LastPass Got Hacked, So What’s The Alternative?
Individual password management in the digital age is often a significant frustration to deal with. Since we often sign up to more than a dozen websites, we need to juggle many different passwords, which themselves often need to be regularly rotated. With this problem and the limitations on human memory, it’s only natural that we’d turn to streamlining solutions like LastPass to remember our passwords for us. With LastPass being hacked, however, users have been left wondering where they should turn next, and what might be safer and superior choices.
The Hacking of LastPass
Initially released in 2008, LastPass’s lifespan has seen multiple instances of security flaws with potentially dangerous implications for users. The first of these occurred in 2011, when harmful actors managed to force their way through outer layers of security, succeeding in temporarily crashing LastPass servers. In 2015, hackers managed to take it a step further but still couldn’t access encrypted data. Further incidents later made headlines in 2016, 2017, and 2019, with hackers constantly testing for flaws and keeping LastPass on their toes. It’s also worth noting that, in 2021, it was revealed that the Android app contained seven third-party trackers, which were widely derided by digital security specialists.
“Password” (CC BY 2.0) by wuestenigel
How do Password Managers Secure Your Passwords?
Password managers such as LastPass work by utilizing what is called AES 256-bit encryption. This is a military-grade level of safety, essentially turning simple passwords into long chains of letters and punctuation. The idea is that by turning passwords into long chains, it becomes infinitely more difficult for programs to brute-force guess what these passwords might be. These are bolstered by zero-knowledge architecture, where passwords are encrypted on a device before data is sent, meaning any intercepted data is useless. Through these means, password managers essentially collate a wide list of passwords to one master password which is addressed by the password manager app. In this way, users only have to remember one master password rather than dozens of individual ones.
What Popular Alternatives Exist?
Though password managers are popular, they’re far from the only method available to juggle large passwords lists and safety. Email authentication is another such system, which requires users to access their email as a two-factor security method. The problem here is that email verification is time-consuming and sometimes unreliable. Social media authentication can work similarly, but has similar problems, and is not especially useful for those who shy away from social media. Probably the best of the password alternatives is biometric security. By tying passwords to encrypted and locally stored facial or fingerprint scans, these systems are again impossible to brute force and come without the pitfalls in which LastPass sees itself constantly tripping into.
“Facial Recognition” (CC BY 2.0) by mikemacmarketing
While no method of password storage is technically unhackable, there are many which are essentially impervious to outsiders in any reasonable timeframe. For this reason, and the growing reliance we have on passwords, it’s likely that better password storage systems will eventually become the status quo. Whether through email or biometric safety systems, the implications for the future of online safety are pronounced and extremely positive. For those on the fence, we’d recommend giving these options a try as, even if you have a perfect memory, the time savings in themselves are often worth the effort.