this post was submitted on 25 Nov 2023
1 points (100.0% liked)
Ethereum
5 readers
1 users here now
Resources
- Website & Blog
- White Paper & Yellow Paper
- Documentation & Stack Exchange
- Learn Solidity
- Source Code on Github
- Bounty program
- Chat on Gitter
- Network Status & Gas Price Market
- List of DApps
- Meetups
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sadly no. LastPass was hacked last year, and a lot of people have had their wallets drained. So having your seed online is never truly safe.
Lol, all you people parroting the LP hack… if any of you read the incident report, there was only very basic metadata like company names, veiling addresses, etc which was not tied to specific users. No encrypted notes or credentials were taken at all. That’s not how PWM’s work.
How is that? Even if I give you my password for Google you won't be able to sign in to my account.
Yes, but if you have your seed phrase in an online container, and the container gets hacked, the 2FA doesn't do anything. The hacker can recreate your wallet from the seed.
I am talking about storing the seed in the Google account, aka Google keep. The likelihood of Google getting hacked is much lower than my house burning down and taking with it all cold storage.
What is the likelihood those people had either reused their master password elsewhere or that the password strength was very weak?
Google will automatically block any sign in from a new device, so even with a compromised password, access is not granted.
Lastpass hack made 2FA completely irrelevant because hacker got access to the password databases directly. They can at their leisure try to bruteforce passwords for all of these accounts.
what accounts?