By Nate Christoffles / Oct 14th, 2016
Cloud-Based Password Managers - Are They Secure?
Cloud-based password managers make your life easier– but are they secure? This summer two vulnerabilities in LastPass, the online password storage program, made a lot of people wonder! This isn’t the first time there’s been a security issue in LastPass — back in 2015, LastPass was hacked and users were asked to change their master passwords.
Should you still use cloud-based password managers? If so, what security precautions can you take? Here are some tips from the experts on how to properly vet your cloud provider.
- Use two-factor authentication, such as an app for your mobile phone or a token. This can make it much harder for an attacker to access your account and steal your passwords.
- Ask the provider if there is a way for you to see the login history for your account. That way you can tell if an unauthorized person has accessed your account.
- Does the provider perform routine security assessments? Can they provide a letter of attestation or a report demonstrating strong security?
- Do a Google search for security issues relating to the cloud password manager system. Are there any known vulnerabilities or hacks? How have they responded to security issues in the past that have become public?
- As always, take care not to click on malicious links in phishing emails or social media sites. Both of the LastPass vulnerabilities reported this summer required that a user click on a link in a phishing email or take similar action.
Cloud-based password managers can be a useful tool for storing strong passwords, but make sure to do your due diligence before putting all your eggs in one basket!
About the Author
Nate Christoffels
Nate Christoffels is the Sales Team Manager at LMG Security.
