Latest news with #LastPass
Geeky Gadgets
3 days ago
- Business
- Geeky Gadgets
Why Cloud Password Managers Keep Failing and Safer Alternatives in 2025
What if the very tools you trust to protect your digital life are the ones putting it at risk? Over the past decade, cloud-based password managers have become the go-to solution for millions, promising seamless access and convenience. Yet, time and again, these centralized platforms have fallen victim to devastating breaches, exposing sensitive user data to cybercriminals. From high-profile hacks of services like LastPass to the unsettling reality of data mining and third-party tracking, the cracks in their armor are impossible to ignore. In a world where privacy feels increasingly out of reach, the question looms: is the convenience of the cloud worth the cost to your security? In this guide Sam Bent, explores why centralized password managers keep failing—and why local, open source solutions like KeePass and KeePassXC are emerging as the smarter, safer alternative. You'll discover how these tools bypass the vulnerabilities of cloud storage, offering unparalleled control over your sensitive information. With robust encryption, transparency through open source auditing, and the ability to keep your data offline, KeePass doesn't just protect your passwords—it enables you to reclaim your digital privacy. As we delve into the risks of cloud-based services and the advantages of local management, you might find yourself questioning the status quo and rethinking how you safeguard your most critical information. Local Password Managers: Superior Security Cloud-Based Password Managers: Persistent Security and Privacy Risks Cloud-based password managers rely on centralized servers to store sensitive user data, making them attractive targets for cybercriminals. Over the years, high-profile breaches involving services like LastPass, Norton LifeLock, and OneLogin have exposed the inherent risks of this model. These breaches often stem from compromised employee credentials, supply chain vulnerabilities, or inadequate network defenses, leaving user data vulnerable to exploitation. Beyond the immediate threat of breaches, privacy concerns loom large. Many cloud-based services engage in practices such as data mining, user tracking, or sharing information with third parties, including government entities. These activities not only erode user trust but also increase the likelihood of sensitive data being misused or exposed to unauthorized parties. Why Local Open source Password Managers Are Superior Local password managers like KeePass and KeePassXC eliminate the risks associated with cloud storage by keeping your data offline. This approach ensures that your sensitive information remains under your control, free from the vulnerabilities of centralized servers. Additionally, their open source nature allows independent experts to audit the software, making sure that any potential vulnerabilities are quickly identified and resolved. This transparency fosters trust and enhances the overall security of the platform. These tools employ robust encryption algorithms, such as AES-256, Argon2, and ChaCha20, to protect your data from unauthorized access. Unlike cloud-based solutions, local password managers do not rely on corporate assurances or third-party servers, giving you complete autonomy over your digital security. Why Centralized Password Managers Keep Failing! Watch this video on YouTube. Explore further guides and articles from our vast library that you may find relevant to your interests in password managers. Key Features and Benefits of KeePass and KeePassXC KeePass and KeePassXC are designed with security as their primary focus, offering a range of features that cater to both novice and advanced users. These features include: Comprehensive database encryption: Both tools use authenticated encryption to prevent tampering and ensure the integrity of your data. Both tools use authenticated encryption to prevent tampering and ensure the integrity of your data. Advanced key derivation functions: Argon2 and similar methods protect against brute-force attacks, enhancing the resilience of your master password. Argon2 and similar methods protect against brute-force attacks, enhancing the resilience of your master password. Memory encryption: This feature safeguards your data from keyloggers and cold boot attacks, adding an extra layer of protection. This feature safeguards your data from keyloggers and cold boot attacks, adding an extra layer of protection. Hardware security key integration: Support for hardware keys provides enhanced security for accessing your password database. Support for hardware keys provides enhanced security for accessing your password database. Two-factor authentication (2FA): An additional layer of security ensures that even if your master password is compromised, your data remains protected. An additional layer of security ensures that even if your master password is compromised, your data remains protected. Cross-platform compatibility: KeePass and KeePassXC work seamlessly across various operating systems, making sure secure access to your passwords on different devices. KeePass and KeePassXC work seamlessly across various operating systems, making sure secure access to your passwords on different devices. User-friendly interfaces: Both tools offer intuitive designs that cater to users of all experience levels, making them accessible without compromising functionality. Privacy and Control: The Core