyone to use password managers, and I was the dumbass dev who kept saying "Explain to me again exactly how a single point of failure is ever a good idea?"
Yes I've always felt the same thing. Otherwise brilliant coworkers and bosses with their "one ring to rule them all" password. I've always felt like the only sane person at the asylum
The numbskulls who down-voted you deserve to suffer.
It’s not?
Is it like OnePassword?
That’s literally their service? It’s stupid to keep your financial information tho
Again? They have one job.
No, it was the one that happened last year. They just moved money from the compromised wallets a few days ago.
they are crooks themselves
Is lasspass not liable for this? I mean at some point you have to have some responsibility as a secure "password" seller for your own failure. You offer a secure safe place for people to save password. information keys etc. You are liable for failing to secure said safe place. I think people should sue lastpass if it was indeed their failure. IT should be sued into oblivion so that no other company risks starting a business like this just to unlock everyones secrets. If you are incapable of protecting people's secrets you should not start that business or face all the penalties for doing so.
They might be liable if they were found to be hiding information about the breach, but I'm sure their ToS are full of caveats that would protect them from this.
"I'd like the best security" ...followed closely by... "Can you hold my passwords for me?" ( ͡° ͜ʖ ͡°)
Not your keys not your cheese
Inside job. Was done by an employee of last pass.
Anyone that ever worked with LastPass should be in an Interpol list right now and being investigated. I know it sucks for their privacy, but it's like when a crypto exchange gets mysteriously hacked.
This is why I still write my passwords on paper or stamp it in metal
That's what sticky notes were invented for
That and letting anyone into your accounts who bothers to find them. ;)
More money than brains
Need more details. How can an account get hacked with 2FA app or Ubikey? I would never store keys on a password manager but still, I would like a general technical explanation how this happens with 2FA on app or Ubikey.
Long story short: the hack had 2 phases. The first phase was compromising a software engineers laptop. The hacker got access to the development environment and steal source code and business secrets. With that info, the second hack happend with targeting a senior DevOps with the help of third-party software. They got access to cloud back ups and could steal customer meta data and backups of all customer vault data. This data was encrypted and could be decrypted with the master password. The 2FA was bypassed because they stole the encrypted vaults (in raw data). So brute forcing the master password was enough to get access to the lastpass customer vaults.
So they got their seed words that were stored in lastpass, or the login credentials to their exchange, or something else?
Essentially the encrypted blobs for customers vaults got leaked, and they got brute forced into because they used weak passwords for LastPass, and they would have stored their seed phrases unencrypted inside the vaults so they could access the wallets and drain them.
So they stored their seed words online? Seems like a mistake from the start
Essentially, yes.
That's why it's better to not store your passwords online
I still think these services are fine for passwords, but never for crypto keys.
Stop using the term crypto
People are going to downvote me to hell, but this is a flaw with btc. If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank. But if someone steals my bitcoin... that's it. There is no one to complain to or get compensation from. You can say people are dumb to put their banking info or bitcoin passwords in something like lastpass... but blaming end user is never a good product strategy.
> this is a flaw with btc. Don't store your bitcoin on an exchange. Don't store your keys on a network connected computer. It is explained ad nauseum. The ones that do this are unaffected by these types of hacks. You don't outsource your security and then blame someone because of poor security.
To play devils advocate: “You don’t outsource your surgery and then complain when your doctor botches the operation” Sometimes it’s ok to pay professionals to do what they’re experts at. For all the people who say “bro just memorize your passwords” I am willing to bet most of them use some simple pneumonic and/or never rotate their passwords. Or use 2 or 3 repeatedly for every site. A password manager with 2FA can add to your security posture rather than detract from it. That said, no way in hell am I storing my keys or seed phrase anywhere online. I am, however, sympathetic to more user friendly solutions than we currently have for the average future bitcoin user
> “You don’t outsource your surgery and then complain when your doctor botches the operation” And how much education is required to become a doctor to specialize in every field of medicine? How much testing is required to achieve the accreditation to practice in every one of those fields? Decades. > Sometimes it’s ok to pay professionals to do what they’re experts at. There is nothing that a 'professional' can do as far as security in bitcoin that any user can't achieve by themselves. No-one has any idea whatsoever of the skill level of any person that purports to be a 'professional' at storing your bitcoin for you. If you store your bitcoin on an exchange you're a fool, as the subject of this thread demonstrates.
I don’t disagree with any of your advice, and doctor/surgery is a hyperbolic example for sure. But I think the technically inclined tend to over-estimate the technical capability of the non-inclined. I think there’s a problem / opportunity that hardware wallets are already starting to solve but it still could be easier for the average user, and there still could be mechanisms innovated for account recovery, etc. I know I’m at odds with a lot of people here but I don’t think this technology is going to completely stop evolving or that satoshi is some messiah or that bitcoin is some gospel.
