The Last LastPass Article You’ll Need To Read
As it finally begins to dawn on consumers that even password management solutions like LastPass are fallible, there has been a lot of cybersecurity and safety advice offered online and off, but none that has addressed the actual elephant in the room: passwords do not work.
In November 2022, LastPass suffered a second data breach of that year, with the company notifying customers that “certain elements” of a “third-party cloud storage device” were compromised. That’s corporate talk for “we were hacked and our users’ login credentials and related accounts are potentially at risk.”
It's a precautionary tale of cybersecurity sins that we keep getting told, even now by those businesses who offer to protect our information. Not even Microsoft was immune to being compromised in 2022, and besides numerous other companies and industries suffering the same fate, there were entire nations held to ransom by simple phishing scams and malware.
In the specific case of LastPass, the consensus now seems to be that users should feverishly change every password they have ever used, including those for banking, email, social media, and eCommerce sites that store credit card information. All of them.
And, honestly, if you were using or have ever used LastPass (whether you “deleted” your account or not) changing your passwords is probably something you should do immediately, given the uncertainty around what information was breached during the most recent LastPass hack – the company are keeping the exact details very, very close to their chest.
However, even after changing all passwords, users remain at risk of future breaches. And while multi-factor authentication is sort of a step in the right direction, the majority of people seem to shy away from implementing another layer of security, while others just don’t know how to.
This is why companies are turning to passwordless technology, specifically "True Passwordless" methods that do not rely on any form of secret, pin or security question.
True passwordless technology eliminates the need to remember and manage passwords, and makes it much more difficult for attackers to gain unauthorised access. It also improves the user experience by eliminating the need to remember and enter multiple complex passwords.
The issue comes from the fact that solutions like LastPass are merely password managers, which store users' login credentials and other sensitive information in an encrypted format. Sounds safe, right? Well, no, not really. As seen, LastPass are not immune to being hacked. The attackers potentially gained access to a large number of login credentials, putting users at risk of having their accounts compromised.
Users themselves may also be tricked into providing their LastPass login credentials to a phishing website - it happens thousands of times a year. Users may also simply forget their master password, lose their device, or inadvertently share their login credentials with someone else, putting their accounts at risk.
Human error is the big one here, though, accounting for an estimated 80% of all cybersecurity breaches in 2022. Eighty. Percent.
And that is why so many companies have started taking notice of passwordless technology, and to be more specific, “True Passwordless”.
Passwordless technology refers to authentication methods that do not rely on a password, but still require some form of secret, such as a PIN or a security question; such as using a one-time code sent to a user's phone to log in, in addition to a password. This is a form of two-factor authentication, where the one-time code serves as the second factor.
True passwordless technology, on the other hand, refers to authentication methods that do not rely on any form of secret, and instead make use of biometric authentication, such as fingerprints or facial recognition, or security tokens. In true passwordless technology, the user's identity is verified through a physical characteristic or possession, rather than something the user knows.
One of the main benefits of True Passwordless technology is that it reduces the risk of security breaches caused by weak or stolen passwords, or those given up by password management companies. By removing the need for a password, true passwordless technology eliminates this risk, making it much more difficult for attackers to gain unauthorized access.
Another advantage of true passwordless technology is that it makes the login process more convenient for users. Remembering multiple complex passwords can be a hassle and many people use the same password for multiple accounts, increasing the risk of security breaches. True passwordless technology eliminates the need to remember passwords and instead allows users to log in using methods that are easy to use and always available, such as fingerprints or facial recognition.
True passwordless technology also helps organisations comply with regulatory requirements related to multifactor authentication. By using multiple forms of authentication, true passwordless technology can meet these requirements in a secure and convenient way. Furthermore, providing a passwordless approach provides a more secure environment, as there is no need to store any sensitive information that could be compromised.
In short, True Passwordless technology is a more secure and convenient alternative to traditional password-based solutions like LastPass. As more organisations and individuals become aware of the benefits of true passwordless technology, it's likely that it will replace traditional solutions as the new standard for authentication. With its ability to improve security, simplify user experience and provide enhanced compliance, it's a solution that should be evaluated as a part of the cybersecurity strategy of any business today.