Have Password Management Services Been Hacked To Death?

It was somewhat ironic that attackers were able to compromise the systems of popular password management website, LastPass, earlier this month.

And, for its users, it was also potentially devastating, as the hackers managed to steal data that could allow them to guess weak master passwords.

Sensitive information

As a precaution, the firm, which stores account passwords in an effort to make its users’ online lives easier, prompted all of its customers to change their master passwords. But can users really continue to trust services such as LastPass to help protect their sensitive information when they themselves are so easily hacked?

Multifactor authentication is a far safer bet, say some, including Brian Spector, CEO of CertiVox. He explains: “The breach is yet another example of the danger associated with passwords in general.

“Instead, there are tried and tested technologies that would enable multi-factor authentication (MFA) with no single point of compromise such as distributed key management. The more passwords are used the more breaches like this will occur.”

However, many in the IT security sector believe password management services are still a valuable part of overall security.

And the LastPass breach certainly highlights the importance of protecting these services as best we can, according to Ken Simpson, co-founder and CEO of MailChannels.

He says: “Services like LastPass and 1Password substantially increase the security of most Internet users, as well as increasing the convenience of managing access to the hundreds of online services we use each day. Even though these services take a very serious approach to their own security, they are going to be the target of highly sophisticated attacks from cyber criminals and nation-state actors looking to gain access to the authentication credentials of users.

“This being said, it is still much a much better security posture to leverage a password manager so that you can have a different complex password for each service you access. Combining LastPass or 1Password with a second factor authentication method such as YubiKey or SMS greatly improves your security – even if we assume the password service provider is breached from time to time.”

It’s also been argued that doing away with password management services completely would be folly.

“Ditching a password manager for manual techniques, such as remembering your passwords, will likely lead to overall weaker passwords,” suggests Javvad Malik, security advocate at AlienVault. “But users should bear in mind the complexity and scale of how many passwords are needed and stored by a password manager.”

He adds: “Some people may choose to move to another password manager on the market, but this won’t change the overall risk of being hacked. For all organisations, it’s not a matter of if, but when they will be hacked.

For now, with email addresses compromised by the LastPass breach, businesses will need to remain on their guard for potential spear phishing attacks.

Having access to the email addresses could allow the hackers to build a detailed profile of their target and create a very specific attack, according to Klaus Gheri, VP of Network Security at Barracuda Networks. He adds: “After building the profile the attack is likely to come from a ‘trusted source’ and this makes the chances of a successful attack considerably higher.”

As well as putting security systems in place, businesses, employees and consumers alike need to remain vigilant and question any unexpected email, with an attachment that arrives in their inbox.

How much do you know about hacking? Try our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

8 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

9 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

10 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

12 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

14 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

15 hours ago