I get that having multiple passwords for each and every online service that you use can be a pain. But it make you more secure which is why I keep encouraging users to do that. I also get that to keep yourself sane you may require a password management system to keep track of all those passwords. The problem with that is that if you pick something that is cloud based, you run the risk of it being hacked and your digital life being left in a state where it is under threat.
Today, we’re being provided a great example of that with the news that popular cloud based password management service LastPass was hacked. Here’s what the company said on their blog:
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Lovely. Here’s what they are doing about it:
An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.
Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.
Now, if you need a product to keep track of your passwords, it should be local to your devices and not be cloud based. Such an application is eWallet which I reviewed here and while it does have the ability to sync over WiFi to keep all your devices up to date, it only does a sync to devices that are paired to each other, such as an iPhone and a Mac, and only on the same WiFi network. Your data doesn’t take a trip to the cloud so you don’t get exposed to this sort of hack.
In the meantime, if you’re a LastPass user, I’d strongly suggest taking their advice. Then I would strongly suggest reconsidering your password management strategy as this sort of hack could have catastrophic results for end users.
Like this:
Like Loading...
Related
This entry was posted on June 16, 2015 at 10:17 am and is filed under Commentary with tags Hacked, Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Password Service LastPass Hacked…. Users Asked To Change Master Password
I get that having multiple passwords for each and every online service that you use can be a pain. But it make you more secure which is why I keep encouraging users to do that. I also get that to keep yourself sane you may require a password management system to keep track of all those passwords. The problem with that is that if you pick something that is cloud based, you run the risk of it being hacked and your digital life being left in a state where it is under threat.
Today, we’re being provided a great example of that with the news that popular cloud based password management service LastPass was hacked. Here’s what the company said on their blog:
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Lovely. Here’s what they are doing about it:
An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.
Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.
Now, if you need a product to keep track of your passwords, it should be local to your devices and not be cloud based. Such an application is eWallet which I reviewed here and while it does have the ability to sync over WiFi to keep all your devices up to date, it only does a sync to devices that are paired to each other, such as an iPhone and a Mac, and only on the same WiFi network. Your data doesn’t take a trip to the cloud so you don’t get exposed to this sort of hack.
In the meantime, if you’re a LastPass user, I’d strongly suggest taking their advice. Then I would strongly suggest reconsidering your password management strategy as this sort of hack could have catastrophic results for end users.
Share this:
Like this:
Related
This entry was posted on June 16, 2015 at 10:17 am and is filed under Commentary with tags Hacked, Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.