LastPass Merge: Password Vaults Caught – CHIP
LastPass emphasizes that password vaults are securely encrypted, even in the hands of crooks, due to the zero-knowledge architecture used. Like other password managers, LastPass encrypts passwords locally on users’ devices and only then syncs them to cloud servers.
Although hackers can try to guess the master passwords of stolen safes by brute force, if you follow the guidelines for a secure master password, you should be pretty safe:
- Longer: The longer the better, the master password should be at least 12 characters.
- to mix together: Use a mix of upper and lower case letters, numbers and special characters.
- Password : Passphrases are a good idea.
- No information: Do not put any personal information in the master password, i.e. neither the names of your children nor your date of birth.
LastPass now warns of this danger
With customer data now in the hands of attackers, hackers could attempt to contact LastPass users to obtain the master password for your password vault.
LastPass notes that the company never sends text messages, emails, or calls to verify personal information. The master password is only requested in the application itself.
Is there more danger in the future?
In order to prevent further security incidents, LastPass claims to have rebuilt its entire IT infrastructure with additional security mechanisms.
