Latest news with #LastPass
Business Wire
04-08-2025
- Business
- Business Wire
At Black Hat 2025, LastPass Debuts SaaS Protect to Help Small and Mid-Sized Businesses Stop Employees from Using Unapproved SaaS and AI Apps and Weak Credentials
BOSTON--(BUSINESS WIRE)-- LastPass, a global leader in password and identity management trusted by over 100,000 businesses worldwide, today unveiled SaaS Protect at Black Hat 2025. Building on the company's existing SaaS Monitoring capabilities, SaaS Protect introduces a robust set of policy enforcements that enable organizations to move from passive visibility into proactive access control. With features including customizable SaaS app policies, credential risk detection, and real-time enforcement reporting, SaaS Protect empowers IT and security teams to address Shadow IT and Shadow AI and credential misuse with speed, precision, and confidence. Building on the company's existing SaaS Monitoring capabilities, SaaS Protect introduces a robust set of policy enforcements that enable organizations to move from passive visibility into proactive access control. Share Business benefits include: Real-time SaaS governance: Quickly restrict access to unsanctioned or high-risk SaaS apps and guide user behavior with custom warnings. Audit-ready compliance: Generate governance reports with SOC 2 and other compliance frameworks in mind. SaaS cost optimization: Identify duplicate or over-licensed apps to help reduce spend and tech sprawl. SaaS Protect is now available in beta to current LastPass Business and Business Max customers and will be included at no additional cost in the Business Max bundle. The feature is being showcased live at Black Hat 2025, with general availability expected in early Fall. SaaS Sprawl is putting small and mid-sized businesses at elevated risk According to Zylo, small and mid-sized businesses now use an average of 275 known SaaS applications, but IT teams oversee just 26% of that spend, with the rest driven by business units and individual employees. In addition, recent studies show organizations may be using 10 times more SaaS apps than they realize, with Shadow IT and Shadow AI tools pushing the actual footprint to hundreds of applications. This mix of sanctioned and unsanctioned tools creates a sprawling, fragmented attack surface that most smaller organizations lack the resources to monitor or secure. Alarmingly, around 78% of users reuse the same password across multiple accounts, and when those reused or weak credentials tie back to unmanaged apps, credential risk can skyrocket. IT can't protect what they don't know exists, leaving sensitive data exposed, compliance at risk, and productivity strained by fragmented access and limited support. 'Small and mid-sized businesses are facing a perfect storm of complexity: unknown risks living within unknown apps and AI services,' said Don MacLennan, Chief Product Officer at LastPass. 'We built SaaS Protect to turn that chaos into clarity. It's designed specifically for resource-constrained businesses that need visibility, policy enforcement, and credential protection without adding operational overhead.' Transforming visibility to action Launched in May 2025, LastPass SaaS Monitoring gave organizations and LastPass Partners a consolidated view of application usage and credential hygiene. But visibility alone isn't enough. With 75% of employees expected to use unauthorized tech by 2027, businesses need a way to intervene quickly and confidently. That's where SaaS Protect comes in. Building on the foundation of SaaS Monitoring, SaaS Protect gives businesses the ability to act on how tools are being used, spot risky behavior, and make informed decisions about which apps to allow, restrict, or retire. All of this happens without disrupting the workforce. No device agents. No heavy deployments. The feature operates via the browser extension on employee devices, with activity data and policy enforcement results populating directly in the admin console. Democratizing secure access experiences SaaS Monitoring and SaaS Protect are part of the broader Secure Access Experiences approach from LastPass—an evolving framework that unifies visibility, credential hygiene, and access control into one intuitive experience. It's built for organizations that need to move fast, stay secure, and manage access based on their own policies—not just passwords. SaaS Protect will be generally available in late August 2025. Visit LastPass at Black Hat Las Vegas, Booth 5311, August 4–7, to learn more, or sign up for updates here. In addition, passkeys—credential-free authentication that replaces traditional passwords with biometric or device-based login—will also be available for demo at the conference and are slated for general availability in late August following an extended beta period. About LastPass LastPass is a leading identity and password manager, making it easier to log in to life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. Learn more at and follow us on LinkedIn, X, Instagram, and Facebook.
