Potential LastPass Break-in Disclosed by LastPass

Subject: General Tech | May 5, 2011 - 06:05 PM |
Tagged: security, lastpass

One of the most important parts of security is authentication. A lot of our methods of authentication online revolve around passwords. There is an expectation these days that you are required to remember large passwords composed of completely random characters including numbers and symbols each unique from each other in the event that one source compromises the password you provide it. This necessity confronts our human nature of having terrible memory. Many programs have made attempts at solutions by storing and generating secure passwords for you.

View Full Size

                           ^second

LastPass is currently one of the most popular platforms for that such need. Wednesday, Lastpass announced on their blog that they have noticed on odd behavior on Tuesday morning in their network traffic without being able to track the source. The security firm claims that while they are unable to tell if user data was compromised that there was a possibility that their list of user email addresses and the corresponding salted and hashed, an algorithm designed to encode data in a way that is almost impossible to ever decode, passwords. Passwords are hashed since the server does not need to know what the password is, only whether it is the same as what was input by the user, so storing the password itself is just asking for trouble in case of intrusion.
 
LastPass is claiming that they will require their users to change their master password especially in the event that your LastPass password is easily guessed. Currently I have not received such notification on my account but comments on their blog suggest that some have been notified of this requirement. If anything this potential break-in illustrates just how hard actual security is and how much of a concern it should be for the general population at all times that valuable information is being handled.
May 5, 2011 | 08:38 PM - Posted by BrandNewJesus

BUT....This is why I use LastPass.
They never get your password, and there is nothing to worry about.
Attacker may have gotten my email, but that has been leaked from about 10 other companies in the past month anyway.

Security Now- Last Pass

May 5, 2011 | 11:23 PM - Posted by Tim Verry

Seriously!? Like I said in my news blurb, this is not shaping up to be a good month for data security!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.