Advantage One of the most significant advantages of KeePass and KeePassXC is their commitment to privacy. Unlike many cloud-based alternatives, these tools do not include telemetry, data mining, or forced registration. This ensures that your data remains entirely under your control, free from external interference or surveillance. Additionally, local password managers provide protection against legal demands and regulatory overreach. Since your data is stored offline, it is far less susceptible to external access or compliance with third-party requests. This autonomy allows you to maintain full control over your digital security, making sure that your sensitive information remains private and secure. Balancing Security with Practical Convenience Modern local password managers have evolved to offer convenience without compromising security. For example, you can synchronize your password database across devices using self-hosted solutions, encrypted file transfers, or secure USB drives. Features such as browser extensions, mobile apps, and biometric authentication further enhance usability, making these tools practical for everyday use. For those who need flexibility, portable versions of KeePass and KeePassXC allow you to access your passwords securely on public or work computers. This ensures that you are never locked out of your accounts, even in situations where you cannot use your primary device. Best Practices for Strengthening Password Management To maximize the security of your digital life, consider implementing the following best practices: Create a strong master password: Use a unique password with at least 15 characters, combining letters, numbers, and symbols for added complexity. Use a unique password with at least 15 characters, combining letters, numbers, and symbols for added complexity. Choose a local, open source password manager: Opt for tools like KeePass, KeePassXC, or Pass to ensure greater security and control over your data. Opt for tools like KeePass, KeePassXC, or Pass to ensure greater security and control over your data. Maintain local backups: Store encrypted backups of your password database in multiple secure locations to prevent data loss. Store encrypted backups of your password database in multiple secure locations to prevent data loss. Enable two-factor authentication: Use 2FA wherever possible, and consider hardware security keys for an additional layer of protection. Empowering Your Digital Security While cloud-based password managers may offer convenience, their vulnerabilities and privacy concerns make them a less reliable option for safeguarding sensitive information. Local open source solutions like KeePass and KeePassXC provide unparalleled security, transparency, and control, making them the ideal choice for individuals serious about protecting their digital assets. By adopting these tools and following best practices, you can take charge of your password management, making sure your data remains secure and private in an increasingly connected world. Media Credit: Sam Bent Filed Under: Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
CBS News
13-05-2025
- CBS News
How can you safely remember your passwords?
From emails to bank accounts to streaming services, it seems like everything requires a password nowadays. It can be hard to keep track of them, especially after making a new one. Here are some smart and secure steps you should take to remember your password. Having just two passwords is a low and risky amount, yet understandable given the annoyance that comes with keeping track of several of them. Has this happened to you: You make a new password, but then you forget it. So, you reset it. But soon you forget that password as well, starting painful loop of repeatedly making new passwords that you struggle to remember. "It's the number one reason that people end up creating weak passwords or reusing passwords," said Mark Sommerfeld. He's a managing partner at RYMARK IT Navigation. How can we safely remember our passwords? For Sommerfeld, the answer is simple. "The number one recommendation I would have is using a password manager app," he said. Password manager apps encrypt your passwords so that only you can access them. They also create unique passwords for all your accounts. BitWarden, Dashlane, and LastPass are the apps Sommerfeld's company recommends. Sommerfeld disagrees with the idea of using passwords that are familiar to you. "When you're trying to memorize the password, now you begin making them easier, shorter. You maybe put your birthday, your pets name, something like that," he said. By making a password easy to remember, you then make it easy to hack. Other mistakes include writing them down on a piece of paper. The paper could be lost or seen by someone else. Another bad idea is creating a digital document listing all your passwords, then storing it on your phone or computer. How can you make a strong password? Best practices include: Make it long, like 12-15 characters Use numbers, symbols, and upper/lower case letters Avoid using anything familiar in your life (pet names, sports teams, birthdates) "If somebody can look at your Facebook page and get details about you, don't use any of those details that they would be able to find about you," Sommerfeld said. Lastly, use two-factor authentication when possible, and specifically use app-based authentication. "In the case where you password gets breached, hacked, or found there is a second layer protecting that account for you," said Sommerfeld.
