LastPass Breach Demonstrates the Power of Avoidance

  • Written by Michael Bargury
You are currently viewing LastPass Breach Demonstrates the Power of Avoidance

A recent LastPass breach has once again raised concerns about password managers’ security, especially commercial password managers with cloud infrastructure. The breach led to hackers gaining access to both code and data. This time on Dark Reading, I describe how I became a proponent of secret managers and LastPass, my chosen password manager, and how I helped my family and colleagues to do the same. I also discuss the theory behind the safety of password managers and the downsides of other password management methods, such as using a “good password” for everything.

I address the question of what to do if your password manager is breached, with two main recommendations: ensure that your master password is strong enough and enable multi-factor authentication (MFA) on every important account. I also stress that MFA is notoriously difficult to implement, and manually changing all passwords if plaintext passwords are exposed in a breach would be a catastrophe.

I strongly recommend this article to anyone who uses a password manager and is concerned about the security of their personal information. You will find an insightful discussion of the theory and practical aspects of password managers, and some valuable advice on what to do if your password manager is breached, including practical steps that LastPass users affected by the breach should take.

All the news straight to your inbox. Signup for Zenity’s weekly newsletter.

Don’t miss a single opportunity to get knowledge.

About the Author

Michael Bargury

Michael is the Co-Founder and CTO of Zenity. He is an industry expert in cybersecurity interested in cloud, SaaS and AppSec. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC and confidential computing. Michael is leading the OWASP community effort on low-code/no-code security.

Table of contents