In August, LastPass suffered a data breach that allowed hackers to access the LastPass source code. Let’s take a look at this situation and see what you need to do to maintain proper password security moving forward.
The password manager’s report details that no customers or employees had their data accessed; rather, the attackers explicitly stole the password manager’s proprietary code. This isn’t nearly as bad as it sounds (although it sure is bad) since most proprietary software uses many bits and pieces of open-source components, something which allows them to be documented or modified more easily. Suffice it to say that the source code might be helpful for attackers, but it’s not going to be the end-all-be-all.
This is one of the big reasons why open-source projects are so popular and helpful, as you have multiple different people constantly working on them and updating them to take care of any security issues that pop up.
Imagine the password manager is a bank where you can deposit or withdraw money. In this case, the passwords and credentials are the money, stored in a vault for security purposes. You might think that if someone breaks into the bank, your money is at risk, i.e. your passwords are at risk. In reality, this isn’t quite how a password manager operates.
Returning to the bank comparison, the vault is filled with safety deposit boxes that are only brought out when you need them. You’ll have your master key (the password to the vault), as well as some other type of secondary authentication method that is generated right then and there. Without this secondary code, you won’t be able to access the safety deposit box.
The bank itself doesn’t have the key to your vault, therefore they cannot allow someone else to access your vault, whether that person is a criminal or someone from a law enforcement agency. This is how a password manager works. It stores and encrypts your passwords, and you are the only one who knows the password to access them all.
There are several reasons to use a good password manager. Here are just a few of them.
It’s not a great thing to experience a data breach, but it could have been much, much worse. If you want to ensure that your business is safe on all fronts, contact SCW at (509) 534-1530. Our trusted technicians will keep a close watch on your security so you never have to worry about the latest threats again.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!