May 3, 2013

For the Love of Security: End-of-Week Link Round-Up

Tech news this week was dominated by the LivingSocial hack, which affected some 50 million customers. LivingSocial advised that all users reset their passwords, and as we mentioned earlier, you can use LastPass to login and generate a new password for you, and also update the passwords for any other accounts using the same or similar password. See Monday's blog post for more thoughts.

A few other articles that caught our eye:  

Why your password can't have symbols--or be longer than 16 characters << Ars Technica discusses the sheer variety of password practices across sites and services, some of which are counter-intuitive and maddening. There's no question of the need for a password manager to centrally store and "remember" your passwords for you, since it's near-impossible to cope with all the variations of password requirements.

Twitter Warns Journalists: We Believe These Attacks Will Continue << Twitter sent a memo to news organizations stating that, while Twitter continues to work to improve security for its users, the organizations are also responsible for implementing better security standards. Amongst their recommendations were the company-wide use of password managers, with a nod to LastPass as a solution. This is a message we hope continues to spread; as we said above, end-users need to be just as proactive now in protecting their online life.

Teenage Password Security: Risk of Identity Theft << While they're arguably the most tech-savvy generation, the current teenage population is opening itself up to significant risks of identity theft due to poor password strategies coupled with over-sharing online. We'll add that this demographic typically believes they "don't have data worth stealing", so it's clear more education is needed here to provide tools for better password hygiene while highlighting the true costs of identity theft.

And can you believe it?
AP GraphicsBank
The World Wide Web turns 20! In 1989, the World Wide Web was invented by British physicist Tim Berners-Lee. Check out CERN's article for some more fun facts. Not to be confused with the Internet - the Internet is the technical system that makes the World Wide Web possible. The Web can be thought of as an "application" that runs on the Internet that allows us to share information and interface with each other via the web pages that load in our web browsers, so we can share all those awesome cat memes.

Happy Birthday, World Wide Web!

Apr 29, 2013

LivingSocial Hacked: What You Need to Know

LivingSocial confirmed on Friday, April 26th that they experienced a cyber-attack on their computer systems that resulted in unauthorized access to some customer data on their servers, including names, email addresses, date of birth for some users, and encrypted passwords (hashed and salted). The daily deals site joins a growing list of services who have been hacked in the last year and a half, including Zappos, Evernote, LinkedIn, eHarmony, and Last.fm.

Update Your Password, Now


Although the passwords were hashed and salted, and there are no known dumps of the stolen data, it's plausible that a percentage of the password hashes are known or have been brute-forced to reveal the plain text passwords, given the increasing speed at which brute-forcing can be performed and the proliferation of weak and duplicate passwords.

Echoing LivingSocial's recommendations in their email to the 50 million affected customers, we strongly recommend that anyone with a LivingSocial account follow the steps to update their password immediately, and update the password on any other accounts that used the same or similar password. Launch LivingSocial, click the "Create New Password" button on the top right corner of the homepage, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. The LastPass Security Check, in the Tools menu in the LastPass addon, will also help you identify any weak or duplicate passwords.

Now Is the Time to Be Proactive


We're seeing a trend that highlights some critical truths about passwords:
  • Hacks of popular services are inevitable, and their frequency is increasing - password re-use and weak passwords make the situations that much more damaging
  • The end user must be as proactive as possible about protecting their data - this means using a password manager to create strong, unique passwords, and following best security practices - like avoiding open WiFi, running up-to-date antivirus, avoiding public computers, and backing up your data
  • Companies need to take responsibility in educating their employees and providing tools, like LastPass Enterprise, that help them better protect corporate data and enforce high security standards
Help us spread the word about secure password management to family, friends, and coworkers who would benefit from the ability to achieve higher security standards while making their online life easier. With generated passwords, hacks like these are less likely to pose a risk to their personal data, and recovering is a matter of a few clicks to generate a new password.