Tag Archives: security-breach

How LastPass is Handling a Security Breach the Right Way

I’m just as tired as you are of reading about security breaches, data being stolen and hackers sitting smugly behind their screens. Unfortunately, we’re not going to see a dip in the number of these crimes any time soon. The state of security within many companies is frankly deplorable. Corporations we have trusted for years are suddenly finding themselves in the number one spot on everyone’s “list.” Often, though, it’s not the actual breach of information that disturbs us – it’s the way a company handles the problem which gets our knickers in a knot. Just take a look at Sony…

Sony knew there was an issue several days before telling anyone, an oversight which is now causing them much more grief than the actual dilemma of stolen data. Let’s face it: we all know that hackers are out there stealing everything they can get their hands on. We hate them, right? We rant, curse and scream on a daily basis about the prevalence of online theft. But what we loathe even more than the bad guys are the companies who aren’t honest with us – and who aren’t very speedy at telling us they have a problem.

Earlier today, password manager LastPass openly admitted that they had possibly suffered a breach of data – nearly as fast as they discovered it. In order to maintain the safety of their customers, the business quickly disabled master passwords, forcing users to log in via offline mode. Everyone was then prompted to change their master password in order to resume normal operations. This was done as a precaution, folks. Yes, it likely inconvenienced you for a moment or two. However, isn’t taking that step just in case better than finding out later that some idiot now has control of your bank and credit card accounts?

This company absolutely handled the matter the right way. They aren’t even sure at this point that anything was taken at all. They simply found a possible problem, reported it to you immediately and took preventative steps to help you stay secure. What more could you ask for? Please don’t answer that by asking for impenetrable security. That’s never going to happen, y’all.

Nothing is perfect, not even security. The response from the LastPass team is daggone close, though.

Can a Monkey Hack Your Password?

Seriously, folks – how many times do you need to be told to use a secure password? Is this really so difficult a concept to understand? If you aren’t using strong passwords, you can – and WILL – be hacked. Just ask Gawker Media how easy that is to do. Over the weekend, Gawker saw all of their databases compromised. User names and passwords used to comment on the various sites were grabbed. Internal information, conversations and passwords were snatched and publicized. The entire situation was quite an embarassment to the people at Gawker. However, the worst part of this entire mess is finding out how many thousands of you out there use inane passwords on sites such as this.

Nearly 200,000 passwords were leaked from within Gawker’s walls. More than three thousand people used the password 123456 on the site. Oh. My. God. Really? Another two thousand un-savvy people used the word password as their login of choice. *sigh*

I’m willing to bet these same people use these passwords for other sites, as well. I can already hear some person yelling at their screen while reading this: “No one would want to hack me! Why do *I* need to be secure? I have nothing to hide!” Oh how wrong you are, young grasshoppers.

Have you ever bought something online? Bam! Hackers want that information. Do you log into your bank account from your computer? How often do you check your PayPal balance, update your profiles and information on websites or even check in on FourSquare? Criminals do want every scrap of information you have sitting on that purty little hard drive of yours, and you’re handing it to them on a silver platter.

It’s not ME you need to satisfy by making your passwords secure – it’s you. You need to protect yourself. I can’t do it for you. Personally, I advocate using a password generator/manager such as LastPass.

You’ll thank me later.