(reason: 550 5.4.1 [security@lastpass.com]: Recipient address rejected: Access denied) 
-
Show this thread
-
Replying to @taviso
FIPSmode Squad Retweeted Tavis Ormandy
almost exactly two years ago:https://twitter.com/taviso/status/769378052254015488 …
FIPSmode Squad added,
3 replies 0 retweets 8 likes -
Replying to @anthonypants
Hah, it turns out the majority of the crazy is concentrated around one particular vendor. I will definitely not look at them again, I don't even want to say their name.
3 replies 0 retweets 14 likes -
Replying to @taviso @anthonypants
Are you able to share your password management solution and/or vendor of choice?
1 reply 0 retweets 5 likes -
Replying to @EggcellenceLLC @anthonypants
KeePass and KeePassX are both good choices. If you really must use an online one, at least LastPass are responsive to researchers and have a competent security team, I would use them.
6 replies 6 retweets 35 likes -
You seriously consider LastPass competent? While they are responsive, they seem remarkably bad at producing secure software. As in: they fix the exact issue you report them, without checking for similar scenarios or adjusting their development process. Attack surface is massive.
2 replies 0 retweets 3 likes -
I consider them competent, I've reported some pretty complex issues and found they handle them well. Attack surface is definitely massive, I always recommend KeePass or just use a book if that's too complicated.
2 replies 1 retweet 10 likes -
People tell me they're going to use an online password manager and that's that, so i don't know, at least use one where they have a fully staffed security team who can handle reports quickly? Shrug.
1 reply 0 retweets 5 likes -
Your statement just seemed rather odd, because it's definitely possible to produce an online password manager without creating a massive attack surface, and at least some vendors do it while also processing vulnerability reports well.
2 replies 0 retweets 0 likes
I have not shared your experience 
-
-
You did report a vulnerability to 1Password, was it that bad? I don't have any experience with their vulnerability response, merely judging by the application design which is sane and well thought out. Unfortunately, it being a subscription-based product often makes it a no-go.
1 reply 0 retweets 0 likes -
Astonishingly bad, and strongly disagree.
3 replies 0 retweets 10 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.