Executive Summary
- Password managers are a handy way of saving time for a business, meaning employees need only remember one password – or none at all with biometric authentication.
- But recent cybersecurity breaches at big companies like LastPass have shone light on the risks of insecure password managers, leading companies to wonder if they’re really trustworthy.
- At Get Support, we’ve done our homework and have now partnered with 1Password to deliver our customers the most reliable and secure password manager on the market.
Introduction
The multitude of digital solutions available to businesses in recent years has made running a company much easier.
At the same time, using digital platforms also comes with a level of trust, specifically around data. And when it comes to security, the last line of defence is usually the humble password.
While the days of ‘opensesame’ are long gone, remembering many different passwords can be challenging, leading many businesses to use password managers. But with multiple security breaches at password management platforms, can businesses really rely on password managers in 2023?
We think so, and we’re going to explain why.
What is a password manager?
A password manager is a digital tool which helps businesses and individuals keep track of their various passwords across platforms in a secure manner.
Password managers usually use a ‘master password’ approach, often protected biometrically, meaning users don’t need to remember each individual password – but just one. In fact, with biometric options like Face ID and fingerprint scanning, even remembering one isn’t a necessity anymore.
These platforms store passwords in an encrypted format to ensure data is kept safe from cyberthreats – but there have been several high-profile examples of password manager breaches in recent years, which may lead businesses to think twice about investing in such software.
The growing list of LastPass controversies
LastPass was (note the past tense) one of the most popular password managers up until recently, when multiple security breaches have led to businesses moving away from the platform due to the security risk.
The biggest issue with LastPass is the fact that there have been multiple breaches that just seem to keep coming. If you’re not familiar with the timeline of events, here’s a short list of the breach history so far:
- In August 2022, the LastPass CEO announced that the company’s development environment had seen some “unusual activity” via a compromised developer account.
- In September 2022, LastPass announced (via updates on the same blog post listed above) that no customer data or Master Passwords had been compromised and that a forensic data team had completed their investigation and contained the breach.
- In November 2022, LastPass announced to customers that they had suffered another breach via a third-party cloud storage service. They also stated that the attacker used some of the information gleaned from the August attack to access “certain elements” of customer data”, though still claimed that no Master Passwords were compromised.
- In December 2022, the CEO once again updated customers about the breach, claiming that “some source code and technical information” had been stolen from their development environment.
- In March 2023, the most recent update, the CEO explained each breach in more detail. They revealed that, during the second incident, backups of customers’ encrypted password vaults were stolen. Not only this, but the attackers also knew which passwords the encrypted passwords were tied to, meaning they may eventually be able to access them if the user had a particularly weak master password.
Are password managers really secure?
Although data was encrypted, the LastPass breach still resulted in the theft of sensitive customer information, so it’s entirely understandable that businesses want to move their password manager provider. After all, trust has to be earned, and an inability to prevent breaches may not instil much of that.
But this also begs the question: are password managers really secure at all? Should you simply avoid using one altogether?
The security of a password manager largely depends on the implementation and the measures taken to protect user data. When reviewing password managers, businesses should look for features such as end-to-end encryption, multi-factor authentication, and regular security update – all measures we’ve promoted at Get Support for many years.
It is also important for businesses to consider the reputation and track record of the password manager provider. Look for providers that have a history of transparency, quick responses to security issues, and a commitment to user privacy. Whether or not LastPass belong in that category, we’ll leave to you…
Can your business trust a password manager in 2023?
Password managers can be a valuable tool for businesses to improve their security posture and protect sensitive information. However, like any software, there are potential risks and vulnerabilities that businesses need to be aware of when using a password manager.
When it comes down to it, a business should be able to trust a password manager if they do their due diligence in selecting a reliable and secure provider and follow best practices for password management, such as using strong, unique passwords and regularly changing them.
However, businesses should also keep in mind that no security solution is 100% fool-proof, and they should have additional layers of security in place to protect their data, such as firewalls, anti-malware software, and employee training schemes.
Get Support recommends: 1Password
Based on what we’ve explained above, it’s entirely natural for businesses to be wary of password managers – and the team here at Get Support is no exception.
Following the various security breaches and the risks presented to business customers, we recently reviewed our approach to password managers with a comprehensive review. After conducting a rigorous analysis of various independent providers, and assessing the data safeguards, we are now a proud partner of 1Password.
1Password is a trusted and reliable password manager built with safety and security in mind. It uses end-to-end encryption to protect user data, offers multi-factor authentication out of the box, and is regularly updated to ensure consistent protection against cyber security threats.
In addition to these essential features, we also chose 1Password because:
- It provides an added secret key which protects user data beyond a master password. That’s an added layer of protection compared to competing products, especially LastPass.
- 1Password is recognised across the industry for design and security diligence and is recommended by many leading cybersecurity experts.
- It is cloud-hosted, adding yet another layer of security via decentralised user data hosting.
Want to know more about 1Password or see if it’s a good fit for your business? Reach out to your Get Support account manager today for more details.