Skip to main content
  1. Home
  2. Computing
  3. News

LastPass being ‘paranoid’ as it tries to clean up its password mess

By

passwordIs nothing sacred anymore? Universal password storage service LastPass announced via its blog that a hacking attempt earlier this week potentially accessed its database of sensitive user information – namely, passwords. Still investigating the situation, LastPass announced on Wednesday it will “be paranoid and assume the worst”.

The service assured that users’ who use “strong, non-dictionary based password or pass phrase” should be safe. “Unfortunately not everyone picks a master password that’s immune to brute forcing,” Last Pass said, and advised that all users’ change their master passwords and that the site would be verifying their identities. Unfortunately, that backfired as the site was rushed with traffic from users scrambling to change their passwords and is now implementing an incremental switch to keep things moving.

Recommended Videos

LastPass admits this “may be an overreaction…but we’d rather be paranoid and slightly inconvenience you than to be even more sorry [sic] later.” And in light of PlayStation’s recent data disaster and alleged mishandling of the situation, overcompensating for the possible intrusion is LastPass’ best bet. The suit lodged against PlayStation claims that the company did not inform its customers of the hack in a timely manner, costing many of them stolen credit cards. CEO Joe Siegrist told PC World he’s extremely doubtful that mass amounts of user data was stolen, but says LastPass will continue to be overly cautious. Siegrist admits it’s more than possible some information was accessed, though he believes only the usernames and passwords to log into LastPass were penetrated, and that passwords stored in LastPass were not.

Related

Siegrist says LastPass is probably acting a little “alarmist,” but is trying to do right by its customers and keep them as up to date on the issue as possible (LastPass’ team has been very responsive via Twitter). He also says the site is rolling out improved encryption standards and making sure users are logging in via familiar IP addresses as an extra precaution. It’s not an enviable position to be in, but it sounds like PlayStation could have taken a play out of LastPass’ book on how to act fast and inform customers on this one.

There are a slew of password storage sites online – Passpack, KeePass, Agatra – and if you’re a user, it’s time to strengthen your password’s security. You might hear these tips (and possibly disregard them) all the time, but a subtle reminder never hurts:

  • Don’t limit yourself to common phrases. Use as much of the keyboard as possible.
  • Use as many characters – and numbers – as allowed.
  • Use both upper and lowercase characters.
  • If you can use symbols, do.
  • Many sites will notify you as to how strong your password is, but if you want an outside opinion, run it through Microsoft’s or HowSecureIsMyPassword’s verifiers.
  • Don’t use personal information. This can’t be stressed enough.
  • Dictionary words are easy to crack.
  • Repetition is bad, as are easy to identify patterns (sequential numbers, QWERTY, repeated letters).

Editors’ Recommendations

Topics
Molly McHugh
Molly McHugh
Former Digital Trends Contributor
Before coming to Digital Trends, Molly worked as a freelance writer, occasional photographer, and general technical lackey…
LastPass is scaling back its free tier. Find out if you need to pay
LastPass

LastPass currently offers a free tier that lets a single user access its password manager service on all their mobile devices and computers. But that’s about to change.

Starting March 16, the company will limit its free tier to only one device type, either mobile or computer. So if you select to keep the free tier for mobile, you’ll be asked to pay a fee to continue using the service on computers, and vice versa.

Read more
Leaving LastPass? Here’s how to take all your passwords with you
LastPass

If you, like many of us, have been happily using LastPass's excellent free tier for the last few years, you're probably dismayed that LastPass is moving to change the way its free access works. From March 16, you'll only be able to sync your LastPass database between mobile devices or computers -- but not both. So if you want to keep accessing the same passwords on your phone and laptop, you'll have to pay up and join LastPass's premium subscription for $3 a month.

Of course, not everyone is wild to pay a subscription fee -- or has the free cash to do so. If that's you, you're probably looking for a password manager to replace LastPass. But you won't want to leave all your collected passwords and logins behind. Thankfully, you can quickly and easily export your LastPass passwords and login information and import them into your new password manager of choice. So go check out our list of the best password managers, then dive into our guide on how to leave LastPass and take your passwords with you.
Export your LastPass database
Now that you know you're moving from LastPass, the first step is to make sure you take everything with you. Thankfully, exporting your database from LastPass is simple. Unfortunately, there's no way to export your passwords from the mobile app, so you'll have to use a PC or Mac to complete this action.

Read more
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more