LastPass admitted an unauthorized party accessed its system. Is it alarming? Do you need to switch managers?
Experts say that we should not use one password for all online accounts. To remember passwords easily, most people use passwords that are weak or easily guessed. This is why many people are using a password manager to save and manage their passwords from one safe space.
But how safe is a password manager? What happens if the bad actors hacked it?
Last month, LastPass, a well-known password manager, admitted that bad actors hacked into its development system. It was alarming. The app promised to provide its users with a safe space for their passwords.
However, the company reassured its users that sensitive details were not compromised in the unfortunate event. LastPass’s CEO, Karim Toubba, provided an update about the investigation. Karim revealed that the bad actor’s activity was limited to four days.
Within the timeframe, the company’s security team detected the bad actor’s activity and immediately arrested it. There’s no proof that the threat activity went beyond the timeframe.
He also confirmed that there’s no evidence the threat actor had access to customer data or encrypted password vaults.
Indeed, the bad actor had accessed the app’s development environment. But its system design prevented the threat actor from gaining access to customer data or encrypted password vaults.
Here are the reasons:
“Firstly, the LastPass Development environment is physically separated from, and has no direct connectivity to, our Production environment. Secondly the Development environment does not contain any customer data or encrypted vaults. Thirdly, LastPass does not have any access to the master passwords of our customers’ vaults – without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model. “
In 2015, the said password manager also suffered a security breach. At that time, the threat activity compromised users’ email addresses, password reminders, and other sensitive details. This breach is similar to what happened recently. That’s why some of its users are frustrated.
LastPass does not recommend its users to do anything to keep their data safe considering that the bad actor didn’t compromise sensitive data. However, it is always a good idea not to reuse passwords.
To further protect your online account, it is better to switch or enable multi-factor authentication.
Alternatives to LastPass
If you no longer trust LastPass, there are alternatives to it. NordPass is one. It is built by the same team behind NordVPN. It’s a new tool, however.
1Password is another alternative that is geared toward Mac and iOS users. But it is compatible with all operating systems. It features auto-fill forms, a digital wallet, and a flexible password generator.
Keeper is also a well-rounded password manager that let you store site passwords using its AES-256-bit encryption. It offers multi-factor authentication. It has dark web monitoring and encrypted message features, which are rare in a password manager.