"Secure" Online Password Manager LastPass Has Been Hacked
In a recent blog post, the popular cloud-based password manager LastPass has officially announced that its network was breached this Friday. The company went on to say that there's no evidence to indicate that the hackers stole any encrypted data from the vaults or that they gained access to the users' accounts. Apparently, the only things that the attackers were able to take were e-mail addresses tied to accounts, password reminders, server per user salts and authentication hashes. The last two categories could allow the hackers to break some of the simpler passwords, but since they have to run 100,000 rounds of PBKDF2-SHA256, it's going to take a while so there's plenty of time for the customers to change them.
If you're not familiar with the name, LastPass is an online password managing service which aims to help its customers keep all their user accounts secure. What's really cool about this tool is that, after storing your user names and passwords, it will automatically log you into any of your accounts so that all you have to remember is the master password and not every single keyword that you use for a specific website. However, as I continue stating time and time again, there's nothing completely secure on the Internet and this is not the first time that the service has been hacked. A similar incident took place back in 2011, but at that time the company couldn't figure out exactly what was taken and didn't have the same advanced security measures which are now in place.
"Writing" them poses an even bigger security threat, anyone could find that piece of paper or the file.
Using the same password on every account is a huge security risk.
Memorizing 5-6 different passwords is difficult especially if you use some of them rarely.