LastPass gets breached, but I’m not all that concerned.
The web is abuzz today about the reported breach at LastPass, and there is way too much FUD being spread. I’m not concerned. There are multiple reasons to not be, but that does not mean I won’t go and change my password. I just won’t be running around with my hair on fire predicting doom and gloom.
The largest reason is also one of the major reasons I like LastPass: 2-Factor Authentication. As long as you have a strong password, you only have a little to worry about, but if you have 2-factor authentication, you really have a lot less to worry about.
Don’t get me wrong: I’m not suggesting complacency. Still change your password. Having said that, you also aren’t likely to find your passwords out in the wild. That’s what strong passwords and 2-factor authentication are for, after all.
And, if you aren’t using it, then do it.
Also, when I say “strong password”, let me explain that I am not referring to throwing in a bunch of symbols and numbers necessarily. However, that does not hurt, and I would suggest at least one of these be used in any password. However, “The best password is a sentence, says expert“. That’s because researchers have discovered that length, not so much complexity, makes it more difficult to crack.
In all honesty, that should be self-evident. Each position is going to require at least 26 attempts, 36 attempts if using numbers and even more attempts if using symbols and punctuation. Making it longer means you multiply the required number of attempts by that amount for each character more.
Of course, using common phrases and sentences will work against you, so it should be something that isn’t easily guessed, not able to be picked up from your personal data (like birthday, mother’s maiden name, etc.) and the more random the better.
However, given enough time, money and resources, even the best password can be broken, so that is why 2-factor authentication is a must these days. Using a password is like using a condom, and you don’t want holes in it. Using a strong password with 2-factor authentication is like wearing a bulletproof vest.