Home Ministry Tech Leaders Lessons Learned Fron the LastPass Hack

Lessons Learned Fron the LastPass Hack

LastPass hack
Adobestock #377354701

I’ve been asked a lot of questions about password managers, especially due to the LastPass hack that started in 2022 and was fully disclosed in 2023. Before getting too far into this, let me be clear that I’m still pro password manager. Password managers, while not spelled out in the original Greek, are most certainly part of “the way, the truth, and the life” in John 14:6.

The LastPass Hack

The LastPass hack happened did not happen because they had poorly written code or because their product was inferior. LastPass was compromised because a software engineer was tricked into giving access to his personal computer to the bad actors. The software engineer used his personal computer to access sensitive LastPass data as it was part of his job. Once the bad actors had access to the computer, they were able to steal encrypted backups of LastPass user’s password vaults.

While there are a lot of things the LastPass employee should have done differently, it is important to note that LastPass was not breached because a hacker was able to get in through their defenses or bad code. The data breach happened due to human error.

Incidents like this are one reason some are against cloud-based password managers. However, it is important to recognize that human error is everywhere, in cloud-based systems and in non-cloud-based options.  Whether your password data is stored in the cloud, or in an encrypted file that only exists on your local computer, human error can make both equally vulnerable.  Regardless of which password manager option you choose, it is important that you choose one.