![]() Of course, passwordless authentication may be the ultimate solution to the issue of password managers and breaches. While LastPass actually had a good name in the industry, the recent breaches have shown it is important to perform due diligence rather than simply going with a name you recognize. But it is important to remember that every digital convenience comes with risk.Īccording to Infosecurity Magazine, you do not need to write off password managers entirely, but you should recognize that some are better than others. Password managers are incredibly useful and convenient tools to make our lives easier and it’s hard to imagine life without them. By allowing bad actors to see what URLs people visit, they can create targeted phishing emails with customized scams. The latter points out the danger LastPass left unchecked by leaving its URLs unencrypted. But he is not LastPass’ only critic.Ĭalls for abandoning LastPass have ranged from CNET to Wired to The Verge. Of course, 1Password is a LastPass competitor and Goldberg does not pass up the opportunity to explain how, with 1Password, user data would be totally safe. It also assumes that users did not use their master password for any other accounts.Īdditionally, it might take a human a million years to crack an algorithm-generated password, but hackers use computers that are able to try billions of possibilities tirelessly. LastPass’ Weak Security ClaimsĪccording to Goldberg, the “million years” prerequisite assumes that users used the site’s algorithm to generate their passwords, which is often not the case. LastPass CEO Karim Toubba tried to calm the waters by writing on the company blog, “It would take millions of years to guess your master password using generally-available password-cracking technology.” However, the “million-years” quote has been debunked by several competitors, namely 1Password’s Principal Security Architect Jeffrey Goldberg, who published a follow-up blog post to refute the claim. They were able to do so by using information that was compromised in a prior security breach in August.īy stealing encryption keys, the threat actor gained access to an incredible array of information, including company and end-user names, email and billing addresses, telephone numbers, encrypted usernames and passwords, and unencrypted URLs. In December, the company blog revealed that a threat actor managed to steal encryption keys from a LastPass employee. ![]() LastPass enjoyed one of the best reputations as a password manager, both the free and paid versions - until now. LastPass users are now left to deal with the fallout from the hack, plus the bigger question: Is any password manager safe? Let’s dig deeper and find out. The password manager has come under fire for the way it stored certain sensitive information and for downplaying the severity of the attack. LastPass, a popular password storage platform, revealed last month that it had been hacked by a threat actor who gained access to a significant amount of personal customer information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |