Final PassOne of the most widely used password managers admitted that the security breach it suffered during the summer affected the data of its users. This means that citizens’ passwords, emails, banks, digital wallets, everything is in the hands of criminals. Although in principle it is encrypted.
The truth revealed Alarm among LastPass users and others using similar password managers. What are we going to do at this point? Will we continue to rely on these solutions? Is it possible to do it another way?
(You can also read: Password manager: What are the best ones to use this 2023?)
The average citizen today uses several passwords, both personally and professionally. They should all be different and long enough, random and complex. This way, a data breach on a service only compromises the user’s credentials on that platform. And it becomes harder for an attacker to crack the password by brute force using common password dictionaries or personal information about that user (date of birth, pet name, etc.).
This makes it impossible to remember dozens of different, long, arbitrary and complex passwords. So, intuitively the solution is to “mark” them somewhere.
The analog option is a notebook or notebook, but the problem is that the owners have to protect it very well. Also, they would have to carry it with them at all times to be able to access all their apps and services.
(
LastPass, which had more than 25 million users in the summer of 2022, suffered a security breach. The attackers had access to the solution codes and other intellectual property, but not to their users’ password vaults.
But by Christmas 2022, they admitted that attackers had access to their customers’ personal data, and worse yet, backup copies of some of their password stores.
In violation notice total number of affected users or passwords not providedTherefore, the actual effect cannot be predicted.
The LastPass team tried to reassure its users by explaining that critical information in these stores is encrypted with a key derived from each user’s password. As of 2018, these phrases are mandatory. at least 12 characters, because cracking them by brute force (trying all possible combinations) would be very expensive in terms of time and resources. It is estimated to take several thousand years.
However, if that password is otherwise compromised, the passwords on the vaults affected by the breach could be cracked. This can happen, for example, if the attackers are successful using some social engineering techniques. phishing. Or if the user is using the same main clause in another service affected by a data breach.
Therefore, it is up to each affected user to decide whether to change all passwords stored in the LastPass repository, or at least the passwords of the most critical applications for which they have not configured a password. second factor authentication (which makes password compromise less serious). It all depends on how much they trust their Key Words and are uncompromised.
(Keep reading: How to take care of online privacy? These are some tricks)
Additionally, there is additional uncertainty as not all information in LastPass stores is stored encrypted. This means that anyone with access to it can, for example, find the URLs of the applications and services that each user accesses without much effort. So should we use a manager or not?
Despite LastPass’ incident and their handling of the crisis probably not in the best possible way in terms of communication and transparency, Using password managers is still highly recommended.. At least with enabling a second authentication factor (text message, app or call) on security-critical platforms and services (main mail, bank, etc.).
Simply, as in other situations, you should learn a little before deciding which alternative is the best for each of us. At the moment, there are many doubts that LastPass will continue to be for everyone because they have already chained a significant number of events. so this is important to actualize compare different options, evaluate their price, functionality, flexibility and, of course, securitygiven how critical an event with these characteristics can be.
Password manager yes, but not any, used or configured in any way. For example, the security of the main sentence is criticalAnd this is our responsibility.
MARTA BELTRAN
SPEECH (**)
titled teacher from King Juan Carlos University. (**)
Speech
is a non-profit organization that aims to share ideas and academic information with the public. This article is reproduced here under a Creative Commons license.
Source: Exame
