Silver Linings to LastPass Hack

LastPass Hack
Share Button

Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.

In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention from hackers.

In some ways, it might even be better to store this sort of encrypted password data locally on a piece of paper in your office. After all, these sophisticated hackers are more likely to be in China or Russia than they are in the cubicle down the hall from you.

But the good news about this story is that the hashes stolen were very well encrypted. The company noted that it has cryptographic protections in place on those master passwords, including “hashing” and “salting” functions designed to make cracking the underlying passwords nearly impossible. This should be enough to protect almost all of its users. Those who have not practiced proper password hygiene to date (i.e. using simple passwords or ones reused from other sites) may still be vulnerable.

In addition, LastPass offers two-factor authentication on their services, which will help minimize the impact of that breach. This serves as a good reminder that multi-factor authentication is an effective approach to minimize impact of breach on end-users. Is it inconvenient? Yes. But security is always on the other side of the see-saw from convenience and usability. Users should embrace this option, and even demand that their cloud providers "force two-factor authentication upon them". That way, even if (or more realistically when) their passwords are stolen, the underlying account cannot be compromised.

Related Posts

Fraud in the Time of Coronavirus As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.
Coronavirus and Cyberattacks: Tips to Keep your Customers Secure Fraud attacks are now on the rise, with malicious actors launching targeted phishing and malware attacks, capitalizing on the Coronavirus pandemic. Having a strong cybersecurity strategy in place has never been more critical.  

Leave a Reply

Your email address will not be published. Required fields are marked *