- Qualcomm Launches Snapdragon 4 Gen 2 Mobile Platform
- AMD Launches Ryzen PRO 7000 Series Mobile & Desktop Platform
- Intel Launches Sleek Single-Slot Arc Pro A60 Workstation Graphics Card
- NVIDIA Announces Latest Ada Lovelace Additions: GeForce RTX 4060 Ti & RTX 4060
- Maxon Redshift With AMD Radeon GPU Rendering Support Now Available
Social & RSS Feeds
Latest Videos
Latest News
LastPass Servers Potentially Breached; Changing ‘Weak’ Master Passwords Advised
The developers of LastPass, the program/extension that allows you to encapsulate all of your passwords underneath a “master” one, are encouraging users to change their master password if it’s defined as “weak” (as in, is a dictionary word). On Wednesday, the company noticed an anomaly with regards to certain server transfers, and while it’s relatively certain that no one’s passwords or usernames were stolen, there are no chances being taken.
Whether this super-fast action is the result of Sony’s mishap last week, we’re unsure, but what we do know is that the company is to be commended for coming forward about a potential issue even when it didn’t have much information to go on..
In an interview with PCWorld, LastPass CEO Joe Siegrist talks about what happened, and what’s possible. He is adamant that there is little reason for concern, and if there are people affected, it will range in the 10s of people out of the millions that use the service. He states, “If you used a strong master password, even if anything had been taken, there shouldn’t be any cause for concern. If you used a weak master password, there might be a little more risk, but it’s kind of a one in a million kind of a risk based on the total amount of data that was transferred.“
As long as you are using a good master password (as you should be!), you should have no reason for concern. It does concern me, though, that the possibility does exist for this to happen with a service that stores passwords, even in encrypted form, online. In the interview mentioned above, Joe mentioned that even the salts were taken, which can make it easier to crack a password. It seems to me like the salt should be stored locally, not remotely.
I’ve been contemplating using LastPass for a while, but I’ve also noticed KeePass, a similar program that allows the passwords to be stored locally. Any of you guys use either of these? What are your thoughts?
In retrospect, we probably overthought this a bit and we’re maybe too alarmist ourselves. The real message needs to be that if you have a strong master password, nothing that could have been done would have exposed your data. The only thing we’re worried about is people that have weak ones. That’s why we’re making all these moves.
Source:
LastPass Blog
Rob Williams
Rob founded Techgage in 2005 to be an 'Advocate of the consumer', focusing on fair reviews and keeping people apprised of news in the tech world. Catering to both enthusiasts and businesses alike; from desktop gaming to professional workstations, and all the supporting software.
