LastPass FTW! The attacker will reverse my password just to find a bunch of unusable bits :). What would be even cooler is an API on top of LastPass that sites like Zappos could hook into to force a behind-the-scenes change of passwords, similar to revoking a compromised certificate. Essentially, since there is some lead time after the breach is discovered and before the attacker manages to crack the long, random passwords, their efforts would be futile by the time they are done since all LastPass passwords would have already been changed.<p>Or we could just stop using passwords everywhere and not have this problem again. Anybody? Anybody?<p>Disclosure: I have no affiliation with LastPass beyond being a satisfied user.
Page gives me :
"We are so sorry – we are currently not accepting international traffic. If you have any questions please email us at help@zappos.com"<p>Anyone could paste/screenshot/... what there is to see ?
My thanks to Zappos for that email. It was enough for me to give my wife necessary suggestions to secure her associated accounts without alarming her.<p>It is probably worthwhile in these situations to provide basic implication info for laymen, i.e. implications of "your cryptographically scrambled password."
I've been having issues with Zappos for a couple days. I called up support yesterday and they said they were "upgrading the website and had bugs they were trying to get fixed." Not sure if this is related or just a coincidence.