The Garam Group Blog

Stay current on new technology and business practices

LastPass Vulnerability May Have Exposed Passwords On Certain Browsers

Tavis Ormandy is either the first, or the last person on the planet you ever want to get an email from, depending on your point of view. As Google’s best, most prolific bug-hunter, he’s constantly on the prowl for security flaws that could be exploited by hackers that could put your data at risk. Recently, he found a pair of big ones.

LastPass is one of a number of companies that offer a password vault service. The idea is that because people have so many passwords, it’s hard to remember which one goes where.

The password vault means that you don’t have to. You store each of your passwords in one secure location. Then, they’re recalled from the vault automatically, when and as needed.
That’s great in theory, and most digital security professionals recommend their use, but they do come with one glaring weakness.

Your password vault is only as secure as the company protecting it. If there are any bugs or flaws in the vault’s design, then any password you put into it is at risk if the hackers breach the vault. Since people tend to store all their passwords in the same vault, they essentially have the “all your eggs in one basket” problem.

Unfortunately, in recent months, there have been a whole string of vulnerabilities found in LastPass’ system. This has led to disgruntled users venting their frustrations on Twitter, wondering just how seriously the company takes digital security.

Just this past week, Ormandy himself identified two potentially devastating security flaws, one impacting people who use the Google Chrome web browser, and another that impacted FireFox users. In both cases, within hours of sending his report, the company responded and closed the security gaps that were discovered. However, the recent spike in discovered flaws is certainly disturbing to those who rely on the service to safeguard their passwords.

Used with permission from Article Aggregator


Want to stay current on new technology and business practices?

Get our new blog posts emailed to you monthly!

Share this post:

Share on linkedin
Share on twitter
Share on facebook
Phil Montero

Phil Montero

Phil Montero is a Marketing and Solution Engineer at The Garam Group working with companies to help them choose the right tools and thoughtfully apply them to improve their business. He has spent the last 2 decades sharing his technology tips and strategies through consulting, blog posts, videos, and webinars to help educate clients, keep them up to date on current technology, and navigate the changing world of work. When he's not writing or talking about tech, he can be found drinking coffee, playing ukulele, or cheering on his NY Giants.