What’s Next After The LastPass Breach?
June 25, 2015 | DevOps | Andrew Racine
No doubt you’ve already heard about the recent security hack at LastPass. In what is an all-too-common trend, even among security-minded organizations, hackers are finding new ways to gain access to privileged information on a regular basis. While LastPass has confirmed that their security was adequate enough so no actual customer passwords were compromised, it still leaves an unsettling feeling.
The main issue isn’t even that another hack occurred, but rather it is happening to supposed ‘security-centric’ companies. So it begs the question, how secure is “secure enough” in today’s world? Here are some interesting opinions on this topic that we hope will help you evaluate your own situation:
CBS MoneyWatch asks the question, ‘How secure are password managers?’. The article weighs the benefits of putting all of your password trust in one basket or if you should diversify your password management while advocating for the use of two-factor identification.
The Cointelegraph wonders if it is finally time for passwordless logins. The article focuses on the cryptocurrency world and how the recent development of Secure Quick Reliable Login (SQRL) as well as public key cryptography could improve security without the need of passwords.
SecureIDNews tell us not to sweat the LastPass breach. A consultant interviewed for the article suggests that services like LastPass were specifically designed to remain secure in the event of a breach such as this.
ITBusinessEdge points out that this is LastPass’ third breach since 2011. They also bring to light that one still needs an unencrypted master password to log into the service and that this password is still an easy target for hackers.
With any breach there will be varying opinions on how best to avoid becoming the next victim of cyber hacking. While proper password management like two-factor identification and services like LastPass significantly decrease the likelihood of a breach it certainly doesn’t guarantee it. Properly instituting a zero-trust security architecture can dramatically improve your organization’s overall ability to remain secure as you grow and the techniques used against you improve.