Lastpass Breach: No Need to Panic
As far as we know now, this breach is not that bad
The recent announcement by Lastpass that their development environment had been breached has caused widespread concern that the passwords of everyone who uses Lastpass had been exposed. Stay calm, and don’t panic: they have not. The zero-knowledge design of LastPass ensures that LastPass never has access to your master password and thus the ability to decrypt the passwords you have stored with it.
Thanks for reading Heuristic Security! Subscribe for free to receive new posts and support my work.
Likewise, there are some voices saying, “See, this is why you should not use a password manager!”. Say what? The risk that some vulnerability of an established password manager will expose a user’s credentials is tiny in comparison to the risk that said user would choose weak or repeating passwords without a password manager to create and control them for them.
Well then, is there anything you should do? First, if you are not using a password manager, don’t let this stop you. Get one now and start using it today. There are a variety of great options available, including LastPass, 1Password, Dashlane, Keeper, and others. Second, make use of the security features of the tool you choose. If they offer multi-factor authentication for the password manager itself, implement it. And it (should) go without saying that you need a complex master password. Passphrases are the easiest to construct and remember.