May 5 (Bloomberg) — LastPass, a company that offers to safeguard and simplify managing subscribers’ online passwords, said hackers may have broken into its database and stolen information on as many as 1.25 million accounts.
The company’s service allows customers to use one password with enhanced security features to access multiple password- protected accounts for online banking, Internet shopping, and other secure sites. Jeremy Conway, a researcher for the Portsmouth, New Hampshire, based cyber-security company NitroSecurity Inc., said the intrusion risks giving the hackers access to millions of different bank accounts, e-commerce sites and sensitive corporate networks.
Almost funny
This would almost be funny. . . unless you’re one of the 1.25 million (so far) whose data was stolen. Image someone having access to over a million usernames and passwords to things like corporate bank accounts, ecommerce sites, and internal corporate networks. This is seriously NOT GOOD!
Yes, you can (and probably should) question LastPass’ network security, and what their technology team was thinking, but then a thinking person would ask, “Why store this sensitive information (usernames and passwords) online?”
“Why?” indeed! This type of information should NOT be stored online. All of us struggle with usernames and passwords, all of us wonder how managing this mass of login data could be made easier. .. but folks, let me tell you. . . saving it online is NOT the solution!
What’s “online” and what’s not?
Let’s think about how most of us “store” our passwords to online resources. Mostly, we depend on our web browser to remember our usernames and passwords. The latest versions of Internet Explorer, FireFox and Chrome are all very good at this. In fact, when we return to a website that requires a username and password, these browsers insert that information for us with little or no prompting. Excellent! My online life is so much easier because of this!
So are these web browsers storing that information online? No. Web browsers are software that runs on your computer. They stored password information locally, on your computer. So merely using your web browser to enter this information for you is not much of a security risk.
EXCEPT. . . if you are backing up your computer to an online storage site. Using online storage is smart as a backup strategy, but you need to MAKE SURE that your data is encrypted before it leaves your computer. The good online backup tools, like Carbonite, take care of this for you. Make sure that any backup you do to an online storage facility encrypts the data before it leaves your computer!
Should I use a password management tool?
Some people use a local (lives on your own computer or USB key) password management tool like KeePass (there are several tools like this). The idea is that there is a small table listing the website, your username, and your password. This software is locked with a “master password”. All you have to do is remember your master password, and you can have access to all your usernames and passwords.
This seems like a reasonable solution, and is certainly better that putting usernames on sticky notes and sticking them on your monitor! If this sort of solution sounds like something you could use, explore the various password management tools and see which one you like. But make SURE your data stays on your computer and is NOT backed up to the management tool’s website!
What if I Use LastPass?
If you use LastPass. . . well, you have my condolences. Start with a careful read of their security notification. Then go to your critical websites (banking, ecommerce) and immediately change your password. Use a strong password. Use a password generator if you want. Then close your account with them. Call your insurance company and make sure you have identity theft coverage. It won’t solve all the problems if your identity is stolen, but it will at least help with the related expense.
If you feel like you need a password management tool, checkout some of the many tools available and see which one might fit your needs the best.
Random Posts
If you enjoyed this article, please consider sharing it!
Sigma Web Technologies
