In 2015, LastPass announced that its online systems had been compromised and cyber criminals were able to access certain user information. For password vaults, this is big news because LastPass is a very popular vault that many people use to store all of their passwords.
LastPass is one of the four solutions that we at Intrust IT recommend for personal password management.
The good news is that no user passwords were directly exposed, although it is still upsetting that user account details like email addresses were exposed.
3 Reasons for Our Password Vaults Recommendations
Considering this breach, you may find it surprising that we still recommend password vaults and password management tools, like LastPass. There are three reasons for the recommendations:
- We have always recommended that users enable two-factor authentication on their password vault, and LastPass was one of the first to offer it. Currently LastPass has the most two factor authentication options available. With two-factor authentication, even if someone has your master password they would be unable to login into your account without also having access to your mobile phone.
- We also recommend that you set up two-factor authentication on all of your critical accounts, so even if your password vault were to be compromised, the person with that information would be unable to access your important accounts without also having access to your mobile phone. You can find out which websites support two factor at https://twofactorauth.org/.
- We were impressed by LastPass’ incident response during the breach. They notified all current users of the breach, communicated with the media, and changed security to require email confirmation before any new device was granted access to a user’s account.
It has been proven time and again that no system is completely secure, so it is always important to have additional layers of security in place and to have contingency plans for when those fail. We are confident enough in LastPass’ layers of security and their dedication to their users that we can leave it on our short list of recommended password vaults.