LastPass is one of the most used password managers in the world. Throughout the history of LastPass, there have been several breaches. The most recent might be the most worrisome. But what happened? And should LastPass users worry?
When LastPass initially reported about the security breach, they claimed that no user data or encrypted passwords from the vaults had been leaked. On December 22nd, LastPass shared more information about the data breach. This time, however, they shared information about how cloud storage with archived backups was hacked. As a result, user information and other encrypted data were taken by hackers. This happened during the summer, meaning that the hackers have already had several months to work on the data. Should you be worried?
The data stolen by the hackers is encrypted with 256-bit encryption. The only way to extract the data is by using the master password of the different LastPass users. Some data, such as URLs, can be accessed by hackers, but other information, such as usernames, passwords, and notes, is encrypted and hidden from hackers.
Should you worry? Is it time to change your password manager?
It has been said that it takes thousands of years for someone to crack the master passwords of LastPass users. That is, if they have used a random master password consisting of 12 characters and not using words and combinations from dictionaries. The truth is, most people use passwords based on names and words, making it much easier to guess master passwords using brute-force techniques. Hackers cannot access your passwords without your master password, which is the key in the entire process.
The most important thing you should do is to change your master password, especially if you have a weak master password.
If you worry more, change the passwords of your most important accounts. This should include the passwords of your email accounts, bank accounts, trading accounts, and more. It is also wise to implement 2FA on all your important accounts. Why is that? Even if someone should find your master password and access your passwords, they will still be unable to log in to your accounts since they will fail in the second part of the login process.
Is it safe to use LastPass in the future?
You need to decide for yourself! LastPass has been around for a long time, and the company has experienced more trouble than others. The last breach is the most serious of them all. Do you still trust the company? If you want to change your password manager, services such as BitWarden and NordPass are good alternatives.
If you change the password manager, do not forget that you still need to take action with your LastPass account. Change your master password, and as you migrate to a different password manager, the best is to change your passwords in the process.