Back to Blog
Lastpass breach5/10/2023 Password reminders stored in plain text were compromised during the recent breach. While this still seems like a lot guesses, it really means that a strong master password can still be considered secure.Now we come to the possible Achilles heel of a strong password: the password reminder. So instead of billions to hundreds of billions of guesses in a second, it is more along the lines of tens of thousands or millions of guesses in a second. An attacker has to do the same thing to end up with an accurate, encrypted guess.It takes a long time, in computer terms, to encrypt a password in the way that LastPass does. Further increasing the time it takes to encrypt the master password, LastPass sends it through this process 100,000 times. LastPass uses one of the new, slower algorithms to encrypt everyone’s master password. ![]() These algorithms are slower to execute which means it takes longer to generate a single guess. To combat the ability of modern computers to guess so many passwords so quickly, new algorithms are being implemented. Three years ago, an expert demonstrated a computer that was able to go through 180 billion combinations in a second! However, this speed is not attainable for all encrypting algorithms. For the most common ways, hackers can use specially built computers to guess millions, or even billions, of passwords in a second. The success of this form of attack is highly dependent on how fast these guesses can be generated.There are many ways (algorithms) to encrypt, or hash, passwords. In an attack that does not involve a password vault, the attackers will often try this same username and password combination on other sites, like banks. ![]() If they get a match, they can log in as the user. To do this, they take a guess, encrypt it, and then compare it to the list of stolen passwords. When usernames and encrypted passwords are stolen, the attackers will try to guess the corresponding plain text (non-encrypted) password. ![]() How Do They Get Your Password If It Is Encrypted? On June 15, 2015, attackers stole encrypted master passwords, email addresses, the password reminders, and some other odds and ends of many accounts. LastPass was the most recent of the major tools to report a breach. Therefore, these companies take security very seriously. If you forget your password completely and your password reminder doesn’t jog your memory, then you can’t get back into your password vault.An online vault of passwords, even when it is encrypted or hashed, is an appealing target for hackers. This is the only reminder that can be provided by the application developers, because even they don’t have access to your un-encrypted password. If you forget your master password, you have a password reminder. The master password also encrypts and decrypts a vault that stores all of your passwords. Password management tools work by having you create a single master password, which is used to log in to the tool. These tools help people keep their passwords strong, unique, secure, and accessible. Cloud-hosted password management tools, such as LastPass and Dashlane, provide this desired portability. While this is a valid form of password management (if you can keep your list safe), nowadays we also need those passwords while out-and-about, and on multiple devices. Ideally, a strong password does not even contain any words found in a dictionary.So how does one keep up with all these unique, long and strong passwords? It used to be the only way to do this was to write them down. Generally this means at least eight characters long, including numbers, upper and lower case letters, and symbols. Unique passwords are best, so that if someone gains access to one of your accounts they can’t automatically get to your others. Individuals are keeping up with more passwords now than ever.
0 Comments
Read More
Leave a Reply. |