LastPass: the password manager has been hacked

The advantage of using a password manager is that you can use complicated and therefore more difficult to crack passwords, without having to memorize them. However, the downside is that you have to trust the company providing the service that manages all your passwords.

And unfortunately, these companies are not 100% immune to hacker attacks (no one really is). For example, in a post published this week, LastPass, one of the leading password managers, revealed that it had been hacked.

According to the explanations of its CEO, Karim Toubba, an unauthorized person gained access to part of the LastPass development environment using a compromised developer account. He was thus able to steal portions of the company’s proprietary code, as well as technical information.

“In response to the incident, we deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics company. While our investigation is ongoing, we have reached a state of containment, implemented additional heightened security measures, and see no further evidence of unauthorized activity.”also indicates the boss of LastPass.

LastPass felt it was important to share this information, about an incident that happened two weeks ago, with users. However, the company says there is no evidence that the hacker gained access to user data or encrypted password vaults.

“This incident occurred in our development environment. Our investigation showed no evidence of unauthorized access to encrypted vault data. Our zero-knowledge model ensures that only the customer has access to decrypt the vault data”, can we read about it in an FAQ. Similarly, the investigation conducted by the company would show that no other type of personal data was compromised.

Towards the end of passwords?

Password managers were created to allow people to use complicated passwords that they don’t have to remember, and to encourage them not to reuse the same passwords everywhere. Among the world leaders, we find NordPass which is published by Nord Security, itself owner of NordVPN. From a security point of view, it is one of the most reliable.

Discover NordPass

However, today, we are heading towards the disappearance – or almost – of passwords. Indeed, the FIDO Alliance has developed a new authentication technique which, instead of using passwords with numbers, letters and special characters, uses a system of private and public cryptographic keys.

This new method, called passkeys, will be adopted by Apple, Google and Microsoft, which provide the main computing platforms for PCs and smartphones. And Apple is particularly enthusiastic about this technology.

During the WWDC conference, the firm presented how it will implement passkeys on its products. Instead of entering a password to connect to an online service, the user only has to authenticate himself on his smartphone, using the fingerprint scanner or Face ID facial recognition.

As for the private cryptographic keys, they are stored on the user’s device, and synchronized on their other devices via the iCloud Keychain.

The only downside is that instead of trusting services like LastPass, you’ll have to trust Apple, Google, or Microsoft even more.

We would like to say thanks to the writer of this short article for this remarkable web content

LastPass: the password manager has been hacked

Visit our social media accounts as well as other related pages