Yahoo
08-05-2025
- Business
- Yahoo
Impartner Champions the Next Era of Partner Leadership at Catalyst 2025
With a Focus on Leadership, Innovation, and Connection, Impartner delivers a Full-Spectrum Experience at the Partnership Leaders' Event SALT LAKE CITY, May 08, 2025--(BUSINESS WIRE)--Impartner, the global leader in partner ecosystem solutions, announces its sponsorship of Catalyst 2025, the premier event hosted by Partnership Leaders, taking place May 13–15 in Seattle, WA. As a proud returning sponsor, Impartner is bringing an immersive and elevated experience to the event, with a focus on thought leadership, wellness, and groundbreaking ecosystem technology designed to help attendees scale their programs and discover new levels of revenue growth. On Wednesday, May 14 at 10:30am PT on the Catalyst mainstage, Jessica Couto, VP of Global Channels and Alliances at LastPass and Lindsay Jensen, Senior Director of Partner Strategy and Growth at Impartner, who has been nominated for Catalyst's Partnership Champion of the Year, will co-lead the session "Designing Career Paths and Teams to Scale Partnerships." Drawing from real-world experience and organizational growth models, they'll share how to design effective partnership org structures, define multi-level career paths for partner managers, and justify headcount with ROI-backed frameworks. This session offers a clear roadmap for building and scaling high-performing partner teams, ideal for leaders looking to expand both impact and careers. In addition to the keynote, Impartner is hosting an interactive excursion for attendees and activating the Catalyst Wellness Zone, a space designed for recharging, connecting, and learning. Featuring massage chairs, healthy snacks, and opportunities for meaningful one-on-one discussions with Impartner's experts, the Wellness Zone blends networking and advanced technology. Visitors can explore Impartner's latest innovations, including News on Demand and Orchestration Studio, and see how they're reshaping partner ecosystems everywhere for greater ROI. "Catalyst is the premier gathering for those shaping the future of partnerships," said Asher Mathew, Co-Founder and CEO of Partnership Leaders. "We're proud to welcome back Impartner—a company driving real innovation in partner technology." Impartner's VP of Marketing, Trevor Burnett, echoed that sentiment, noting, "At Catalyst 2025, we're showcasing how the right solutions, team structure, and partner strategy can create massive ecosystem value. Whether you're just getting started or scaling globally, Catalyst is the place to experience what's possible." Impartner's commitment to innovation and partner engagement provides Catalyst attendees with a unique opportunity to shape the future of partnerships and lead the transformation of their ecosystems. For more information and to register, please visit Catalyst 2025. About Impartner Impartner is the fastest-growing, most awarded provider of channel management technologies, including its flagship Partner Relationship Management (PRM) and Partner Marketing Automation solutions. These tools empower organizations worldwide to effectively manage partner relationships, drive demand through partners, and accelerate revenue via indirect sales channels. For more information, visit View source version on Contacts For media inquiries, please contact: Lola Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
21-04-2025
- Business
- Forbes
Lessons From (Re)Building A Security Company From Scratch
Christofer Hoff is the Chief Secure Technology Officer of LastPass. getty I've always admired the Roman architect Vitruvius, who once said that if you're going to build something, it ought to be beautiful, strong and useful. After spending the past two and a half years building the software and platform engineering teams, as well as a new security organization, at LastPass, I've come to truly understand how right he was. I joined LastPass in 2022 as its chief secure technology officer (CSTO)—combining security and technology into one role—an opportunity I couldn't resist. The business was taking the first of many steps to spin out from its parent company and form a stand-alone company. A whole new executive team of industry veterans was at the helm, setting out to deliver on the promise of tackling the decades-long, ever-complex challenge of passwords—making them more secure and more convenient for people and organizations. This was my opportunity to integrate security by design, not just into the company's operations but throughout the entire product development life cycle. I would work alongside the leaders we had assembled to build something beautiful, strong and useful from the ground up. Three months after I joined LastPass, the company was the target of a sequenced set of two security attacks that spanned multiple months and threatened to derail everything we were working toward. But in the end, it didn't. In fact, the security incident acted as an accelerant for the people, process, technology, controls and infrastructure initiatives we already had planned to build while establishing a new company from scratch. In reflecting on this experience, I hope to offer something relatable in its honesty, strong in its lessons and useful to anyone tasked with rebuilding—not just systems, but trust. Here is how you can do it. From day one, I knew that security couldn't be a checklist—it had to be a blueprint. If you want to drive innovation while keeping trust intact, security, privacy and engineering must be tightly