LastPass keeper of passwords confirms system breach

LastPassLogoShadow

Password management isn’t as simple as it should be. Everyone recommends using unique passwords for every account you use, in addition the same people will heavily recommend each of these should be complex. With the ever increasing amount of accounts we use every day remembering all of your passwords simply isn’t as easy as it used to be.

This problem has seen the rise of password manager tools, where you would only need to remember the one password and the tool will securely contain all your other passwords within. Some password management systems also have the ability to access your passwords from any device, meaning if enabled your passwords get uploaded into the cloud. This of course is a big convenience, but putting all your passwords together on a single companies cloud is equally a big risk.

LastPass a leader in password management issued a statement this week that their system containing everyone’s passwords had been breached. Despite the system breach LastPass is remaining optimistic claiming their numerous encryption methods will keep users passwords secure.

The numerous encryption methods include passwords being salted, hashed and stretched. Salting is where random characters are inserted into each word so the same password would not produce the same encrypted text. Hashing is where the text is rearranged cryptographically so a slight change in the original password doesn’t produce a similar encrypted version. Finally stretching is the method of running the hashing part many more times over. All of these measures, especially when applied together make cracking the outputted encryption code almost impossible to break.

Even with these measures in place LastPass is issuing emails to users to reset their master password and advising enable 2-factor authentication.

An important lesson to lean is be careful where you keep your own passwords and no matter how secure you believe your IT system and network security is, so must be your data and not all encryption is equal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s