The financial services industry encounters security incidents 300 percent more frequently than any other industry, the firm reported. Willie Sutton’s wisdom - he said he robbed banks because that’s where the money was - isn’t lost on cyberthieves, according to a report Websense released last week. However, “none of us are going to be around for long if we continue to see more security breaches.” Following the Money “I don’t see any other technologies replacing the password any time soon,” he added, “so I think there will be a growing and continued demand for password managers.” “People are doing more online, so there’s really a growing need for users to have strong and unique passwords for all these websites, and since people can’t remember more than three or four strong passwords, there’s a need for a password manager,” Carey said. “I would consider it a minor setback for the password management industry,” he told TechNewsWorld. Still, “it’s more secure, because if a hacker gets into the database of the password management company,” Shavell explained, “they’d have to hack each user’s account separately, which would take a very long time and not be worth the effort.” Minimal DamageĪny harm to the password management industry from the LastPass breach is likely to be short-lived, maintained Bill Carey, vice president of Siber Systems. If the only one with access to a user’s master password is the user, there’s an element of inconvenience, because if the master password is lost, so is the user’s data. Storing master passwords in the cloud makes it easier for consumers to recover their stored passwords if they lose their master passwords. One kind stores master passwords in the cloud the other kind doesn’t. There are two kinds of password managers, he told TechNewsWorld. “It doesn’t inspire confidence in consumers,” added Rob Shavell, CEO and cofounder of Abine. “The brand impact of something like this can be tremendous,” he told TechNewsWorld. “The biggest concern for LastPass is whether trust has been shaken in users’ minds,” said TapLink CTO Jeremy Spilman. While LastPass should receive plaudits for its rapid response to the attack on its systems, the question remains: Will bad press from the breach hurt the password management industry? He also recommended everyone change their master password. “The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.” Confidence RazerĪlthough LastPass was confident that its encryption measures would protect a majority of its users, Siegrist wrote, the company was taking the precaution of requiring users logging in from a new device or IP address to verify their account by email, unless they had multifactor authentication enabled. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed,” CEO and cofounder Joe Siegrist wrote in LastPass’ company blog. The company last week alerted users that “suspicious activity” on its network was discovered and blocked on June 12. The service recently came under attack again. A master password is used by users to protect the vaults where all their passwords for other services are stored. To make matters worse, LastPass wasn’t prepared for the traffic surge from everyone trying to change their passwords at the same time, so performance headaches inconvenienced users further. In 2011, the service found anomalies in its network traffic that forced it to reset all its users’ master passwords. Yet, that has happened to LastPass twice. A data breach is no picnic for any organization, but for a company that makes its potato salad by protecting other people’s passwords, it’s the mother of all nightmares.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |