Remembering the password for every single account you've made can be difficult, which is why tools like LastPass can be practical. The problem is that the password-managing app has experienced security issues before, which could put all your other accounts at risk.
Stronger Passwords Required
LastPass has had its cybersecurity questioned after it experienced a breach back in late December 2022, and then again in late February 2023. With the company's attempts to prevent another incident, users are now required to use longer master passwords.
Preexisting users used to have the option to retain the shorter password they've had before, but the new policy no longer allows this. Customers will soon be forced to reach the 12-character minimum requirement, as reported by The Verge.
In its biggest 2022 breach, hackers managed to copy information from the company's backup that had customer data such as end-user names, billing addresses, email addresses, telephone numbers, and IP addresses, said the company CEO, Karim Touba.
Although an encrypted storage container was also copied, LastPass assured customers that it could not be opened due to the 256-bit AES encryption it had. These locked folders held customer usernames and passwords, and required master passwords to be opened.
Fortunately, hackers never acquired the master passwords, especially since the company never stored or maintained them. The only way hackers would be able to obtain them was if customers gave them away, as per Bleeping Computer.
In the February 2023 cyberattack, the bad actors breached LastPass by hacking into a DevOps engineer's home computer. The stolen data was also encrypted, but the hackers stole the decryption key as well.
Read Also: Hackers Breached LastPass Cloud Storage, Customer Vault Data Stolen
Creating and Protecting Your Password
Using LastPass is a convenience that people need, especially if they cannot remember all the passwords for every account they have. All they have to do is have their master password more complex than others to make sure that every other data is protected.
To create a password that's hard to crack, customers are encouraged to use a mix of letters, numbers, and characters. It would also be helpful to throw around uppercase letters and avoid using consecutive numbers like "123."
Since LastPass already stores your other passwords, all you have to remember is your master password. Refrain from writing it down or storing the password on your devices through notes, to prevent the slim chance that threat actors might access them.
There's only so much security LastPass can provide, and you'll also have to play your part in protecting your master password. Hackers might try to get this through other means as well such as phishing attacks or social engineering tactics.
Avoid clicking on suspicious links that are sent to you, which can often be found in emails. You should also choose the apps you download carefully. Some of them include malware that gets to work after you download them and provide permission.
If the app asks for permission it doesn't need, perhaps a calculator app that needs access to your photos, delete it immediately. If you can, download apps from trusted developers only to avoid being hit with malware or adware.
Related: Hacker Breached LastPass Through DevOps Engineer's Home Computer
