![]() It's also not meant to speak ill of LastPass specifically. This article isn't meant to highlight how awesome the encryption methods that online password managers practice, or how safe they are to use or not. But if you read carefully through the blog, you start to understand that LastPass wasn't as well prepared for this incident as they could have been, and frankly their security posture was weaker than what you might expect from a security service provider. History shows that when you come clean sooner, you avoid being caught trying to hide it. More information on how LastPass does this can be found here.įirstly, I give kudos for LastPass in remaining transparent throughout this incident and experience, most organizations try to sweep these under the rug for fear of their brand and customer confidence taking a hit. ![]() They also "salt" these algorithms during encryption to add an extra layer of unique randomness that make it "impossible" for even the custodian, in this case LastPass, or the hacker, to see the passwords inside your vault. They leverage industry-grade encryption algorithms in ways that some would argue are stronger than your online banking (not to suggest online banking uses weak encryption). ![]() Countless individuals and organizations around the world use password managers, and overall my opinion is they're safe when used correctly, even when you assume breach. Essentially a password manager is an encrypted digital vault that can store account passwords that you use to access apps and services everyday from either your desktop or mobile device. I've been a huge fan of online password managers for a long time, and most recently a lot of folks have been asking me for my thoughts on the latest security breach of LastPass, how that impacts their customers' password vaults, and what they could have done better to protect themselves.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |