Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

LastPass was hacked: Here's what you have to do

Glenn Fleishman | June 18, 2015
The password-storage maker LastPass announced the worst possible news for a company in its business on Monday: its password database was breached and user account information stolen. Because LastPass allows central storage and synchronization of your data store--the "vault" of passwords and other information you use with its app and website--someone being able to suss out your master password would seemingly have access to all your secrets.

A set of three or more words that are unusual together is more secure than a short complex password that you invented yourself. Because you can't store LastPass's master password in LastPass, you should think of a way to make a memorable result. Some experts suggest phrases or unlikely conjunctions: you were running in the woods and stubbed your toe when you saw a unicorn becomes "runs stubbed unicorn". It would take on the order of a quintillion password checks to get to that result.

LastPass wasn't just lucky. Their preparations paid off. I'm looking forward to learning more about just how their systems were penetrated, and I hope in the interests of transparency, the company will provide more details. But it's nice for once to see that an ounce of prevention was worth a million tons of cure.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.