LastPass Breached. Irony Police Investigating.

LastPass announced today that they may have been hacked (partially). Obviously a huge blow to user confidence in the password management service, LastPass said that while there is some evidence that hackers penetrated to some degree, they believe their enhanced encryption measures will make decrypting your master password difficult and slow. While they believe that no password vaults have been breached (yet), they highly recommend changing your master password immediately and enabling multifactor authentication.

Additionally, any users logging in from a new device or IP address will be asked to verify their account via email, unless they already have multifactor authentication enabled.

Sigh…It was bound to happen I suppose. It’s an obvious vulnerability of any password manager and is continually pointed out by opponents of the password vault concept.

While disappointing, I personally will continue to use the service (after changing my password of course!) – it’s still better than the alternative after all. And let’s not forget that if you have multifactor authentication enabled, your password is only one piece of information needed to access your account.