Security is essential, and it will just end up being even more vital as we start to store increasingly more of our lives online. Be it banking details or pictures of our kids that are kept in the cloud, our data and info is best kept behind protected passwords, with those passwords kept in something like LastPass or 1Password, both of which are highly suggested to a lot of users.
Regrettably for both LastPass and its clients, it has suffered a data breach which has led the company to ask all its users to reset their passwords as a preventative measure.
While at the moment LastPass is confident that the hackers were unable to get access to any info kept within a user’s account, they did make it away with LastPass account e-mail addresses, password pointers and authentication hashes. While users ought to alter their LastPass master password as quickly as possible, now does not seem the time to panic simply yet.
We are confident that our encryption steps suffice to protect the vast bulk of users. LastPass enhances the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This added strengthening makes it tough to assault the taken hashes with any significant speed.
At this point it is essential to keep in mind that LastPass does not think that user information, in the type of passwords and usernames for sites kept within it, was available at any time. However, a reset of your LastPass master password is believed to be the very best course of action, and if you happen to make use of that exact same password in other places, it may be smart to change that password as well. But no one does that anyway, do they?
Here’s the full security notification from LastPass on their very own web site:
LastPass is an online service that lets users store credentials for sites and services, indicating they only need to remember one strong master password in order to gain access to all of their accounts. That clearly makes it a prime target for hackers. Luckily, in this case at least, it appears the worst result has actually been prevented and user information is safe.
So there’s that, at least.