Tag: lastpass

  • More data breach woes for LastPass and our recommendations for you on how to deal with it

    More data breach woes for LastPass and our recommendations for you on how to deal with it

    We’ve posted about LastPass data breaches before but at that time it was purported to be a false alarm according to the company, the news on this most recent breach is that it’s real and that LastPass users should be concerned.

    The data breach in question happened in August but LastPass is just now revealing the details on what was stolen and the scope of breach. At the time of the hack LastPass was again saying that it was a false alarm but that wasn’t true and “backup customer vault data” was accessed during the August incident.

    This backup vault data included both unencrypted data such as website URLs and encrypted data such as website usernames and passwords. Having both details will allow hackers to easily put two and two together to access customer accounts.

    With that said because the data for usernames and passwords is still encrypted LastPass has let customers know their data is still safe, as they say it can only be unencrypted with their unique encryption key that is derived from your master password. User master passwords are not accessible due to their “Zero Knowledge” architecture.

    With this architecture no one, not even LastPass themselves, has access to a user’s master password. LastPass requires that master passwords be 12 characters long so even if the hackers who accessed this data attempt to brute force individual passwords it would still be difficult to impossible, with LastPass themselves estimating it would take “millions of years using generally-available password-cracking technology”.

    LastPass users should still be on the lookout for phishing attempts in the upcoming days however, even if your data is safe bad actors may still use the news of this breach to attempt to trick users into revealing their data. You should never share your password details with anyone, especially your master password. LastPass will never ask you for your password information.

    Also some additional advice for business owners who may own websites from Google, because the URLs in this breach were not encrypted they may include some that you didn’t want publicly accessible. John Mueller a SEO expert at Google recommends reviewing any website URLs you may have that may inadvertently leak data for your business, including customer form data.

    We still believe password managers are a security benefit to both consumers and businesses alike. They’re one small part of increasing overall cybersecurity awareness and safety and fall under the larger spectrum of increasing user education and accountability.

    We’ve posted about proper password safety and advice on avoiding phishing attacks, but here are the top 5 things you can enable in your business today to improve your cybersecurity safety in 2023.

    Internet Safety InfographicIf news of breaches make you nervous and you aren’t sure if your business is prepared from a cybersecurity standpoint, Valley Techlogic can help. We consider ourselves to be a premier provider of cybersecurity services for businesses in our area and beyond. We can help your business by covering your endpoints, setting up secure backups, virus and malware scanning and prevention and more. Schedule a consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • LastPass say they didn’t leak your password, however some users still received alarming alerts

    LastPass say they didn’t leak your password, however some users still received alarming alerts

    Yesterday, a number of LastPass users received alarming alerts in their email inbox that their passwords – including their master password – had been compromised. The news quickly spread across the internet, starting with forums, and then making its way to Twitter where it was picked up by larger news outlets.

    LastPass immediately denied that a breach had occurred within their organization and at first indicated that the alerts were happening to users who were the victims of “credential shuffling”. That means these users had reused their passwords on other websites who may have had a breach in the past, and now bots trolling the internet for compromised accounts have stumbled upon their password vault credentials.

    This didn’t end up being the case either, but it is a good reminder NOT to password shuffle, especially with the master password for your password vault (if any password should be unique – it should be that one).

    As of this morning LastPass determined that the alerts were sent in error by systems that were set up to be too stringent. They’ve indicated they now adjusted the alerts systems so inaccurate alerts will not be sent again. They also clarified that they don’t store user passwords on their own servers, and that they work on a “zero knowledge” security model which means they are not able to see your master password at all.

    The fact that this news took off in a flash may be indicative of the heightened awareness users have around the security of their data, especially those who currently use a password manager as part of their security repertoire. Even if the alerts occurred in error that may be cold comfort to the scare those users experienced.

    To us, it’s a reminder that the best cybersecurity efforts are multi-layered. We believe it’s equal parts implementation of security measures, monitoring of those measures, and behavioral changes on the part of the users.

    Even if the alerts that occurred yesterday were the result of a system issue not a security issue, we think the users that responded had the right idea when they chose to investigate. It’s also a good idea to change your password if you get a security alert, even if it turns out to be a false alarm. It won’t hurt anything to take that extra step to protect yourself, the old adage “Better Safe Than Sorry” rings especially true when it comes to cybersecurity threats.

    We created this resource on the topic of good password hygiene that you can keep to review, or even pass along to your co-workers/employees.

    Small Version of the Strong Password IG
    Click to view the full size.

    Finally, even if the unthinkable occurs and your passwords are leaked, again a multi-layered approach will protect you. You should enable 2-factor/multi-factor authentication when and where you can. So if someone does get your password somehow, they still will be blocked from logging in.

    If the security measures in your workplace aren’t up to snuff or you’re interested in cybersecurity training for your employees, Valley Techlogic can help. Boosting the security measures for your business and providing a digestible cybersecurity training program for your employees is included as part of our technology service plans. Schedule a free consultation with us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Our Top 3 Picks for Password Managers

    Our Top 3 Picks for Password Managers

    The topic of 2 factor authentication (2FA) comes up A LOT. You’re probably already aware a password manager is the easiest place to start and will even make using your devices more convenient. However, this space is so loaded with choices now you may not know where to start.

    We’ve written a lot about what makes for a good password but what should you look for in a password manager?

    It depends on what your goal is. All password managers will help you with password safety, things like not re-using passwords and having stronger passwords because you won’t have dozens to remember.

    Some password managers only store your database locally, meaning it’s only on your own machine. The benefit of this is you’re in charge of your own security. The downside is if the device is lost or compromised, your database may be lost as well.

    There are also cloud storage password managers, meaning the password manager company will store your password database for you. We think for most users this is the better choice, however you are trusting your data to that company.

    So, what are our picks for password managers that are convenient to use but also have a good track record?

    1. LastPassThis is no brainer; we use this one! It’s free, straightforward, and compatible with many different browsers – even across Mac, Windows and Linux. They also offer 1 GB of secure document storage, meaning everything you need securely store will also be conveniently at your fingertips.
    2. 1Password1Password is a great mobile option. It began as an Apple centric product but has since branched out to include iOS, Android, Windows and ChromeOS. An extra bonus feature is it can act as an authentication app for programs like Google Authenticator. We also like its travel mode option, which allows you to delete sensitive data with one click while you travel and then restore it when you’re back home.
    3. DashlaneOur final pick is Dashlane. Dashlane is the newest of this bunch but they have a lot of slick features, including Dark Web reporting. The free version is somewhat limited but if you pay a low cost of $4.99 a month you unlock a host of features, including a free VPN and the ability to sync between devices. They also let you choose whether you want to store your database on your device or locally.

    One more thing, while your browser can somewhat perform as a password manager, that’s really not what it’s meant for. Browsers focus most of their development on being a better browser, not being a better password manager. Also the passwords they generate are not much better than “password” or “123456” (the most popular passwords 7 years running).

    Storing your passwords in a secure password manager is one of the best and easiest ways to improve your security online, so no matter which password manager you go with you’re making the smart choice.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!