These days, everyone has to remember passwords. Your Facebook requires a password, your email requires a password, and you need to enter a password to log into your computer or to unlock your smartphone (What? Your smartphone isn’t password protected…).
Because different systems require different formats for password (combinations of uppercase, lowercase, numeric, different minimum lengths, etc.), most people routinely juggle several passwords at a time. To simplify the process, there are cloud based password management services that store a user’s collection of passwords. The user only has to remember one master password.
LastPass is just such a service. Recently, LastPass announced that it had been hacked, resulting in numerous passwords and other sensitive user data being stolen. LastPass says the stolen passwords were encrypted, preventing the hackers from reading the actual, plain text strings. However, users of LastPass are being instructed to change their master password, and consider using multifactor authentication.
This hack raises the issue of the wisdom of storing passwords in the Cloud. Of course, the alternatives may not be better. Storing passwords on your computer is not very secure, and using one password (or slight variations of a single password) for every site runs the risk of compromising all your sites if one of the password is hacked.
The best method for securing your information is multifactor authentication. This can take several forms, from using a key fob with a constantly changing pass key, to having a system email or text you when you log in so that you can authenticate your authentication. Whichever way is employed, it’s becoming clear that passwords alone are no longer a secure method to identify that you are you.