And for those situations where the original password is retrieved, the attacker would need to understand the significance of the numbers and letters you used.įor example – a simple formula (for a US person): take the first 3 characters of the entity asking for a password, upper case the middle letter, remember the last 4 digits of your childhood zip code, and pick two symbols to use all the time – maybe “!” and Now make your password using the 1st character of the entity+ first symbol+zip+next two chars of entity+last symbol. Most passwords are stored hashed so the original characters are not retrievable. Done appropriately, they’ll have complex passwords that can be easily remembered.Īnd lest you think once the password is hacked, the attacker will now know all your passwords, it usually doesn’t work that way.
Now they only have to remember one thing. So your data is at risk all the time.Īlthough there is no perfect solution, one suggestion I give to my user base is to come up with a single formula for generating a password that can be used at the majority of sites that need passwords. Not to mention, no system is un-hackable, period. And this lax security posture applies to all the other entities you deal with as well. So far the track record has been dismal with just about every large business having one or more breaches. Unfortunately, unless you are paying cash, you are at the mercy of just how serious the business you are buying from is about the security surrounding your credit card/debit card info, and any other personal data you may need to supply. If it’s in the cloud, it will be compromised. I’m not sure how many more examples of compromised cloud service providers and/or businesses holding our data we are going to need before it becomes painfully clear that this is not the way to go. Now You: do you use an online password manager, or a local one? (via Born) Online password managers offer comfortable options to sync passwords across all devices, but they add another attack vector when compared to local password manager solutions such as KeePass. Changing the master password may also be an option, but only if the leak comes from a third-party source and not LastPass directly. LastPass customers may want to add two-factor authentication to their accounts to better protect it against unauthorized login attempts. Options to protect the accounts with two-factor authentication are available as well.
LastPass is an online password management service customers may sign-in online to access their account using a master password. Some of the users who reported the issue online stated that their master passwords are unique and not used elsewhere, which, if true, eliminates the third-party breach scenario. LastPass has no indication that accounts were successfully accessed or that its service was compromised, according to the response.