Late last year, we learned that password aggregator Last Pass was hacked, with criminals accessing the firm’s entire infrastructure via a weakness in a third-party software tool used by an employee. It’s been quite the saga, with the breach in August 2022 being the second in as many years.
The news was a blow to the credibility to the entire password management sector and the saga is ongoing, with an update issued by the firm just this past March 1st. So, what do you do?
They say a rising tide lifts all boats. In this instance, it’s just the opposite: All the major password aggregators are equally prone to attack and suffer the same risks of a breach. Regardless of these risks, as long as you have Multi-Factor Authentication (MFA) enabled, the benefits of using a commercial password aggregator outweigh the risks of trying to keep up with dozens, or even hundreds of individual passwords. While this is not a very comforting statement when it comes to the protection of your data, it is an unfortunate indictment as to the current state of security when operating on the internet.
