In August, LastPass suffered a data breach that allowed hackers to access the LastPass source code. Let’s take a look at this situation and see what you need to do to maintain proper password security moving forward.
LastPass Was the Victim, Not Customers or Employees
The password manager’s report details that no customers or employees had their data accessed; rather, the attackers explicitly stole the password manager’s proprietary code. This isn’t nearly as bad as it sounds (although it sure is bad) since most proprietary software uses many bits and pieces of open-source components, something which allows them to be documented or modified more easily. Suffice it to say that the source code might be helpful for attackers, but it’s not going to be the end-all-be-all.
This is one of the big reasons why open-source projects are so popular and helpful, as you have multiple different people constantly working on them and updating them to take care of any security issues that pop up.
A Proper Password Manager Isn’t That Valuable to the Hacker
Imagine the password manager is a bank where you can deposit or withdraw money. In this case, the passwords and credentials are the money, stored in a vault for security purposes. You might think that if someone breaks into the bank, your money is at risk, i.e. your passwords are at risk. In reality, this isn’t quite how a password manager operates.
Returning to the bank comparison, the vault is filled with safety deposit boxes that are only brought out when you need them. You’ll have your master key (the password to the vault), as well as some other type of secondary authentication method that is generated right then and there. Without this secondary code, you won’t be able to access the safety deposit box.
The bank itself doesn’t have the key to your vault, therefore they cannot allow someone else to access your vault, whether that person is a criminal or someone from a law enforcement agency. This is how a password manager works. It stores and encrypts your passwords, and you are the only one who knows the password to access them all.
There Is Good Reason to use a Password Manager
There are several reasons to use a good password manager. Here are just a few of them.
- A decent password manager helps reinforce password best practices, in that it condenses the tens and dozens of passwords you should be remembering into a single password that is supported by multi-factor authentication. Some people tend to put off using unique passwords, but the password manager makes it easier to do so.
- A decent password manager can help you come up with better passwords, preventing you from using recognizable patterns. Many users opt to include personal or sensitive information in their passwords. A good password manager can help you avoid these dangerous practices by giving you the ability to generate new ones.
- A decent password manager will stop you from recycling passwords. A password manager can make it easier to use different passwords by notifying you if you have used them elsewhere, which is particularly handy if you ever get involved in a data breach.
- A decent password manager will help protect you from phishing sites. A password manager will use more scrutiny with logins like Facebook and Gmail, allowing you to more effectively protect your credentials.
Obviously, a Data Breach is Not Good
It’s not a great thing to experience a data breach, but it could have been much, much worse. If you want to ensure that your business is safe on all fronts, contact Nexela at (215) 525-3223. Our trusted technicians will keep a close watch on your security so you never have to worry about the latest threats again.