Password management service LastPass notified users their servers may have been hacked. I take a minute break, let it sink in.
Yes, this is the one (Last) uber-super secure system you trust with ALL your passwords. Ouch. But despite the hacking, LastPass says users who had a strong master password in the first place are still safe (and they are forcing users to change that master password now).
I’m not a security expert and don’t pretend to be one, so all you can get from me is some ramblings from a business user:
Most of us are at an even higher risk every day: statistics show that over 60% of Internet users
have a favorite set of login credentials and they use that single set across many systems. Very-very dangerous, but the reason we do it is that this is what we can remember easily.
Some do even worse –see the image 
(No, really?)
The few secure (hm…) options are:
- physical devices, passcode cards, USB sticks..etc, what if you lose them?
- password management systems like Lastpass, KeyPass, Passpack, Syferlock… – they never get compromised, do they?
- algorithmic passwords: combination of a fix portion (letters, numbers, upper & lower case) and a formula that changes the rest of the word based on the site you log into. Here’s an example.
The tradeoff with the algorithmic passwords is between using too easily recognizable patterns and our ability to remember / reconstruct them. But in light of today’s events this method looks like a winner to me.
Related articles
- LastPass potentially hacked, users urged to change master passwords (thenextweb.com)
- LastPass Security Breach? (ghacks.net)
- LastPass resets passwords following possible hack (go.theregister.com)
- Foxmarks, Xmarks, LastPass, Xpass, LastX, X%^&% Quick Rant (cloudave.com)
Biometrics Zoli, biometrics. You always have your fingers. And they’re quite hard to spoof.
Clearly – but there is the hardware dependency…
Also, we’re not only talking about securing one’s computer, but acess to Web services. It’s a chicken and egg scenario: what service provider will risk losing most of their user base by insisting on biometric access?