Once again proving that nothing is safe from hackers, Password security site LastPass notified users that they discovered a suspicious intrusion on their network. LastPass is a service that allows you to set up an account to store all of your passwords requiring you only to remember a master password.
The company says it caught someone hacking into their network, but they don’t believe these people were able to access the encrypted user vault data or any accounts.
They do say that it looks as if LastPass account e-mail addresses, password reminder and authentication hashes were accessed. The company locked down accounts and required all users logging in from a new device or Internet provider verify their account by e-mail and asked all users to update their master password.
They also suggested that anyone who uses the same password for LastPass as they do for other sites or accounts, immediately change the password on that site, too.
The company pointed out that this attack highlights the importance of mulifactor authentication and suggested that anyone with a LastPass account enable it ASAP.
Multifactor authentication is when you need an additional step besides your password or PIN to log into an account. There may be a security question or a code may be sent to your mobile phone that you need to enter before accessing the account.
LastPass offers multifactor authentication options such as a USB key or using their smartphone app. When I’ve written about multifactor authentication options like Yahoo’s one-use e-mailed password, there’s always been a lot of negative feedback from readers who don’t appreciate the extra step and articles about losing passwords all together seem to get people up in arms.
But, in the end, multifactor authentication may be the only thing standing between your sensitive data and hackers.