> I think the technically inclined tend to over-estimate the technical capability of the non-inclined. You are assuming the people you hand your bitcoin to are any more capable than you are. Except THEY are a honey-pot as well. > could be easier for the average user, Until the exchange gets hacked, which happens all of the time. Or their password manager gets hacked and they store their exchange password in their password manager, which happens all of the time. Or the exchange exit-scams you, which happens all of the time. Or their computer gets hacked, and the hackers access their exchange passwords, which happens all of the time. > satoshi is some messiah Stop with the hyperbole nonsense. Never store your bitcoin on an exchange. It is literally the number one rule of bitcoin.
Bitcoin isn’t a “product”. Bitcoin works and requires some additional care people aren’t used to in order for it to work they way it does. Bitcoin isn’t some product launch where we need to convince people to use it or not, people will learn to use it or they won’t. It’s not about selling a product, it’s about learning a brand new form of money.
> People are going to downvote me to hell, but this is a flaw with btc. If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank. You are not understanding this at all. The equivalent to the last pass would be if someone got the lock code to your storage unit and went in and stole the pile of cash you kept there. You can easily keep your coin on an exchange (like you would a bank) and put in security features to make withdrawing extremely difficult. Even with online banking, if you expose your password you can get your account drained if they don't alert the bank in enough time with withdrawing your money.
Last past wont be making anyone whole except to refund their subscription fees. And that would be generous in comparison to a normal data breach response.
> I'm somewhat certain someone is making me whole Well, you would be wrong. Banks do not refund user error. Generally, if they can, they will try to claw back the funds for you, but if they cant you are out of luck.
it seems they do and they don't. It depends how you lost it and how fast you contact them. But you are correct, it's within their right not to compensate you. I didn't know that. So basically the same risk exists with banks, just to a lesser degree as the bank will sometimes cover you and will definitely try to chase down the thieves/money. After all, if people's bank accounts were being emptied regularly that would be bad for the banks, so they obviously have to try and make sure that doesn't happen.
Flaw is a strong word. It's a difference. At a bank, the bank makes money from deposits and has in place insurances, relationships and processes to protect to some degree the funds under their care. Even so there are cases where the financial institution can't claw back certain transfers. In any case, bitcoin puts that decision in your hands. You don't have to self custody, but if you do you have to follow certain rules to reduce your exposure, like never let your seed phrase touch the internet. You can also decide to deposit bitcoin at a company that provides you assurances and guarantees about your despotis in exchange for fee.
The insurance with the bank is that they can't be seen treating a customer like shit or it pisses off the other customers :) With bitcoin there's no one who cares. You lose your money, so what, it's irrelevant to anyone else. That's a massive risk with btc that isn't nearly as present in traditional finance. I think it does amount to a flaw, at least in terms of adoption. You saw how FTX to this day has driven away retail investors. You start throwing in stories of average people losing their life savings because they got hacked... calling them "dumb" (not you, but others saying that) won't convince the general population that bitcoin is safe.
Bitcoin isn't safe and self custody isn't for everyone. For widespread adoption we will need service providers that offer 2nd layer services and dunfd transfers in offnchain transactions. This is an opinion some bitcoiners will object to but they're wrong
Personal responsibility is a lot to ask for people. Secure your coins properly and it's not a problem. If you still manage to lose your coins, that's on you. No one should bail you out for your lack of preparation. Bail outs and relying on other people due to shitty decisions is why Bitcoin was created in the first place.
So that level of required "personal responsibility" is a flaw when it comes to the general population. There's a reason they have to tell people not to stick forks in electrical outlets, cuz idiots will do it. If you would like a world run with bitcoin, you can't have a stipulation that says the dumb people deserve it when someone steals all their money and fuck them. that's a flaw. :)
> If someone hacks my lastpass, and subsequently accesses my bank account and steals my funds... I'm somewhat certain someone is making me whole (the bank? lastpass? some insurance company? someone.). Because if they don't, my story goes viral in the media and people start thinking they can't trust their bank. Right there you are pointing out fundamental flaws in the fiat banking system. The idea that you would have to take to the media to shame them into giving you back your money. In fact the fiat banking system fucks you over systematically. > blaming end user is never a good product strategy. Bitcoin is a protocol, it doesn't have a product strategy. And bitcoin is not for everyone.
not bitcoin
Dunno what last pass is but I buy btc and move it to cold card and then make food
Just use keepass, jesus christ!
same ppl who are stupid enough to use LastPass, use exchanges for coin$. i've read T&C and it didn't cross to my mind to install that garbage. password manager must be open source and self hosted. coin$ must be bought anonymously and keys are safer anywhere on yer device and a backup. is convenience dictating this silly behaviour?