Nerds On Site

Lastpass Users Might Want to Change Their Master Password

[this post by Nerd Dennis Houseknecht]
Last week there was a **possible** compromise of the Lastpass database. As time has gone on, it seems less and less likely that much, if any data was compromised. At first, the Lastpass folks recommended that users change their master password, just in case. That resulted in an overload on their systems, so they opted to lock the accounts in other ways. They are no opening up the system to allow master password changes again.
A couple of very important points, and reasons I still use and recommend LastPass:
1. Lastpass has been totally transparent and forthcoming about what they knew. Contrast this to Sony\’s horrible handling of their recent breach.
2. The folks at Lastpass understand security. These master passwords are stored as salted hashes, so even if a hacker got the entire database, the only way they could extract a password would be if 1) they also obtained the salt, and 2) it was a weak password. A strong password will take years to centuries to crack, even in an offline mode using rainbow tables. Again, contrast this to Sony\’s complete failure to follow even the most basic security principles.
Changing your master password would still be a good idea – especially if it is not strong. Just make sure to use a strong password that you will not forget – it is the one that protects all your other passwords.
You can get more information from the Lastpass blog, or from this article.

Leave a Comment

Your email address will not be published.

Scroll to Top