To return to our bank analogy, the vault is really only filled with safety deposit boxes that are brought to you when you need to access them. However, that isn’t how a reputable password manager functions. This would be the case if your password manager was just storing the passwords you provided on their own servers. The fear is that, should someone manage to break into the bank and access the vault, all of your money is there for the taking. You go to the bank and deposit your money-your passwords and other credentials-into their vault for safekeeping. To explain this, let’s pretend that your password manager is like a giant bank. Furthermore, a Decent Password Manager is Effectively Useless to Break Into Many of these open source projects have received security updates for vulnerabilities that went unnoticed, despite all eyes having access to the code.
This is also why open-source projects-where source code is openly shared so it can be examined and improved upon-are able to exist. So, while LastPass’ source code could be helpful to a prospective attacker, it isn’t going to be their magic bullet to get in. We say “only” because many pieces of proprietary software these days use many, many open source components, all of which need to be documented even if some modifications were made.
LastPass Lost Their Intellectual Property, Not Customer or Employee DataĪccording to the password manager’s report, no customer or employee data was successfully accessed, with those responsible instead only gaining access to the password manager’s proprietary source code.
Let’s review the situation, and what your response should be.įirst, let’s go over what we know. It’s been about a month since LastPass-one of the most well-known and popular password managers out there-suffered a security breach where attackers managed to worm their way into the systems where LastPass stored its source code.
0 kommentar(er)
