LastPass hacked, what next?

Tonight, the news that the LastPass password storage service had been hacked spread on the Web. The company itself recommends changing the master password to all users in order to avoid possible negative consequences of hacking. The good news is that the passwords stored in the cloud are still safe, because all this information is encrypted.

Nevertheless, the attackers, apparently, managed to get the user e-mail database, password reminders, authentication hashes. The last is exactly what is used to log in users to their accounts. But here you don’t have to worry too much - the company management states that the hashes are sufficiently protected from hacking.

Now every user at the entrance to the service sees an offer to change his master password. If you use this service, you should change the master password immediately. Well, if this password is used to access other services, you need to change everything and everywhere (and indeed, someone still uses the same username and password to access important information?).
')
It should be noted that this LastPass hacking is not the first, the service was already hacked in 2011. Then the management, as well as now, immediately warned users about the problem, forcing everyone to change the master password when trying to access an account from a new machine. At the same time, users were asked to pay attention to two-factor authentication, which allows for a much higher level of security than logging into your account using a common login-password.

Now the company takes precautions to help avoid the negative moments of hacking. So, for all users who access the service from new IP addresses and devices, verification by email is introduced.

All users of the service received a message from the administration with a corresponding warning. However, the administration believes that there is no need to change passwords to sites that are stored on the server.

Among other things, for protection it is worth using a password that you yourself cannot remember. A password that the user is able to remember (provided that this user is not a person with a photographic memory) is an unreliable password, in the overwhelming number of cases.

In general, it is now worth using two-factor authentication, if you have not already done so. In addition, you need to change your master password, and calm down.

Well, if you don’t want to store data in the cloud anymore, you should pay attention to KeePass , a password manager for PCs and mobile devices. One of the best programs of its kind.