Don’t Give up on Password Managers Because of the LastPass Breach
In August 2022, LastPass suffered a data breach that allowed hackers to access the LastPass source code. Let’s take a look at this situation and see what you need to do to maintain proper password security moving forward.
LastPass Was the Victim, Not Customers or Employees
The password manager’s report details that no customers or employees had their data accessed; rather, the attackers explicitly stole the password manager’s proprietary code. This isn’t nearly as bad as it sounds (although it sure is bad) since most proprietary software uses many bits and pieces of open-source components, something which allows them to be documented or modified more easily. Suffice it to say that the source code might be helpful for attackers, but it’s not going to be the end-all-be-all.
A Proper Password Manager Isn’t That Valuable to the Hacker
Imagine the password manager is a bank where you can deposit or withdraw money. In this case, the passwords and credentials are the money, stored in a vault for security purposes. You might think that if someone breaks into the bank, your money is at risk, i.e. your passwords are at risk. In reality, this isn’t quite how a password manager operates.
Returning to the bank comparison, the vault is filled with safety deposit boxes that are only brought out when you need them. You’ll have your master key (the password to the vault), as well as some other type of secondary authentication method that is generated right then and there. Without this secondary code, you won’t be able to access the safety deposit box.
The bank itself doesn’t have the key to your vault, therefore they cannot allow someone else to access your vault, whether that person is a criminal or someone from a law enforcement agency. This is how a password manager works. It stores and encrypts your passwords, and you are the only one who knows the password to access them all.
Why use a Password Manager
There are several reasons to use a good password manager. Here are just a few of them.
- A decent password manager helps reinforce password best practices, in that it condenses the tens and dozens of passwords you should be remembering into a single password that is supported by multi-factor authentication. Some people tend to put off using unique passwords, but the password manager makes it easier to do so.
- A decent password manager can help you come up with better passwords, preventing you from using recognizable patterns. Many users opt to include personal or sensitive information in their passwords. A good password manager can help you avoid these dangerous practices by giving you the ability to generate new ones.
- A decent password manager will stop you from recycling passwords. A password manager can make it easier to use different passwords by notifying you if you have used them elsewhere, which is particularly handy if you ever get involved in a data breach.
- A decent password manager will help protect you from phishing sites. A password manager will use more scrutiny with logins like Facebook and Gmail, allowing you to more effectively protect your credentials.
Some of the most common business password managers are:
- LastPass
- 1Password
- Keeper
- NordPass
Obviously, a Data Breach is Not Good
A data breach at a major password manager company is not good but it could have been much, much worse. If you are concerned about password security at your small business, consider the benefits of password management or contact us for more information.
