This morning a 'white hat' hacker (i.e. one of the good guys) has published a report highlighting a security weakness he just discovered in a popular online password storage service called LastPass. View his tweet here.
If a LastPass user visits a website with some malicious code on it they could find their account completely compromised and all their passwords completely exposed to hackers.
I've never used one of these password vault services but I imagine they're very useful as we use more and more online services in our daily lives. This convenience is appealing, but putting all our passwords into a single place online inevitably comes with risk.
I'm reminded of a piece of advice I once read about storing passwords. It might sound surprising, but (assuming you trust your household and work colleagues) there's almost no risk in writing down certain passwords on a piece of paper kept at home or in our desk drawer. This is because most attacks on our online lives come from online sources, which are completely independent from our physical lives. There's no way a hacker in Russia could find and use the piece of paper with our Twitter password on it, for example. Same goes for our wifi passwords - someone outside your premises can't see that bit of paper so can't access the network, while someone inside your premises... well, you already trust them, right?
I don't think anybody would recommend this for financially-sensitive services like PayPal or online banking, and you should still change passwords regularly, but maybe this helps avoid needing a cloud-based password vault that could one day reveal everything you've got through a single gaping security hole.
You may also be interested in...
Subscribe to blog alertsAlert me!
Stay up to date with our latest creative blog posts