We are writing this blog to educate you around the latest LastPass security breach event that we feel is important enough to share with all our clients not only clients specifically using LastPass. LastPass is a trusted password manager but as we are learning no technology is immune from security issues. The latest security issues are outlined by LastPass here.
LastPass disclosed that “some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” The reason why this is so critical and important to understand here is that using this technique the following information was accessed by the threat actor
Key things to remember:
For #1 above, the corresponding sensitive data should be changed as soon as possible. For example, if you had a personal questions and answers in the Notes field of a password entry, you should change the personal questions and answers for that site (or just use MFA instead).
For #’s 2 and 3 above (but especially for #3), all password entries in your LastPass Vault should be changed as soon as possible.
As a reminder, LastPass’ default master password settings and best practices include the following:
Yes, 1Password is safe. It uses high-level AES 256-bit encryption to keep your data secure. Plus, each 1Password account is protected with a Secret Key – a 38-digit security code stored on your device and your device only, that’s used as an additional layer of security for all of your operations. By keeping it written down in a physical location, or stored separately on external storage, you can make sure that no one gets unauthorized access to your data. This is going above and beyond – it’s not a common feature on most password managers.
1Password’s zero-knowledge policy leaves this and other sensitive information unknown even to the company itself, and Secure Remote Password (SRP) protocol prevents hackers from intercepting Master Password, Secret Key, and other transmitted data.
1Password is SOC 2 Type 2-certified by AICPA, indicating secure data management. The most current SOC 2 report is available on request. The company also maintains a private bug bounty program from Bugcrowd, with 387 unique researchers looking for bugs.
1Password password manager maintains recent penetration tests by ISE and security audits by Onica, with past pentests and security assessments completed by AppSec Consulting, nVisium, and CloudNative.
Overall, 1Password designed every feature to make sure only you have access to the passwords, financial, and other personal information kept in your account. You get full control of your security and multiple security levels protect it from hacker’s attacks – chances of stealing the data at rest and in transit are next to zero. To conclude, 1Password is a really safe and good password manager, especially for advanced users.
1Password is not immune to Password Breaches and has had its fair share of breaches but nothing compared to what we have seen with LastPass. Read more here, where you can see that LastPass has had a security event almost every year since 2014. Wheras 1Password has only had vulnerabilities that have been fixed not actual security breaches.
1Password is what we recommend to our clients because of the seriousness and lack of security events that come with the platform.
It bears repeating: 1Password has never been hacked. But even if its infrastructure were to be breached in the future, you can rest assured your data wouldn’t be at risk.
Every decision we make at 1Password begins and ends with the safety and privacy of your information. We know how important your data is, and it’s on us to make sure it stays completely safe from prying eyes. https://blog.1password.com/what-if-1password-gets-hacked/
We have assisted many businesses in implementing MDMs, developing custom security policies and procedures, and redesigning their networks.The list goes on and on. Contact us today and see how we can help you too.Contact Sales
We are a remote and fully distributed, Nationwide Apple focused MSP serving Washington DC, Philadelphia, New York, Chicago, San Francisco, San Diego & more.
We focus on providing top notch Mac Support for small to mid-sized businesses. Contact us, and learn how we can help your company.