Ad Image

The LastPass Security Breach: How Bad Is It?



By Damien Hugoo, Product Manager, Easy Solutions

Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users’ email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords.

In general, we are not a fan of password management tools. While they provide convenience, a central repository of any sensitive data is always going to garner greater attention from hackers. In some ways, it might even be better to store this sort of encrypted password data locally on a piece of paper in your office. After all, these sophisticated hackers are more likely to be in China or Russia than they are in the cubicle down the hall from you.

But the good news about this story is that the hashes stolen were very well encrypted. The company noted that it has cryptographic protections in place on those master passwords, including “hashing” and “salting” functions designed to make cracking the underlying passwords nearly impossible. This should be enough to protect almost all of its users. Those who have not practiced proper password hygiene to date (i.e. using simple passwords or ones reused from other sites) may still be vulnerable.

In addition, LastPass offers two-factor authentication on their services, which will help minimize the impact of that breach. This serves as a good reminder that multi-factor authentication is an effective approach to minimize impact of breach on end-users. Is it inconvenient? Yes. But security is always on the other side of the see-saw from convenience and usability. Users should embrace this option, and even demand that their cloud providers “force two-factor authentication upon them”. That way, even if (or more realistically when) their passwords are stolen, the underlying account cannot be compromised.

Damien Hugoo is a technology professional with 10 years of experience in creating, building and deploying digital software products for the financial services industry. Today, Damien serves as the product manager at Easy Solutions, where he plays a key role in the creation of innovative and comprehensive fraud prevention and detection solutions.

This post originally appeared on Easy Solutions’ blog.

Share This

Related Posts