As an IT support company, we at EVERNET Consulting understand the importance of cybersecurity in today’s digital age. One of the most effective ways to protect your business and personal data is through the use of password management software.
Recently, LastPass, a popular password management company, announced that customer vault data was stolen by hackers who accessed the company’s cloud storage earlier this year using information stolen in an August 2022 incident. This is a reminder of the constant threats faced by businesses and individuals in the online world, and the need for strong passwords and secure password management.
Many people have a tendency to use the same password for multiple accounts, or to use simple passwords that are easy to remember but also easy for hackers to guess. This puts their sensitive data at risk, as a hacker who gains access to one account can potentially use that same password to access other accounts as well.
Password management software helps to mitigate this risk by generating and storing strong, unique passwords for each account. This means that even if one password is compromised, the rest of your accounts are still secure.
What Can You Do About It?
In addition to generating strong passwords, password management software also offers the convenience of storing all of your passwords in a single, secure location. This saves you the hassle of having to remember multiple complex passwords, as you can simply access them through the password management software.
But what about the risk of the password management software itself being hacked?
According to the company’s CEO, Karim Toubba, the attacker gained access to LastPass’ cloud storage using “cloud storage access key and dual storage container decryption keys” stolen from the company’s developer environment. The attacker was able to copy basic customer account information and metadata, as well as a backup of customer vault data. The vault data includes unencrypted information such as website URLs, as well as fully-encrypted sensitive fields like website usernames and passwords, secure notes, and form-filled data.
Toubba reassured customers that the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique key derived from each user’s master password. Toubba also stated that LastPass does not have access to or store users’ master passwords and that, if users have been following LastPass’ recommended password best practices, it would be very difficult and time-consuming for hackers to brute force their way into the encrypted vault data.
While the incident is certainly concerning, it is important to note that the encrypted data remains secure and that LastPass has taken steps to reassure its customers about the security of their sensitive data. The company has advised customers to be vigilant and to report any suspicious activity on their accounts. It is also a good reminder for all users to regularly review and update their passwords and to follow best practices for password security.
This demonstrates the importance of choosing a reputable and secure password management software, as well as following best practices such as using strong and unique master passwords.
Account Password Best Practices
It is important to choose a reputable and secure password management software to ensure the protection of your sensitive data. In addition to this, there are a few best practices that you can follow to further enhance the security of your passwords:
- Use strong and unique master passwords: Your master password is the key to accessing all of your stored passwords through the password management software. It is essential to use a strong and unique master password that is difficult for others to guess or brute force. We recommend using a combination of upper and lowercase letters, numbers, and special characters to create a strong and unique password.
- Enable two-factor authentication (2FA): Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of verification in addition to your password. This could be a code sent to your phone, a fingerprint scan, or a physical security key. Enabling 2FA helps to protect against unauthorized access, even if your password is compromised.
- Use different passwords for different accounts: While it may be tempting to use the same password for multiple accounts to save time, this increases the risk of your accounts being compromised. If a hacker gains access to one of your accounts with a shared password, they could potentially access all of your accounts using that same password. Using unique passwords for each account helps to reduce this risk.
- Enable password expiration and rotation: Some password management software offers the option to set a password expiration date, after which the password must be changed. This helps to ensure that your passwords are regularly updated and reduces the risk of them being compromised.
By following these best practices, you can significantly enhance the security of your passwords and sensitive data. It is important to prioritize the security of your passwords, as they are often the first line of defense against cyber attacks.
At EVERNET Consulting, we recommend the use of password management software as a key component of your cybersecurity strategy. Not only does it help to protect your sensitive data by generating and storing strong, unique passwords, but it also offers the convenience of having all of your passwords in one secure location.
As the threat of cyber attacks continues to grow, it is more important than ever to prioritize the security of your passwords and sensitive data. Contact us today to learn more about how password management software can benefit your business.
Now’s a great time to properly setup a password manager for your business. When you partner with EVERNET, we help you learn how to utilize your IT department properly. Let’s schedule a discovery call and see how we can help you work smarter, not harder.
Eric is a Business IT cybersecurity advisor, consultant, manager, integrator, and protector who founded EVERNET in 2007. Eric co-hosts a podcast called “Finance and Technology Insights by Brian & Eric” on YouTube. Eric is a regular contributor to the EVERNET blog, writing about the latest technology news and providing his expertise in cyber security prevention and management.