![]() ![]() The question of whether or not to trust LastPass statements will be debated over the next while. What are the key take-aways from the recent LastPass breach and subsequent announcements? The bottom line is that the only obstacles between an attacker and any LastPass user’s stored passwords may be the strength of their master password and less importantly, the potential obscurity of being one of 33 million users in the same position. LastPass was later spun off in 2021, but there is no evidence that the founding principles were reinstated. Since then, LastPass was purchased by LogMeIn in 2015, and it’s fair to say that since then, Joe’s original security and service principles may not have been a priority. That’s pretty much all you could ask for. In particular, over the years, a few security breaches did occur, but LastPass was praised for its transparency and proactive approach. Many people, including security professionals trusted the company. Initially, LastPass was an independent company and its founder Joe Siegrist was doing all the right things, as far as anyone outside could tell. The theory was that the architecture was done in a way that made it very hard for an attacker to crack the master password… IF IT WAS STRONG, meaning at least 12 characters and random enough to be “not guessable” using “dictionary attacks” or through a bit of open source research. ![]() I’ve been a LastPass user for many, many years, with hundreds of credentials stored there. ![]() This is my take on the LastPass story to this point… I’m sure there will be more to come. I wanted to see what a range of experts were saying about it before weighing in with my perspective. That’s why I didn’t post this article immediately after the most serious news broke about this breach. And in this case, it does seem like there were some inaccurate statements made by some “experts” on social media. One important thing to remember at times like this is that there may be a tendancy to “over-hype” the severity of the problem, and to jump to conclusions. My advice here is primarily based a summary story by Ars Technica that provides a good explanation with recommendations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |