Potential LastPass Break-in Disclosed by LastPass

Subject: General Tech | May 5, 2011 - 06:05 PM |
Tagged: security, lastpass

One of the most important parts of security is authentication. A lot of our methods of authentication online revolve around passwords. There is an expectation these days that you are required to remember large passwords composed of completely random characters including numbers and symbols each unique from each other in the event that one source compromises the password you provide it. This necessity confronts our human nature of having terrible memory. Many programs have made attempts at solutions by storing and generating secure passwords for you.

lastpass.png

                           ^second

LastPass is currently one of the most popular platforms for that such need. Wednesday, Lastpass announced on their blog that they have noticed on odd behavior on Tuesday morning in their network traffic without being able to track the source. The security firm claims that while they are unable to tell if user data was compromised that there was a possibility that their list of user email addresses and the corresponding salted and hashed, an algorithm designed to encode data in a way that is almost impossible to ever decode, passwords. Passwords are hashed since the server does not need to know what the password is, only whether it is the same as what was input by the user, so storing the password itself is just asking for trouble in case of intrusion.
 
LastPass is claiming that they will require their users to change their master password especially in the event that your LastPass password is easily guessed. Currently I have not received such notification on my account but comments on their blog suggest that some have been notified of this requirement. If anything this potential break-in illustrates just how hard actual security is and how much of a concern it should be for the general population at all times that valuable information is being handled.