The popular password manager app LastPass just admitted to being hacked, and security experts are responding.
The question at hand is: Does this mean that password managers are just as hackable as any other security program?
This is as especially important question because historically most security experts believed password managers — like LastPass — to be the safest way for people to maintain their online identities.
Now experts aren’t so sure, and some are squaring off on forums like Twitter.
Here’s a rundown of some of the debates underway:
Digital culture expert Elizabeth Stark took issue with the practice of storing user passwords in a centralised place, such as LastPass’ servers (although it should be noted that this collection of data is encrypted, meaning it is highly unlikely it will be breached):
The ACLU’s principal technologist Christopher Soghoian responded in kind:
Here, Soghoian is saying that plain-text reminders that logically lead people to remembering their passwords ae more hackable and problematic than password managers as a whole.
CNNMoney’s Jose Pagliery disagrees:
But perhaps the most vexing issue at the core of this debate is: What is to be done? Does this mean that nothing is safe?
While no consensus was drawn, experts generally believe that not having a central repository of this data is best. Even better, some say, is storing this sort of encrypted password data locally.
Here are tweets from noted privacy experts Kenn White and Jillian York with a few recommendations:
The general tenor is that this LastPass breach isn’t good, and even those who follow the most stringent practices don’t agree on the effect this could have.
But, in the end, there are a few things to learn from this saga.