Tech View: Changing password manager seems prudent after breach

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

By now most folks, and especially regular readers of this column, have heard of password management software. Using a password manager is one of the four pillars of defense against bad actors on the internet, the other three being MFA, endpoint protection and off-site backups.

Password managers allow individuals, businesses and government agencies to easily follow best practices in establishing and maintaining passwords for the myriad of websites and applications encountered by the contemporary computer user. So it was with some dismay that one of the products often mentioned here, LastPass, has announced a seemingly never-ending stream of disclosures of security breaches.

The LastPass breaches have been covered in gory detail over the web, so we won’t recap them here. To date, LastPass continues to maintain that customer passwords have not been compromised, but the way things are going, it seems almost inevitable.

To its credit, LastPass has been transparent in providing information about the security breaches. The morbid joke has been that if LastPass was as good as protecting its data as it is at telling us about breaches, it would be bulletproof.

What should LastPass users do? After the initial breach disclosures, many were unalarmed, and the need to change all of one’s passwords seemed an overreaction. As we sit here today, however, changing all your passwords seems prudent, no matter how tedious that may be.

If you’ve followed our past advice of using multifactor authentication (one of the four pillars), the risk is somewhat mitigated. After all, that’s what MFA is for, requiring more than just a password to access websites and apps.

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service Opens in a new tab and Privacy Policy Opens in a new tab. This form is protected by reCAPTCHA.

And it goes without saying that it’s time to change password management software. What are the options? For organizations, the business versions of Dashlane and NordPass are nice options whose password management functions are similar to those of LastPass. Both include features that system administrators look for, like single sign-on.

For individuals, Both NordPass and Dashlane have nice products and can be had for just a couple of bucks a month. Both have free versions, but let’s face it, the free version is just that first hit to get you hooked so you buy more. And with what’s at risk, a couple of bucks a month is well worth it. The free version of Bitwarden, an open-source based product, is less restrictive.

Not surprisingly, all of the products mentioned above allow for easy import of your LastPass data. Be careful, though. This process typically involves the export of your passwords into an unencrypted text file, which is placed on your hard drive. After you import the data into your new password manager, make sure to permanently delete the unencrypted text file. On Windows this is accomplished with a shift-delete; on a Mac, use cmd-option-delete.

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.