Phone Arena
31-07-2025
- Business
- Phone Arena
Dropbox Passwords is shutting down – export your data before October 28
Image Credit - FlyD on Unsplash Dropbox has just announced that Dropbox Passwords is going to be discontinued on October 28. This means, after five years, Dropbox's credential management service is ending. There will be a phased approach to the shutdown of the service, as the company says. First, the password manager will become view-only from August 28, which means you won't be able to fill in new passwords, and also, autofill features will be on September 11, the mobile app will stop working, but the browser extension will remain functional until the final phase. Basically, you have until October 28 to export your data. On October 28, Dropbox will be permanently deleting all stored passwords, usernames, and payment information from its servers. Dropbox recommends users transfer their credentials to apps like 1Password before the final end date. The company is also offering export guides on its website. According to Dropbox, this closure will allow the company to focus on enhancing features in its core products. We also know that Dropbox Passwords has faced serious competition over the years from 1Password, LastPass, and even solutions that are built-in, like Apple's, Google's, and Microsoft's. Dropbox purchased the password manager Valt back in 2019. After that, the company launched Dropbox Passwords in 2020. The service was initially available for paid subscribers, but it then expanded to all users in 2021. I personally think that this isn't too surprising. Dropbox Passwords never really took off the way some of the other services did. With so many people already using built-in options from Apple, Google, or Microsoft – or more established apps like 1Password – it was always going to be a tough space to compete in. Personally, I've been using Apple's built-in Passwords app, and it does the job well enough for me. Still, for anyone who relied on Dropbox Passwords, this change might be a bit of a hassle. At least the company is giving users time and tools to export everything safely before the shutdown.
Newsweek
08-07-2025
- Newsweek
You Might Never Need to Change Your Password Again
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Passwords have been ubiquitous to online activity since the invention of the internet, but experts told Newsweek that may not be true for much longer. Developments in artificial intelligence and new authentication systems mean that traditional passwords are rapidly being upgraded or replaced with biometric security options—something that can't be replicated. Why It Matters Most people's password etiquette falls short of where security experts say it should be. In the U.S., the most common password length is only eight to 10 characters, and a significant portion contain only lowercase letters and digits, making passwords vulnerable to brute-force attacks. Because of this, and the instant access they grant, passwords are the most desirable piece of information a hacker or a fraudster can obtain, and the bulk of scamming techniques are designed to get them, giving criminals access to devices, computer networks, or even bank accounts. The Future of Passwords For many users, entering passwords manually is already a thing of the past, with top-level password managers proving a supposedly safe way to store and enter passwords automatically. However, Subho Halder, the co-founder and CEO of security firm Appknox told Newsweek that password managers have major problems of their own, and that Multi-Factor Authentication (MFA) was one of the most reliable ways to boost the strength of any password-based security system. "Password managers are becoming more advanced but also more exposed," Halder said. "They now use zero-knowledge encryption and hardware-backed MFA, yet they remain prime targets because of what they protect. The LastPass breach showed that even encrypted vaults can become liabilities if metadata is leaked or if users don't enable MFA. Passwords have been ubiquitous to online activity but experts told Newsweek that may not be true for much longer. Passwords have been ubiquitous to online activity but experts told Newsweek that may not be true for much longer. Photo-illustration by Newsweek/Getty/Canva "Users should protect password managers the same way enterprises protect crown jewels: with MFA, encryption, regular audits and a healthy dose of paranoia. A password manager is a vault, but without a hardened door, it's still vulnerable." Kyle Kurdziolek, the vice president of security at data firm BigID, echoed this sentiment, telling Newsweek that password managers were reliable but still susceptible to traditional hacking methods. "Password managers continue to get more secure overall with most now using strong encryption, adopting zero trust architecture, and additional security controls. "But like any tool, they're only as secure as the people and systems around them. We see breaches happen when master passwords are reused or stolen through phishing, or when vulnerabilities in the software go unpatched. "The best way to protect a password manager is to use strong, unique master passwords, enable multi-factor authentication, and keep the software up to date. But it doesn't stop there. Even with a good password manager, credentials and secrets often get duplicated and hidden across code, cloud storage, or collaboration tools." Biometric Security Both experts said that biometrics, physical data like fingerprints and facial recognition that can't be easily separated from their owner, was one of the most likely ways passwords could be phased out in the near future. "We are at an inflection point, not in terms of technology but in trust and consistency," Halder said. "Passkeys, biometric authentication and token-based access are already here, but adoption is fragmented. A 2024 FIDO Alliance report showed less than 15 percent of websites currently support passkeys despite growing support from Apple and Google. "At Appknox, we consistently find that while apps may offer 'passwordless' logins like OTPs or biometrics, they often implement them insecurely, exposing users to interception, reuse or replay attacks. "So, we are not just replacing passwords, we are rebuilding the idea of access from the ground up. Until secure, passwordless authentication becomes interoperable and foolproof across platforms, passwords will persist as a