Siegrist explained that he doesn't think a lot of data would've been hacked, but just enough to capture a small number of user names and passwords. But the anomalies the company found when looking over its logs raised too much of a red flag. Speaking yesterday with PC World, LastPass CEO Joe Siegrist admits he may have been too "alarmist" in sounding the alarm bell over the potential security breach.
LASTPASS BREACH PASSWORD
Learn how your comment data is processed.Following yesterday's revelation of a likely security breach at password management company LastPass, the company's CEO is revealing more details about the incident and trying to offer some comfort and advice to his users. He is also the author of ‘Ruby for Penetration testing and Metasploit’ section of Penetration Testing Course Professional. He is the main developer of JustCryptItand IzzieCloud.
LASTPASS BREACH SOFTWARE
Password manager cannot protect from weak master passwords, services like LastPass can audit and monitor suspicious activities and offer policies to avoid data breach, but they cannot protect at all from password guessing.Īndrea Tarquini is an IT Security researcher and software analyst/developer at eLearnSecurity.
LASTPASS BREACH HOW TO
What advice would you give to companies how to keep passwords secure?Īlways the best thing to do is to train employees about basic security concepts.
As suggested by the LastPass team you should also enable multifactor authentication.
LASTPASS BREACH UPDATE
To fix this, you need to update it (and use a strong passphrase) and don’t use weak password reminder hints that may suggest a way to discover the master password to an attacker. The issue with LastPass is more on the users who use Weak Master Passwords. We use similar algorithms and strategies to implement client side encryption on IzzieDocs, our service to create and share secure documents on the google drive platform. Personally I don’t use LastPass but as reported by them, they use strong cryptographic algorithms and client side strategies (such as encryption/decryption) to protect their user data. Yes I will continue to use client side Password Managers. After hearing about this data breach, are you still going to use password service managers? I trust the common algorithms used by password managers, but the weakness about them is the complexity of the master password you choose. Personally I use client side only (and open-source) password managers like KeePass because as a geek and IT Security Researcher I’m a bit paranoid. Do you trust/use password service managers? We asked Andrea Tarquini, software analyst/developer, for his thoughts about security in Password service Managers. They advice users to update the Master Password especially when they send the email prompt. Steps were taken to ensure the security of the data such as having to verify the account via email when a user logs in from a new device/IP address.
LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256… This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.” “We are confident that our encryption measures are sufficient to protect the vast majority of users.” LastPass assures. The LastPass team had disovered and blocked suspicious network activity and have assured that no information was taken from their user vault. On a Monday, the company acknowledged in a post that they have been a target of a recent security breach where attackers accessed user email addresses, master passwords, and password reminder phrases. Password service manager, LastPass, was hacked. Home Blog postsLastPass Breach: Avoiding Data Compromise LastPass Breach: Avoiding Data Compromise