coupled. It's important to consciously embed security into every phase of decision-making and build the right teams around it—architecture, threat intel, governance, detection and response. We did it intentionally and with buy-in from across the company, leveraging the outcomes of decades of experience to understand where security can be a differentiator and become a business-enabler. As an example, and something unique among password manager providers, we built a dedicated threat intelligence team. With backgrounds in counterterrorism and financial services, this team monitors threats, delivers actionable insights and automates threat response to help protect our customers, data and company. It's not just a line of defense—it's a proactive, strategic asset that keeps us a step ahead. That's what it means to design with security at the core. Security and engineering won't click together on their own. You need to define how they'll collaborate—and then back it up with process, structure and, most importantly, the right people. We hired brilliant engineers from world-class companies and combined them with our existing team. The mix gave us a rare advantage: experience, new ways of working and belief in the mission. Hiring great people is step one. Step two is giving them the space, clarity and support to do their best work—especially under pressure. As a leader, your job is to make sure they know you trust them and to give them the resources they need to succeed. We built an entirely new development infrastructure in months because the team believed they could. And they were right. Transparency was our prerogative, and that's why we documented how we made LastPass secure. We have a trust center where we reflect, and we've also created a publicly available compliance center for close to real-time monitoring of LastPass systems and access to the latest certifications. We didn't just rebuild the platform; we reimagined it through the lens of the customer's experience. What did users need? Where were the friction points? What would make them feel safe, confident and in control? That's what drives decisions—from introducing stronger password recovery options and implementing secure sharing to strengthening master password protections and encrypting sensitive data fields. Through hackathons, we've started to integrate new features and functions like AI into our platforms. Under pressure, perfection is a luxury. Progress is a necessity. There were days when we moved fast because we had no other choice. But every sprint, every decision, every hard call got us closer. You need to be flexible, decisive and focused on what matters most—especially when time and attention are scarce resources. I'll never forget the conversations I had with dozens of CISOs from our customer base—internalizing their concerns and their wishes for the new LastPass. The first time a CISO asked me, 'How are you doing?', I was moved to tears. Imagine possessing such empathy and grace. This—the security and experience of the people behind our product—was our raison d'être, fueling us through every 20-hour workday. So here is my advice: Talk to your customers. Listen. Internalize what they're worried about. Let it shape your work. Then build something worthy of their trust. That's what we did. We started with a mission, built a blueprint for success and responded to adversity with momentum through our people, empowered and enabled by the support of our leadership. We've seized a once-in-a-lifetime opportunity. We have built something beautiful, strong and useful—and so can you. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
08-03-2025
- Business
- Yahoo
Ripple Co-founder's $150M XRP Heist Related to LastPass Hack: ZachXBT
A $150 million theft targeting Ripple co-founder Chris Larsen has been traced back to a security lapse involving the password manager LastPass, according to a forfeiture complaint filed by U.S. law enforcement on March 6 flagged by blockchain sleuth ZachXBT. ZachXBT shared that the complaint detailed how Larsen's private keys — or code to access one's token holdings — were stored in LastPass, the widely used password manager that suffered a major breach in 2022. At the time, hackers stole source code and technical data by compromising a developer's account. By November of that year, they used this access to infiltrate a cloud storage system, stealing encrypted customer password vaults and unencrypted metadata for an estimated 25 million users. Although 'vaults' were encrypted, weak or reused master passwords could be brute-forced, exposing stored data. Hackers exploited this vulnerability, accessing Larsen's keys and siphoning off the XRP, valued at $150 million at the time of the theft and over $600 million as of Saturday's prices. 'A forfeiture complaint filed yesterday by US law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen's wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022),' ZachXBT wrote on his Telegram channel. 'Up to this point Chris Larsen had not publicly disclosed the cause of the theft,' he added. Larsen confirmed the incident in January, where he clarified the hack affected only his personal accounts, not Ripple's corporate wallets. He is yet to publicly comment on the forfeiture notice. The fallout from the 2022 LastPass hack has been extensive and remain ongoing. In December, The Security Alliance (SEAL), a team of cybersecurity experts focused on the crypto market, estimated that crypto losses connected to the breach had touched at least $250 million as of May 2024.
