TECH TRENDS hackers had gotten their hands on users ’ password vaults .
The timing caused a lot of issues . Many individuals and businesses had already finished for Christmas , leaving them very little time to react .
There is a historical element to consider here as well , namely LastPass ’ background with password iterations ( how many times they reiterate the hashes on them ).
Older users of the platform have very few iterations . Rather than going through and fully ensuring that every user had the right amount of hashes , that hasn ’ t been done , leaving those older users more exposed and their data more vulnerable .
In short , it will take far less brute force to crack an account with fewer password iterations . And as we headed into 2023 , it was just the master password that was preventing hackers from gleaning all of their data .
This isn ’ t just about LastPass . Again , what this breach shows is that nothing is hack-proof . Similar password management platforms will need to be wary because they ’ ve got a huge target on their back as a result of this , because of the mountain of data they hold .
What action can businesses take now to ensure they ’ re as protected as possible ?
The first thing to make crystal clear is that changing the master password on your LastPass account – and to the recommended best practice standard – is simply not enough .
As a result of that breach , those hackers now have access to all of your vaults , so to speak . Every detail that you or your business had in there is still at risk .
However , there are some key actions that can be taken now to mitigate the risk :
1 . Implement two-factor or multifactor authentication
This is the most important first step to take and will need to be implemented across every website or platform that doesn ’ t currently have either 2FA or MFA .
Essentially , this acts as another layer of protection , which usually comes in the form of a randomly generated code that is sent to a designated phone number by text or via a specific app . It ’ s also necessary for companies www . intelligentcxo . com
15