{"id":1767,"date":"2011-05-07T08:20:19","date_gmt":"2011-05-07T12:20:19","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=1767"},"modified":"2011-05-07T08:20:19","modified_gmt":"2011-05-07T12:20:19","slug":"a-word-about-lastpass","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/a-word-about-lastpass\/","title":{"rendered":"A word about LastPass"},"content":{"rendered":"

We’ve received several emails from readers who, like TC, use LastPass. It’s true that LastPass experienced a problem and a hacker or hackers may have breached some user files. Since LastPass is a cloud-based application, this is a serious matter. But in this era of the 24-hour news cycle, when we really looked into this breach, we discovered that only about 0.5% of users were actually affected. And yes, it’s true, if you were one of the 0.5% of users, it could be very serious. LastPass has notified those users who\u00a0may<\/em> have been affected by this breach and asked them to change their master password. It’s important to keep things in perspective, and to remember that while 0.5% of users may have had their data breached, 99.5% did not.<\/p>\n

For those of you who don’t use LastPass, the master password allows LastPass users to access data from their personal LastPass Vault. This data consists of things like usernames and passwords – and anything else users have stored there (personal information, credit card numbers, etc.). So even though a hacker may have stolen 0.5% of the total user databases, they would not gain immediate access to the master passwords –\u00a0 they are encrypted and hashed. Without the master password, hackers have no access to the user’s LastPass Vault.<\/p>\n

And this serves, once again, a reminder of the importance of always using strong passwords.<\/p>\n

Passwords are the key to your online security and the safety of your personal information. If you use LastPass and you have followed our advice to always use strong passwords, then even if you were among those 0.5% of users whose data was breached – the thief would have to crack you master password before he\/she could access your data. If you used a strong password they’re not going to crack your password unless they want to spend years on you – and they’re not going to bother with it. You can be sure they’re looking for those with master passwords that are something like 12345 or “password”, or those who use common dictionary words like “orange” or “cloudy” for their master password.<\/p>\n

We still recommend LastPass, and we continue to urge everyone to use strong passwords for everything. And for those who use Roboform – the newer versions of Roboform work in a similar way to LastPass. If you use Roboform – you should set and use a strong master password.<\/p>\n

This excerpt is from a news story reporting on the breach at Last Pass…<\/p>\n

“…Everything got a bit messy and some folks were apparently locked out of their accounts, unable to change their passwords (or even locked out after they\u2019d made the switch).<\/p>\n

LastPass says it has identified an issue with approximately 0.5% of users which impacted their master password change, and its focus is currently on resolving these problems.<\/p>\n

The passwords themselves were hashed, a type of one-way encryption which means that if hackers have got away with password data, they\u2019ll still have to crack it.<\/p>\n

The only way to do that is to brute-force the encryption, which will only have a chance of succeeding with simple dictionary word passwords. Anyone who employed a combination of letters, numbers and other characters \u2013 a strong password, as it\u2019s known in the trade \u2013 isn\u2019t in any danger of being brute-forced.” <\/em>(\u00a0You can read the entire article here<\/a>. )<\/p>\n

We still recommend and use\u00a0LastPass<\/a> – but only if you use a strong master password.<\/p>\n","protected":false},"excerpt":{"rendered":"

We’ve received several emails from readers who, like TC, use LastPass. It’s true that LastPass experienced a problem and a hacker or hackers may have breached some user files. Since LastPass is a cloud-based application, this is a serious matter. But in this era of the 24-hour news cycle, when we really looked into this breach, we discovered\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[1123,1121,1120,155,1122,14,1124],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/1767"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=1767"}],"version-history":[{"count":2,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/1767\/revisions"}],"predecessor-version":[{"id":1769,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/1767\/revisions\/1769"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=1767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=1767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=1767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}