Have Password Management Services Been Hacked To Death?

It was somewhat ironic that attackers were able to compromise the systems of popular password management website, LastPass, earlier this month.

And, for its users, it was also potentially devastating, as the hackers managed to steal data that could allow them to guess weak master passwords.

Sensitive information

As a precaution, the firm, which stores account passwords in an effort to make its users’ online lives easier, prompted all of its customers to change their master passwords. But can users really continue to trust services such as LastPass to help protect their sensitive information when they themselves are so easily hacked?

Multifactor authentication is a far safer bet, say some, including Brian Spector, CEO of CertiVox. He explains: “The breach is yet another example of the danger associated with passwords in general.

“Instead, there are tried and tested technologies that would enable multi-factor authentication (MFA) with no single point of compromise such as distributed key management. The more passwords are used the more breaches like this will occur.”

However, many in the IT security sector believe password management services are still a valuable part of overall security.

And the LastPass breach certainly highlights the importance of protecting these services as best we can, according to Ken Simpson, co-founder and CEO of MailChannels.

He says: “Services like LastPass and 1Password substantially increase the security of most Internet users, as well as increasing the convenience of managing access to the hundreds of online services we use each day. Even though these services take a very serious approach to their own security, they are going to be the target of highly sophisticated attacks from cyber criminals and nation-state actors looking to gain access to the authentication credentials of users.

“This being said, it is still much a much better security posture to leverage a password manager so that you can have a different complex password for each service you access. Combining LastPass or 1Password with a second factor authentication method such as YubiKey or SMS greatly improves your security – even if we assume the password service provider is breached from time to time.”

It’s also been argued that doing away with password management services completely would be folly.

“Ditching a password manager for manual techniques, such as remembering your passwords, will likely lead to overall weaker passwords,” suggests Javvad Malik, security advocate at AlienVault. “But users should bear in mind the complexity and scale of how many passwords are needed and stored by a password manager.”

He adds: “Some people may choose to move to another password manager on the market, but this won’t change the overall risk of being hacked. For all organisations, it’s not a matter of if, but when they will be hacked.

For now, with email addresses compromised by the LastPass breach, businesses will need to remain on their guard for potential spear phishing attacks.

Having access to the email addresses could allow the hackers to build a detailed profile of their target and create a very specific attack, according to Klaus Gheri, VP of Network Security at Barracuda Networks. He adds: “After building the profile the attack is likely to come from a ‘trusted source’ and this makes the chances of a successful attack considerably higher.”

As well as putting security systems in place, businesses, employees and consumers alike need to remain vigilant and question any unexpected email, with an attachment that arrives in their inbox.

How much do you know about hacking? Try our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

20 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

21 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

22 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago