In mid June, password management company LastPass
In 2011, LastPass noticed some anomalies in its network that lead employees to believe that it had been hacked. Although the company did not find exact evidence that it had, it asked all of its users to change their master passwords. While this new attack has not necessitated any master password changes and the company insists that it’s “cyberattack response worked as designed,” it brings up questions about how secure password data really is.
The company said that it has no evidence showing that user accounts were accessed, and that it is confident that the encryption and hashing techniques used would keep data safe. A hashing algorithm is a way of taking a plain text password and turning it into an indecipherable string of numbers. This is accomplished through a very complex mathematical equation that can only be done one way and not reversed without the encryption key. According to LastPass, the company hashes user passwords hundreds of thousands of times, which makes it very difficult to decrypt. Because of its confidence in the system, LastPass has said that users don’t need to change their password.
“Encrypted user vaults were not compromised, so no data stored in your vault is at risk (including form fill profiles, secure notes, site usernames and passwords),” According to LastPass’s blog.
The company warned that if users utilize their LastPass master password for other websites, they should change it and not use the same password on multiple sites.
Moving Forward
The LastPass breach is a perfect example of how even if you have good cybersecurity in place, you can still experience breaches and have data compromised. In order to be as secure as possible it’s best to have multiple layers of security. This will ensure that any threats are discovered and dealt with properly. While attacks like the one that happened to LastPass are never going to end, if you’re ready for them, your information will still be safer.
Faronics’ Endpoint Security is a highly successful approach to security. It protects on four different levels with programs designed specifically for each level. Everything works together to help ensure that if there is a threat, it will be identified and blocked or eliminated.