On 2017-01-18 17:15, Mike Copeland wrote:
As you know, connections to LMI client machines (individual workstations) are controlled thru and managed at the LMI servers back at the LMI mothership. Lots of benefits and drawbacks to the approach, but it usually works pretty well.
So, if a baddo wants into your account, all they need is your login name and password for the Master user on the account. Getting the login name isn't hard since it's often your email address and attempts to connect to your account could be performed by an automated script running through a database of login names.
The password, though, is obviously a different issue, since I'm sure you used something extremely obtuse and long and convoluted!
LMI has always had a 'feature' that will lock the account, preventing access by anyone, for an unspecified period of time after X failed-attempts to login. It slows the script-kiddies down a LOT. (Usually it's 4 attempts and you're blocked for around 90 minutes.)
All that to say that the baddo's have a slow process to slog through to try to hack in.
And once they are in, they COULD use your account (I'm assuming it's paid for in advance and you figure it's easier to let it ride to expiration than get any refund, if any) to provide LMI service to other computers...but since you have removed the installs from YOUR computers, there's no risk.
I think you're safe. At the worst, a baddie will get LMI services for the remainder of your subscription and if you try to use it in the future it might not be accessible (since they'd likely change the master password.)
I had the 2-step verification on my account, anyway.