LastPass Data Breach
In August of 2022, LastPass landed in the hot seat as they reported to their customers that there had been unusual activity within LastPass. They assured customers that no data within their vault or their user’s vaults was compromised, nor was any personal information. Contrary to their report, a data breach did occur. Data breaches will become more common in 2023, making your security a higher priority than ever.
CUSTOMERS UPDATED ON DATA BREACH
On December 22, 2022, LastPass confirmed that hackers obtained customer information, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses. Hackers also accessed a copy of customer vault data, though encrypted, still considered to be dangerous in the wrong hands.
LastPass attempted to reassure its users that the compromised information was encrypted, posing less risk. A master password (reportedly not stored by LastPass) is required to decrypt data. Still, brute force (i.e., guessing passwords) efforts could give hackers access to that encrypted information, depending on the strength of the original user’s master password.
LAWSUIT FILED AGAINST LASTPASS
Weeks later, a class-action lawsuit was filed by an unnamed plaintiff to recoup losses due to the security breach that allegedly caused the user to lose $53,000 in Bitcoin. This story is far from over, but here are two major lessons that we can take away from this event:
- Cloud-based storage comes with risks. Know your alternatives.
- Average, repetitive passwords are extremely dangerous
BETTER ALTERNATIVE TO CLOUD-BASED PASSWORD MANAGERS
Cloud-based password managers lack the security you need. Consider the best option of local, encrypted password storage directly to your device. IDSeal Pro-Tec, our proprietary device protection suite, allows you to store all your passwords in a locally encrypted vault.
This storage method is superior to password managers like LastPass or 1Password, which store them in the cloud. Both cloud and local-based password managers require a “master password” to decrypt information. In contrast, IDSeal Pro-Tec doesn’t store the encrypted vault data on servers that can be accessed by hackers. Hackers could only access a user’s encrypted password vault by first accessing and overtaking the user’s device, then by brute force guessing the master password to decrypt the data.
TIPS TO CREATE A STRONG PASSWORD
Finally, it’s important to stress that the weak passwords of yesteryear are no longer good enough. Update your passwords to be difficult and use these guidelines to help you:
- Use a combination of uppercase and lowercase letters, numbers, and special characters
- Longer passwords are stronger; use at least 12 characters
- Use unique passwords for each account; a password manager makes this simple!
- Avoid using memorable or common keyboard paths (sorry, 123456 and qwerty are out!)
- Skip using any personal information
Combine these tips with IDSeal Pro-Tec, and you will have the best available protection on the market! Go to our Protection and Plans page to pick the best plan for you.