LastPass is one of the most popular password management services out there, and it’s trusted by many users.
But is it really secure?
Why password managers exist
Keeping track of passwords for everything online can get hard, so many users fall back on lazy habits like using the same password for everything. That’s horrible for security. If someone can grab your Netflix password and use it to get into your bank account because you used the same one, it can be catastrophic.
That’s the idea behind password managers. These programs keep track of usernames and passwords for programs and websites. LastPass is one of the best known. Through a password manager, you can enter one master password and access every password you have. It removes the necessity of memorizing a huge number of different passwords and makes it easier to follow proper security practices by creating odd, hard to remember alphanumeric passwords that are harder to crack.
There are two main areas a security service can be hacked: by actually cracking into the back door and “emptying the vault”, so to speak, or by walking in the front with forged credentials.
LastPass uses a zero-knowledge system to secure its data. No passwords are ever transmitted in plain text. They are scrambled and put through several steps to prevent anyone from catching them at any point in transit, as well as living behind a complicated hashing system in LastPass’s data repository.
It’s also possible to turn on 2-factor authentication to add to LastPass security.
The other factor is giving someone access, though, and this is much harder to control. That’s because it’s dependent on the end user. Recovering a LastPass master password is fairly easy, especially if you have a canny attacker with some personal information. Phishing can pull enough personal information to steal credentials.
Or on a simpler level, someone leaving their computer logged in with LastPass logged in too has given access to everything to anyone with physical access. This even happens with public computers.
Nothing is ever entirely secure because security depends on people, and people tend to be bad about security best practices. You can make a jail as secure as you want but it doesn’t matter if you leave the front door open.
Is LastPass safe? It’s pretty secure against backdoor incursions. But it’s only as secure as you are. It may make security easier, but if you want to make your technology use really secure, it starts with your habits. Contact us today to start making your company more secure.