Pinterest Stumbleupon Whatsapp
Advertisement

After NSA surveillance, the Heartbleed threat, and hacking attempts against financial institutions, are you feeling like the digital world is falling down around you? Joe Siegrist, the CEO of LastPass, is here to settle the score on what all of these threats really mean for your password security.

Here at MakeUseOf, we often alert readers to the latest security threats The Latest Internet Security Threats That You Should Be Aware Of The Latest Internet Security Threats That You Should Be Aware Of Security threats have increasingly come from new directions and that isn’t looking set to change in 2013. There are new risks you should be aware of, exploits of popular applications, increasingly sophisticated phishing attacks, malware,... Read More both on the Internet and within their own computer systems Is DRM A Threat To Computer Security? Is DRM A Threat To Computer Security? Read More . This included full coverage of the Heartbleed virus Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More , the Windows technical support Cold Calling Computer Technicians: Don't Fall for a Scam Like This [Scam Alert!] Cold Calling Computer Technicians: Don't Fall for a Scam Like This [Scam Alert!] You've probably heard the term "don't scam a scammer" but I've always been fond of "don't scam a tech writer" myself. I'm not saying we're infallible, but if your scam involves the Internet, a Windows... Read More scam, and many other computer viruses and threats The 7 Types of Computer Viruses to Watch Out For & What They Do The 7 Types of Computer Viruses to Watch Out For & What They Do While your computer won't need a week in bed and antibiotics, computer viruses can delete and steal your data. Let's take a look at 7 of the most common viruses out there right now. Read More .

So what can you do to stay safe? The common advice, such as what Christian offered as part of the Heartbleed solution Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More , is to change your passwords. But is this enough, and can a password service like LastPass provide an extra level of security?

An Interview With Joe Siegrist

When anyone first hears of the LastPass service, it seems a bit counter-intuitive. How can it be safer to store your passwords inside of a browser add-on, right on your computer? Wouldn’t this be more of a risk, since your computer could get hacked and those passwords stolen?

The reality is that password security is complicated, because your password goes through many levels of transmission when you log into any online service. In this interview, we sit down with LastPass CEO Joe Siegrist to discuss these sorts of issues and how LastPass – and similar password management apps – deal with those security risks.

joeseigrist2

Advertisement

MUO: First – can you describe a little bit about what inspired the creation of LastPass? How did it all start?

Joe: I used to work in Internet telephony as the CTO of Estara, and we did a lot of security there. We had to figure out how to do key exchange and how to do it securely. I left with four of my best friends, and we wanted to work together again, but couldn’t do anything in VoIP telephony. We had used complicated techniques like tiered passwords and utilized an encrypted file to store them, but as we asked around to find out what everyone else did and learned that they used the same exact same password for everything, we knew we could help them.

…but as we asked around to find out what everyone else did and learned that they used the same exact same password for everything, we knew we could help them.

MUO: When people think about storing their passwords inside of a browser add-on, it actually feels less secure, because the browser or computer can get hacked. Is this a misconception? Why is the LastPass safer than other options out there?

Joe: If you’re using your browser’s password manager, there’s a good chance that any malware coming along could pull your passwords — LastPass does this, so could any other software. With LastPass, your exposure is far more limited, because you have less risk when logged into LastPass and nearly no risk when logged out.

Heartbleed And LastPass

MUO: Heartbleed affected encrypted logon transmissions for millions of users across the Internet. Do I understand correctly that this even affected LastPass users? What did LastPass do to respond to the threat posed by Heartbleed?

Joe: We were affected — our web servers utilized OpenSSL as well, but because LastPass has a second layer of protection, we were in a far better position than 99% of companies impacted. This is because sensitive data never hits our servers directly, it’s always encrypted first, and then SSL is a secondary layer of protection. Peeling back a layer of protection is bad — but not nearly as bad as peeling back the ONLY layer of protection for 99% of impacted sites.

