Popular password protector hacked

Popular password protector hacked
© LastPass

Popular password manager LastPass, seen as a way to protect against the inherent security flaws of passwords, revealed on Monday it had been breached.

The company said hackers had made off with encrypted passwords and, as well as some more basic user information, such as email addresses.

ADVERTISEMENT
“We are confident that our encryption measures are sufficient to protect the vast majority of users,” the company said in a blog post.

It’s the second breach at LastPass in the last four years, ArsTechnica reported, highlighting the vulnerability even of tools meant to defend against easy password theft.

A password manager stores all login data in an encrypted vault, requiring a user to remember only one master password.

Security experts admit it’s not a perfect system, but maintain it’s a vast improvement over trying to either remember dozens of passwords, using simple passwords, or keeping login credentials stored in an unsecure location.

“Often people can fall into a false sense of security with password managers forgetting that the password they use to unlock all of these accounts is just as likely to be stolen as any other password,” said Ken Westin, senior security analyst at security firm Tripwire.

The company encouraged all its users to change their master password as a precautionary measure.

The Obama administration has waded into the password debate, aggressively arguing for it to be eliminated.

The White House has funded a number of pilot projects aiming to develop alternate forms of digital authentication and wipe out the password as the primary security code used to access sensitive data online.