A breach at LastPass has password lessons for us all

The hacking of the password manager LastPass should make us reassess whether to trust companies to store our sensitive data in the cloud. [Derek Abella/The New York Times]

While many of us were unplugging from the internet to spend time with loved ones over the holidays, LastPass, the maker of a popular security program for managing digital passwords, delivered the most unwanted gift. It published details about a recent security breach in which cybercriminals had obtained copies of customers' password vaults, potentially exposing millions of people's online information.

From a hacker's perspective, this is the equivalent of hitting the jackpot.

When you use a password manager like LastPass or 1Password, it stores a list containing all of the user names and passwords for the sites and apps you use, including banking, health care, email and social networking accounts. It keeps track of that list, called the vault, in its online cloud so you have easy access to your passwords from any device. LastPass said hackers had stolen copies of the...

Continue reading on: