Asena Security

LastPass was breached. Are Password Managers safe?

2 minute read

I’ve been a proponent of password managers for many years and have constantly been preaching to people that they need to embrace them. Obviously the question of keeping all your eggs in one basket can cause heart palpitations but the alternatives, such as an excel spreadsheet, give others more comfort.

  • Secure password vault (Only as secure as your passphrase is!)
  • Notification of breached sites where you have an account
  • Autogeneration of secure passphrases
  • Integrated 2FA TOTP
  • Web browser modules for auto-input and site validation
  • Auto creation of complex and long passwords (although I prefer an easier method of passphrase creation which I will present in another article)

Although the LastPass breach was probably the worst thing someone who is skeptical of password managers would fear, the issue is not with the concept of an encrypted password vault but rather the execution of the application by the vendor which failed. Until the death of the password comes about there really is no better way to store credentials that is user friendly and ensuring user friendliness, simplicity is important in ensuring integrity when creating a secure digital footprint.

Let’s Debunk The Myths

From my reading and discussions with people who are not in cybersecurity the concept of a single file protected under a master password (ie putting all your eggs in one basket) can sound scary. But let’s look at the alternatives:

The Journal

Ok, so maybe it’s not a ‘little black book’ but let’s just say it’s a piece of paper, a notebook stashed somewhere or in a vault. The pro’s are it’s the best offline method of recording passwords but let’s be honest: are you really going to record long, complex passowrds by handwriting? The most important concept is to

Someone is Targeting You, Personally

In email parlance this is called Spear Phishing. If you’re a C suite executive, high profile public figure, government official or some 007 working for MI6 well, you’ve got bigger issues and yes, a password manager is still a viable solution with a particular tweek (as referenced before this is something I’d discuss later).

Types of Password Managers

The most common type that people are familiar with are the ones in the cloud. This includes 1Password and Bitwarden (The two I would personally recommend as of this writing). However there are roll-you-own which involve standing up your own personal KeePass database and requires a bit more technological know-how. This certainly avoids the problems of the cloud (a la LastPass) but you’ll need to be a bit more saavy and willing to devote some time to for care and feeding. Some password managers are just literally disseminating your own backups or clones of your password database to the devices you want to. I tend to create new accounts at a sad but certainly alarming rate so common updates which requires constant duplication are not for those that wish to be involved in a high-mainteance relationship.

You May Also Enjoy

Why is poor cybersecurity hygiene so rampant?

less than 1 minute read

What’s The Easy Fix to Ransomware On Your Computer I’ve never had this happen to me however it’s a common set of events. Your computer is persistently slowin...

ChatGPT Resources for IT and Cyber

1 minute read

Why This List? With all the talk of how great ChatGPT and AGI (Artificial General Intelligence) is as well as the cautions surrounding it those of us in Cyb...