Peeling back a layer of protection is bad — but not nearly as bad as peeling back the ONLY layer of protection for 99% of impacted sites.

We first realized that people needed to know what sites were impacted, and if companies had taken the right steps to protect themselves, so we made an overall test page. People could find out if it was safe to change their passwords and if the site had updated their SSL certificates. This was a free tool available for anyone, even if you weren’t a LastPass user.

For LastPass users, we have a security check that looks for all vulnerable sites. It tells you exactly which ones they are, how old your password is, if you should go change those passwords, and when it’s safe to do so.

The Hacking Of EBay And Spotify

joeseigrist3
MUO: Recently, eBay’s servers were hacked, and hackers were able to obtain personal user information like emails, addresses and birthdays. Can you share whether LastPass users would have been more affected or less affected by this than other eBayers? Are there special concerns or actions LastPass users should take in response to the eBay security breach?

Joe: LastPass users were affected much less than others. If they utilized different passwords for every site (like our prompts, and security check pushes), they would have contained their risk quite a bit. The risk of identity theft is still there, but you don’t have the problem of that password being cracked (and they will be cracked) and then utilized on other sites.

MUO: At the end of May, Spotify announced unauthorized access to its systems, where one user’s data was accessed, but that it didn’t include password or financial information. Should LastPass users take any special actions in relation to their Spotify password?

Joe: Where there’s smoke, there’s typically fire, so be cautious and just change your password — no harm in changing it beyond the 30 seconds it takes to do it.

I’d advise LastPass users to use multi-factor authentication on your LastPass, and random passwords on all your sites.

MUO:  Do you think LastPass offers any unique protections from these sorts of threats?

Joe: I’d advise LastPass users to use multi-factor authentication What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More on your LastPass, and random passwords on all your sites. When you take these steps, you can’t be phished because you can’t accidentally give out passwords you don’t know!

Additional Steps To Secure Passwords

In the past, MakeUseOf has covered both the free version of LastPass LastPass for Firefox: The Ideal Password Management System LastPass for Firefox: The Ideal Password Management System If you've not yet decided to use a password manager for your myriad logins online, it's time you took a look at one of the best options around: LastPass. Many people are cautious about using... Read More , and reviewed LastPass Premium LastPass Premium: Treat Yourself To The Best Password Management Ever [Rewards] LastPass Premium: Treat Yourself To The Best Password Management Ever [Rewards] If you've never heard of LastPass, I'm sorry to say that you have been living under a rock. However, you are reading this article, so you've already made a step in the right direction. LastPass... Read More . Some other password managers we’ve covered before included Chris’s review of Dashlane Dashlane - A Slick New Password Manager, Form Filler & Online Shopping Assistant Dashlane - A Slick New Password Manager, Form Filler & Online Shopping Assistant If you've tried a few password managers before, you've probably learned to expect some roughness around the edges. They're solid, useful applications, but their interfaces can be overly complex and inconvenient. Dashlane doesn’t just reduce... Read More , Kyle’s review of the KeyDb portable manager KeyDb - A Portable Password Manager KeyDb - A Portable Password Manager Read More , and Dave Drager’s roundup of the best password managers Password Manager Battle Royale: Who Will End Up On Top? Password Manager Battle Royale: Who Will End Up On Top? Read More available (including LastPass).

As Joe explained, when you’re shopping for a password manager that truly protects you from serious threats like Heartbleed and hacking attempts, the key things you want to be looking for include multiple layers of security like SSL encryption and protections like multi-factor authentication on your password management software login.

Most importantly, the ideal solution is to keep a completely different password for every single site or service you use. That of course, is the key benefit that password management services like LastPass offer. You don’t have to remember every one of those passwords in order to stay safe.

Do you use LastPass or some other password management service? Does it make you feel more secure in the face of all of these security threats? Share your own thoughts in the comments section below!

Image Credits: Bank Vault Door Via Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *