Learn from the LastPass breach and be smart about how you use your password manager.First, it’s important to understand what happened: The company said intruders had gained access to its cloud database and obtained a copy of the data vaults of tens of millions of customers by using credentials and keys stolen from a LastPass employee. And password managers, limited as they are, will be the best way to manage those passwords. Until we can access everything via Face ID or some biometric means, we are going to have passwords. And now we are back to evaluating the convenience of keeping the form updated and using it against the risk that the form can be stolen and hacked. How is that going to work on the days you are working away from that paper? Users are going to write their passwords down in some digital form. Others will advocate for the old-fashioned method: write the passwords down on a piece of paper. However, what are the alternatives? I do not know enough to say that one password manager is technically superior to another. Some will argue that password managers are a bad bet since they are natural targets for hackers. Should you react to the LastPass breach by ditching LastPass? Only if you are moving from LastPass to another password manager. What Does This Breach Say About Using Password Managers? Let users know that the LastPass breach is not a good reason to stop using password managers.Be especially aware of unusual usage patterns for executives. If setting up MDR is too much for now, at least increase your audit log reviews. This LastPass breach is another good reason to set up managed detection and response ( MDR).Hackers may have information (such as websites visited) that would help them create a more personalized (and therefore believable) phishing message.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |