Web-based password manager LastPass hacked

One of the more popular online password managers has been hacked. LastPass’s servers were breached and user data stolen, including hashed user passwords, cryptographic salts, password reminders, and e-mail addresses.

According to LastPass staff, your passwords are still secure, because only the encrypted versions were obtained. Analysts have confirmed that the risk to LastPass users is minimal, mostly due to safeguards employed by the service.

Still, if you use LastPass, you should immediately change your master password. You will in fact be prompted to do so when you log in.

Although LastPass had effective safeguards in place, the fact that they were hacked (again) leaves me wondering whether it’s ever a good idea to use any Internet-based password manager. I strongly recommend using an offline password manager like the excellent Password Corral or Password Safe. Both are freeware.

Ars Technica and Brian Krebs have more details on the hack and its implications for users.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.