June 2015: Password Manager LastPass Breached

LastPass Breached

Recently LastPass, a popular password manager, announced that it had discovered suspicious activity on its network. No encrypted user vault data was taken, but the hackers were able to steal information about client email addresses, password reminders, and encrypted versions of master passwords. LastPass is confident their encryption algorithms, but it might still be possible to crack these master passwords, especially if a generic and weak password was used.

LastPass has stated that they will be prompting users to update their master passwords to further ensure the security of the accounts. They have also updated the system to alert clients by email if an unknown machine attempts to login.  


What is a Password Manager?

Password managers are a secure way to keep track of passwords across the internet. Many allow you to generate strong, random passwords for the website and store the password in a vault so the user never has to remember the password. The only password the user has to remember is the Master Password for the password manager account. This allows users to use a different password for every website and increase security on their accounts. However, this also means that the Master Password becomes a high value target, for it would unlock the passwords to countless other sites. For this reason, it is recommended that one uses strong password techniques and multi-factor authentication if it is available.

<-Read more back-issues of the Security Awareness eNewsletter