The vulnerability incident at LastPass yesterday, not an unprecedented event for the password aggregation service, provides all of their users – and Internet users in general – the opportunity to reconsider the importance of using stronger authentication methods to protect their accounts.
Though Jeremi Gosney and Dan Goodin with Ars Technica emphasize that the fallout from this incident should be very minor, despite more alarmist reactions elsewhere, the wisdom of single-factor security is worth revisiting. As David Gewirtz points out on ZDNet, the use of a password management tool like LastPass without a second authentication method can have the effect of offering up access to many of your accounts in one fell swoop.
While LastPass assures its users that none of its individual users’ encrypted data was taken, they admit that authentication hashes were compromised. While they will prompt users to change their master passwords, the long-term solution remains multi-factor authentication.