LastPass, the online password manager, has now revealed that it has become victim of a cyberattack in which user data was compromised and it has urged all users to change their master password. LastPass account email addresses, password reminders, hashed user passwords and cryptographic salts were all stolen in the cyber attack. You can find more on this news here.
Geoff Webb, vice president, solution strategy at NetIQ, the security portfolio of Micro Focus:
“While the breach at LastPass will probably not cause significant problems for their users (provided they change their master password as advised) it does underline the broader issue with authentication and the use of passwords as a single-point of identification.”
“However the system is implemented, using a password alone ultimately places the totality of our trust in the authentication method in a single factor – in one piece of information that is used to prove we are who we say we are. This is still, and will always be, the weakest link in the chain and so it’s not surprising that attackers focus on it. Whether it’s an attack aimed at a service like this, or simply working to identify users with weak, multi-use passwords, attackers know that successfully gaining access to an account is usually just one password away.”
“We are at the end of the useful lifespan of the password as the sole method of authenticating who we are – the more complex interactions we undertake online, and the sheer volume of services we work with, now mean we must use an approach that is more sophisticated if we want to stay secure and keep our information private. Whether the right answer is using tokens, smartphones, biometrics, behavioural indicators, or some mixture of them all, will depend greatly on the sensitivity of the information or service being secured, but whatever it is, simply relying on a user to think up, and remember a sufficiently secure password is not going to be enough anymore.”
[su_box title=”About Geoff Webb” style=”noise” box_color=”#0e0d0d”]
Geoff Webb has over 20 years of experience in the tech industry and is the Director of Solution Strategy at NetIQ. He is responsible for the NetIQ Information Security, Identity and Access and IT Operations Management solutions.Webb joins NetIQ from Credant Technologies, where he led marketing around their data protection and encryption management solutions. Previously, Webb also served as a senior manager of Product Marketing at NetIQ, and held other management positions at FutureSoft, SurfControl and JSB.Webb often provides commentary on security and compliance trends, and has written on a number of related topics for such journals and websites as: USA Today, CIO Update, Healthcare IT News, The Tech Herald, Compliance Authority, Virtual Strategy Magazine, TechBlind, Internetnews.com, e-Finance & Payments, Law & Policy, Dark Reading, BankInfoSecurity.com, Payment News, Wired and InfoSecurity.com, among others. He holds a combined bachelor of science degree in computer science and prehistoric archaeology from the University of Liverpool.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.