The pedestrian advice journalists and experts currently recommend to users and organizations ranges from changing passwords to enabling MFA to ditch LastPass or password managers altogether.
Going by averages, a conservative estimate, an additional 2.5 billion leaked credentials will be sold on the dark web sooner than any of us expect. A study commissioned by NordPass last year found that the average user has around 100 passwords for websites and services. LastPass celebrated reaching 25 million users in 2020.
Even though we are assured by LastPass that no attacker can crack the password vaults due to the AES-256 encryption and Zero Knowledge architecture, we can conclude from research and personal experience that many master passwords are weak, reused, and more easily guessable than high entropy passwords. On December 22, we learned that the hacker also accessed backups of credential vaults. The company assured its customers that credentials were not compromised in the incident.
LastPass informed its customers that leaked sensitive data, including email, phone, billing address, and the IP address of users while using the service. Happy Friday and enjoy resetting your passwords this weekend.Earlier in December, we learned that LastPass customers’ data was stolen in a security incident. Lastly, if you plan to move away from LastPass, and trust me, I have considered it, you still need to consider resetting all your passwords in your vault. Have you restarted your web browser today to install the latest updates? Also make a note in your calendar to restart your Windows machine later next week, patch Tuesday is the 14th. Passwords are only one part of the security puzzle, ensuring MFA is turned on and Operating Systems and applications are up to date with security patches is also critical. Luckily all my passwords were already unique, long, strong and complex but even so, it was a timely reminder that we cannot be complacent and should regularly review and uplift our own personal security posture where possible. That also answers the question of what I did last weekend and what I will be doing this weekend. In many cases I have also decided to reduce my digital footprint by deleting unused online accounts. I have used LastPass personally for over 5 years, so I took it as an opportunity to start resetting the 200+ passwords in my vault. It includes an easy-to-follow flow diagram stepping you through the requirements for your configuration - whether you use it personally or for business. We wrote this article trying to simplify the information. There was a ton of information, and it can be difficult to know where to start, and what your risk is. If you are a LastPass customer (or personal user), I'm sure you have some concerns about their most recent breach information and what action you should take.
0 kommentar(er)
