{"id":769,"date":"2011-06-28T08:45:43","date_gmt":"2011-06-28T13:45:43","guid":{"rendered":"http:\/\/techcitement.com\/?p=769"},"modified":"2011-06-30T23:47:40","modified_gmt":"2011-07-01T04:47:40","slug":"voice-of-objectivity-give-lastpass-a-break","status":"publish","type":"post","link":"https:\/\/techcitement.com\/software\/voice-of-objectivity-give-lastpass-a-break\/","title":{"rendered":"Voice of Objectivity: Give LastPass a Break"},"content":{"rendered":"<p><em>Voice  of Objectivity is an ongoing column meant to temper the  tendency of the  Techcited to run away with the most exciting or  controversial ideas in  technology&#8217;s near future. The opinions presented  here do not necessarily  represent the views of Techcitement or this  writer. Someone&#8217;s got to  keep a cool head around here. I guess I&#8217;ll  just have to pretend it&#8217;s me.<\/em><\/p>\n<p style=\"text-align: center;\"><em><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/farm5.static.flickr.com\/4024\/5126212574_f13305a5cf_o.jpg\" alt=\"\" width=\"529\" height=\"432\" \/><\/em><\/p>\n<p>Early last month, the online password manager <a href=\"https:\/\/lastpass.com\/index.php\">LastPass<\/a> suffered a serious breach. A significant quantity of data was accessed  by an unknown source, potentially compromising the online identities of  thousands of users. Because LastPass is a centralized locker for all  your passwords, it could represent a potential disaster for anyone  whose account was compromised. Forget email accounts and social  networks, we\u2019re talking about banks and sites with credit card  information.<\/p>\n<p>Fortunately,  LastPass\u2019s staff detected the incursion and went into lockdown, forcing  anyone whose account was accessed from a new IP address (for most  users, effectively meaning a new location) to reset their passwords. All  users were notified, and those with weak master passwords were strongly  encouraged to make a change, as they were the ones most vulnerable to  having their accounts compromised by the breach.<\/p>\n<p>Since  that time, I\u2019ve seen and heard this event referenced numerous times,  and all of them come with a stern reminder about the dangers of an  online password locker. That\u2019s fair enough, because discussions of  LastPass have always included that warning. But now there\u2019s another  admonishment attached to it. \u201cThey\u2019ve already had a breach,\u201d is the new  mantra of those warning about the dangers of LastPass.<\/p>\n<p>While  it\u2019s true that someone got access to some of the service\u2019s information,  I believe it\u2019s important to keep in mind what actually happened here.  This isn\u2019t <a href=\"http:\/\/www.wired.com\/gamelife\/2011\/04\/playstation-network-hacked\/\">Sony<\/a> losing huge amounts of customer information that was supposed to be secured or <a href=\"http:\/\/online.wsj.com\/article\/SB10001424052702304778304576375911873193624.html\">Citibank<\/a> hiding a security failure for weeks. LastPass\u2019s first line of security failed, sure, but their second line worked.<\/p>\n<p>While  usernames and passwords were stolen, the passwords were strongly  encrypted. The data leak was detected soon after it happened. Users were  notified immediately and were kept up to date extremely often on the  situation during the first few days. By forcing password changes for  anyone using the service through a new IP, LastPass effectively  prevented anyone from making use of the stolen data. When the  password reset system went down, LastPass made sure people knew how to  access the offline cache of their passwords that their system stores  automatically. LastPass has since initiated a third-party security  audit and has plans to make such audits a regular part of their  operation. They\u2019ve also instituted several other new security measures.<\/p>\n<p>Relying  on someone else for your security is a scary prospect. As a longtime  user of LastPass, I\u2019ll be the first to admit that it gets even scarier  when something goes wrong (you should have seen my face when I tried to  log into my account at a friend\u2019s house, just minutes after the lockdown  began and before the emails went out to users). In the long run,  this incident has increased my confidence in LastPass.<\/p>\n<p>I  would much rather rely on a company that would rather risk its own  reputation by dealing with a major failure rapidly and effectively than a company that wants to hide its disasters in the shadows.  LastPass\u2019s entire product is essentially security, so failing there  could literally destroy the company. But at the first sign of trouble,  they brought the incident out into the open, if anything  over-exaggerating the threat level involved. After the breach was  discovered, LastPass\u2019s biggest failure wasn\u2019t an inability to handle the  actual problem, but the fact that they were overwhelmed by the number  of customers resetting their passwords. This inconvenienced many users  (myself included) for a few days, but in no way further compromised  security.<\/p>\n<p>Perhaps  most important of all, as of this writing there has not been, to my  knowledge, a single user whose personal data was accessed as a result of  this security failure. With all the hacking disasters of this year,  that\u2019s a rare accomplishment, and it\u2019s entirely due to the strong  security procedures and business ethic of the company involved. I\u2019m done  admonishing LastPass on this one. Let\u2019s give them a moment\u2019s praise for  treating their customers right, even when times get tough.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Voice of Objectivity is an ongoing column meant to temper the tendency of the Techcited to run away with the most exciting or controversial ideas in technology&#8217;s near future. The opinions presented here do not necessarily represent the views of Techcitement or this writer. Someone&#8217;s got to keep a cool head around here. I guess [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71,38,70,40],"tags":[219,220,212,19],"_links":{"self":[{"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/posts\/769"}],"collection":[{"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/comments?post=769"}],"version-history":[{"count":4,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/posts\/769\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/posts\/769\/revisions\/794"}],"wp:attachment":[{"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/media?parent=769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/categories?post=769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techcitement.com\/wp-json\/wp\/v2\/tags?post=769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}