l****z
发帖数: 29846 | 1 One of the most popular password security companies just admitted it was
hacked
Cale Guthrie Weissman
Jun. 15, 2015, 3:27 PM
LastPass, a popular password manager program, just admitted it's been hacked.
In a blog post published today, LastPass’s Joe Siegrist writes, "The
investigation has shown ... that LastPass account email addresses, password
reminders, server per user salts, and authentication hashes were compromised
."
LastPass works by having users choose one strong master password that they
must remember. When they log into LastPass, they use this strong
authenticator to gain access to a list of all of their other passwords,
which are stored in encrypted form on LastPass' servers.
LastPass’ servers do hold a list of all of its users passwords, but because
they are encrypted (meaning they are heavily ciphered making it nearly
impossible to crack), it's highly unlikely any hackers would be able to
decrypt LastPass' password trove.
Further, the encryption and decryption happens on the users' devices,
meaning that LastPass has no way to access any of its users' non-ciphered
passwords.
It's important to note that this breach does not mean that hackers have full
access to the passwords of every LastPass user. What it does mean, however,
is that if users use a weak master password or have used the same password
for another website, there’s a likelihood that hackers could gain access.
To fix this, all LastPass users should change their master password if it is
weak. Also, users should implement multi factor authentication, making it
even harder for hackers to gain access.
Users, however, need not have need to change the passwords stored in
LastPass. | S**C
发帖数: 2964 | 2 Kao! Thanks for the info, just changed master passcode for the sake of it,
although mine is reasonably strong and with two-step authentication. | s******l
发帖数: 1 | 3 版主标题改改吧,免得被人说种族歧视 :)
hacked.
password
compromised
【在 l****z 的大作中提到】
: One of the most popular password security companies just admitted it was
: hacked
: Cale Guthrie Weissman
: Jun. 15, 2015, 3:27 PM
: LastPass, a popular password manager program, just admitted it's been hacked.
: In a blog post published today, LastPass’s Joe Siegrist writes, "The
: investigation has shown ... that LastPass account email addresses, password
: reminders, server per user salts, and authentication hashes were compromised
: ."
: LastPass works by having users choose one strong master password that they
| l****z
发帖数: 29846 | 4 哈哈哈哈, you made my day :-)
【在 s******l 的大作中提到】
: 版主标题改改吧,免得被人说种族歧视 :)
:
: hacked.
: password
: compromised
|
|
