Jim and Mike on Password Security and LastPass
Published May 26, 2023
Related Learning Paths:
Related Courses:
A Dashlane study conducted in 2017 says the average American Internet user has 150 online accounts that require a password. That’s a lot of passwords—or variations on similar passwords. According to Zippia, almost 200 million digital records have been exposed in the United States each year since 2015 and it is estimated that at least one out every three Americans are hacked each year. How can we maintain strong passwords to keep our information safe without having to reset them every time we log in to one of our 150 accounts?
That's where password managers and other digital security technologies come into play.
LastPass is a popular password management tool that, until recently, was known for its convenience, efficiency, and enhanced security. However, in August 2022, a hacker breached the company’s customer database through an employee’s home computer and stole the account and password data of more than 30 million LastPass customers. This incident has called the safety and security of LastPass and similar services into question.
Experts in the field of computer science and data privacy, Michael D. Smith (Professor of Engineering and Applied Sciences) and Jim Waldo (Professor of the Practice of Computer Science), answer questions about this LastPass breach and offer their thoughts on ways you can protect your personal data and accounts.
Do you use LastPass to store your passwords?
Michael D. Smith (MDS): Yes, and I still do despite the recent breach. Centralization of secret information is convenient and a huge security risk. But given the proliferation of sites on which you have to create a login and password, you either use one of these password managers or use a couple of passwords across many sites. The former is still—assuming you use a very strong password for your manager—a better risk than the latter.
Jim Waldo (JW): I don’t use LastPass, but I do use a password manager. But I hope that we can move beyond passwords as a mechanism for authentication soon.
What are some ways you protect your own data?
JW: There are some simple things that anyone can do to make their data more secure. Use two-factor authentication. Encrypt your disk (modern operating systems allow this in a painless way). Make sure that you only interact with websites that are running https: protocols.
Security really depends on who your adversary is. Doing the simple things listed above will keep you safe from the rest of your family and co-workers, the kid down the block, and a majority of recreational hackers. If you know you are a target of more sophisticated hackers (you are a journalist doing investigative work, or a non-profit investigating human rights violations) then you need a higher level of security; organizations like the Electronic Frontier Foundation have checklists that will tell you what VPNs are best and the like. Interested in learning more about trending topics in data privacy from Mike and Jim? Take a look at some of their other blog posts below , or apply to join the next cohort of their course Data Privacy and Technology.