A friend of mine, Igor Odnovorov, always said, “Convenience is the enemy of security.” This recently hit home for me and many others.
I have used the LastPass password manager for years. I made sure to investigate how the company protects user data, and it was clear that they did not maintain any keys or the ability to decrypt your data, except using your “master password.” The proverbial one key that rules them all. This makes it very convenient to store and retrieve all your passwords, especially if you use the random password generator.
One Point of Failure
Recently LastPass announced a security breach, which I have been following closely both as a product user and security practitioner. Last week, they sent this announcement. If you read closely it indicates that “the threat actor was also able to copy a backup of customer vault data from the encrypted storage container.” This means that someone now has my password vault, although not my master password.
They continue to explain that “the threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took.” So now the big questions: “How secure is my master password,” and “Can any information that might be available on the Dark web from other breaches be used to hack my master password. Recalling my master password, I know it’s unique, but how hard would it be to crack?
Many Consequences
So now I start thinking about what’s in my LastPass vault if they were to get in. All of my email, financial accounts and any other important accounts are protected with traditional MFA or 2FA, whatever the spe ..
Support the originator by clicking the read the rest link below.
