Lastpass, a facility that advertises itself as the final say in password management has had to admit to being breached by hackers. Lastpass allows web users to save their many passwords in one online vault. They claim to have found and blocked 'suspicious activity' on Friday.
The company has admitted that users' email addresses, authentication hashes, password reminders and server per user salts were compromised but has claimed that stored passwords have not been affected. LastPass is confident that its encryption is strong enough to make attacking those stolen hashes with any speed difficult.
By way of a blog post, the company CEO stated that it protects its authentication hashes with 100,000 rounds of server-side PBKDF2-SHA256 cryptography, which it says "makes it difficult to attack the stolen hashes with any significant speed."
Lastpass has often been touted by security 'experts' as the best solution to the problem of keeping track of multiple passwords.
Lastpass has called on users to change master password as soon as possible and to make use of the multi-factor authentication. Users are (once again) reminded of the need to choose complex passwords - avoid using names and common words, instead choose a memorable phrase made up of alphanumeric characters.
0 comments:
Post a Comment