Tuesday, June 23, 2015

Say It Ain't So LastPass!

   There are so many data breaches happening each week that it's easy to become numb to all the announcements.  Sometimes one or two dominate the news because of the size or importance of the breach.  Sometimes there is confusion in the media about the breach or the significance.  Sometimes the experts don't agree.

   I think most people have heard about the OPM - Federal (US) Office of Personnel Management - breach in which personal information on over 4 million people, including security clearance information, possibly dating back to 1985 was stolen in attack on federal computers.  Everyone agrees that this one was big and bad.  But also in the news was the breach of information at LastPass, and there is far less consensus on the impact.

   LastPass is a password vault - a program that lets you store all your passwords in an encrypted "safe".  I've talked about password vaults many times in the past.  I have always recommended the use of a password vault and I still do.

   First, let's discuss what happened.