Network attacks are a constant threat to your data. Knowing this, strong passwords are not only a good idea, but a necessity. This has led to the prevalence of password managers as they allow the use of more complex passwords without the user having to memorize the password themselves. While these tools are definitely useful, they also have their risks. That’s why RAVENii is here to talk about some of these risks.
What is a Password Manager?
A password manager is an app on phones, tablets, or computers that will store all of your passwords in one place so that you don’t need to remember them. Users of this type of tool typically will log into the manager with a master password. The password manager itself is capable of generating and remembering your passwords for all of your online accounts.
Making use of a password manager is a top safety practice recommended by security experts. Since a great deal of data breaches are tied to weak or reused passwords, these tools have obvious appeal. The important thing to remember when using a password manager is that Network attacks can happen at any time to any target, so it’s important to remain vigilant and informed about the state of the specific manager you use.
The Breach of LastPass
One of the earliest and most popular password manager tools is LastPass. This is a free option that managed to accumulate over 25 million users during the 2010s. Unfortunately, as reported by WIRED, on December 22, the company revealed that a security incident they had reported on November 22 was actually a massive breach that exposed their encrypted password vaults along with other user data.
Network attacks could happen to anyone and the occurrence of one in and of itself is not a reason to fully lose confidence in a company. However, the way LastPass handled the breach of their data should be cause for concern. The details they revealed in their December announcement were bad enough that many security professionals quickly called for users to switch to other services. This concern is because the company has failed to reveal specific details about what data the hackers were able to steal and how many users have been impacted by this attack.
LastPass has failed to offer their users basic information like when the breach itself occurred. They have only revealed that it likely occurred after August 2022. Knowing when network attacks occur is information that is critical to formulating an effective response. This is because knowing when the attack takes place gives a clearer idea of how long the attackers have had to crack the keys used to encrypt stolen data. In this instance, if attackers have had three or four months with the stolen data, the situation is far more urgent than if they had only had a few weeks.
The LastPass breach included other customer data in addition to the password vaults, such as names, email addresses, phone numbers, and some billing information. The fact that LastPass kept their data in a hybrid format where some information such as passwords were encrypted while information like URLs were not, was something that earned the company a lot of criticism. This situation allows the attackers to get an idea of what information is inside the vaults and helps them prioritize which vaults to crack first. With the vaults themselves being stolen, it’s too late for changing a master password to be of much help to the affected users, because the data itself has already been stolen.
If you used LastPass, the best way to make sure you’re protected now is to go through your vault and change all of your passwords. Another smart step to take is to turn on two-factor authentication for any accounts you can. This is especially true for any high-value accounts like email or financial services. Changing your passwords will make the information in the vaults outdated and two-factor authentication will provide a layer that the hackers will not be able to get through with the information they have already stolen. Once you have taken these steps, it’s a good idea to switch to a new password manager service with a better track record of transparency with their customers.
If the thought of network attacks are causing you stress in operating your business, RAVENii has the expertise to help. You can call us at (844) 317-0944 or use our online contact form and we’ll get in touch to set up an appointment. It’s vital to be able to keep up with constantly evolving cyber security threats, and RAVENii is here to make sure you don’t have to go it alone.