The good news is that the passwords stored by LastPass are encrypted, which means they’re extremely difficult if not impossible to crack. “The kind of encryption used by password management companies is strong enough that it would take someone a thousand years to crack into it,” Cluley says.
The company did say that user emails may have also been leaked as part of the breach, which could potentially allow hackers to access the accounts if they were able to guess the master password. It accordingly advised some users to change their master passwords, and LastPass was lauded for its fast response and overly paranoid approach to its users’ security. That’s in contrast to companies such as Sony, which was criticized for its slow response to an April data breach and failing to encrypt its users’ personal information in the first place.
Still, at a time when the world’s largest companies have become targets for hackers, the incident raises a conundrum: Do you really want the passwords for your most sensitive accounts stored on someone else’s servers?
For users who would rather store their passwords on their own computers there’s KeePass, which encrypts your passwords but stores them locally rather than in the cloud. The program, which is free, also integrates with your browser and can generate random passwords for your various accounts. Your passwords can be stored on a USB memory stick if you need to transport them, and the strong encryption and master password requirement means you have nothing to worry about if you lose it.
Provided you use best practices when choosing your master password, the only potential concern with this type of password manager is that a hacker could discover your master password by installing a keylogger on your machine. A type of spy software that records everything you type, keyloggers can be installed when users click links on phishing emails. As such, a password manager (whether a local storage model such as KeePass or 1Password, or a cloud-based system such as LastPass or Roboform) is most effective if used in conjunction with a strong, frequently updated antivirus software.
At the end of the day, which password manager you choose comes down to which you find most intuitive and easy to use. As long as your passwords are randomly generated, the master password is difficult to crack, your home computer is free of spying software and you’re smart about not clicking on strange links, each will provide loads more password security than a sticky note on your monitor.
—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at BankingMyWay.com.