In an era of infinite passwords, each with slightly different requirements, LastPass — a company that allows customers to store their password collections online and access them with master passwords — seemed to many like a godsend. Until Monday, that is, after the company announced that hackers had broken into its system, gaining access to password reminders, e-mail addresses and even encrypted master passwords.
The combination of stolen data makes the hacking comparatively serious: simple codes such as “123456” can be hacked easily, regardless of encryption, while reminders like “Where were you born?” can be easily solved using public information from social media or records. Many other passwords can be guessed through so-called “brute forcing,” or using rented computer server firepower to crack encryption, CNN reports.
The company discovered the digital security breach on Friday. “We are confident that our encryption measures are sufficient to protect the vast majority of users,” Joe Siegrist, LastPass CEO and co-founder, wrote in a blog post Monday. “Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.”
Siegrist went on to encourage users who have reused their master passwords on other websites to replace those passwords and to encourage users to set up two-step authentication, which involves sending a passcode via text message to a user’s phone, to prevent future data losses.
[CNN]
More Must-Reads from TIME
- How Donald Trump Won
- The Best Inventions of 2024
- Why Sleep Is the Key to Living Longer
- Robert Zemeckis Just Wants to Move You
- How to Break 8 Toxic Communication Habits
- Nicola Coughlan Bet on Herself—And Won
- Why Vinegar Is So Good for You
- Meet TIME's Newest Class of Next Generation Leaders
Contact us at letters@time.com