The balance between convenience and security is getting increasingly difficult as password-cracking systems become more complex. With mobile devices, many users end up relying on companies like 1Password or LastPass to manage their passwords, so that they only have to remember one master password. Authentication security is such a vital aspect of the modern internet, and today LastPass has posted news of a security breach on their company blog.
At the end of last week, LastPass discovered suspicious network activity, and discovered that some user information like email addresses, password reminders and some authentication information for some users was compromised. This isn’t as bad as a full breach of users’ passwords, because user passwords themselves are encrypted on LastPass servers, but it’s still not good.
LastPass is taking steps to ensure that their more vulnerable users (those without multi-factor authentication) must verify their accounts by email, and everybody is being prompted to update their master password. The company suggests that if your master password is weak, or if you use it on other sites, you should change it right away on all web services, as those passwords will be the most vulnerable in the wake of this breach.
If you are a LastPass user, definitely go and create a new password right away, as comments on the blog post suggest emails have been slow in delivery to some users.