legacy fallback." Kurdziolek agreed with the focus on biometrics, but said that the industry needed to take special care that the adoption process did not include any gaps or flaws in the technology. "There's real momentum behind technologies that could replace traditional passwords, like biometrics, MFA, and hardware security keys but widespread adoption is still in progress. While there is momentum behind organizations taking steps toward a passwordless future, for many, it's still years away. "Replacing passwords is just part of the solution. Secrets, credentials, and keys often remain hidden across cloud storage, code repositories, and everyday tools. Organizations need to take control of their sensitive data wherever they live so even as they move toward passwordless security, they can reduce risk and close gaps that attackers could exploit." Artificially Intelligent Passwords As with any space in tech right now, the biggest question is how AI will impact the future. When it comes to passwords, the consensus is that AI is a double-edged sword; it provides users greater tools and detection methods for security purposes, but it gives criminals and hackers those same tools as well. "It is helping both users and attackers, but right now, attackers are scaling faster," Halder told Newsweek. "AI isn't just speeding up brute-force attacks; it's decoding password patterns, auto-generating phishing content and simulating human behavior more convincingly than ever. "On the flip side, AI is helping defenders, too — from spotting credential stuffing attacks in real time to alerting users when their passwords are weak or reused. But we can't let AI be a Band-Aid. "The real leap will come when we stop relying on passwords altogether and move toward continuous, contextual authentication powered by behavior, biometrics and device identity, not just secrets." Kurdziolek was similarly cautious of AI, and said that criminals are using it to crack passwords faster and faster. "AI is reshaping the security landscape for passwords on both sides of the equation. For everyday users and defenders, AI helps detect suspicious logins, flag credential stuffing attempts faster, and power smarter passwordless authentication methods like biometrics. "But attackers are also using AI to crack passwords faster through automated brute-force attacks and to craft more convincing phishing schemes that steal credentials in the first place. "Ultimately, AI makes strong password hygiene and secrets protection even more critical. Replacing or supplementing passwords with multi-factor or passwordless authentication is a smart step but it's equally important to uncover hidden credentials and secrets that attackers could exploit."
Geeky Gadgets
03-06-2025
- Business
- Geeky Gadgets
Why Cloud Password Managers Keep Failing and Safer Alternatives in 2025
What if the very tools you trust to protect your digital life are the ones putting it at risk? Over the past decade, cloud-based password managers have become the go-to solution for millions, promising seamless access and convenience. Yet, time and again, these centralized platforms have fallen victim to devastating breaches, exposing sensitive user data to cybercriminals. From high-profile hacks of services like LastPass to the unsettling reality of data mining and third-party tracking, the cracks in their armor are impossible to ignore. In a world where privacy feels increasingly out of reach, the question looms: is the convenience of the cloud worth the cost to your security? In this guide Sam Bent, explores why centralized password managers keep failing—and why local, open source solutions like KeePass and KeePassXC are emerging as the smarter, safer alternative. You'll discover how these tools bypass the vulnerabilities of cloud storage, offering unparalleled control over your sensitive information. With robust encryption, transparency through open source auditing, and the ability to keep your data offline, KeePass doesn't just protect your passwords—it enables you to reclaim your digital privacy. As we delve into the risks of cloud-based services and the advantages of local management, you might find yourself questioning the status quo and rethinking how you safeguard your most critical information. Local Password Managers: Superior Security Cloud-Based Password Managers: Persistent Security and Privacy Risks Cloud-based password managers rely on centralized servers to store sensitive user data, making them attractive targets for cybercriminals. Over the years, high-profile breaches involving services like LastPass, Norton LifeLock, and OneLogin have exposed the inherent risks of this model. These breaches often stem from compromised employee credentials, supply chain vulnerabilities, or inadequate network defenses, leaving user data vulnerable to exploitation. Beyond the immediate threat of breaches, privacy concerns loom large. Many cloud-based services engage in practices such as data mining, user tracking, or sharing information with third parties, including government entities. These activities not only erode user trust but also increase the likelihood of sensitive data being misused or exposed to unauthorized parties. Why Local Open source Password Managers Are Superior Local password managers like KeePass and KeePassXC eliminate the risks associated with cloud storage by keeping your data offline. This approach ensures that your sensitive information remains under your control, free from the vulnerabilities of centralized servers. Additionally, their open source nature allows independent experts to audit the software, making sure that any potential vulnerabilities are quickly identified and resolved. This transparency fosters trust and enhances the overall security of the platform. These tools employ robust encryption algorithms, such as AES-256, Argon2, and ChaCha20, to protect your data from unauthorized access. Unlike cloud-based solutions, local password managers do not rely on corporate assurances or third-party servers, giving you complete autonomy over your digital security. Why Centralized Password Managers Keep Failing! Watch this video on YouTube. Explore further guides and articles from our vast library that you may find relevant to your interests in password managers. Key Features and Benefits of KeePass and KeePassXC KeePass and KeePassXC are designed with security as their primary focus, offering a range of features that cater to both novice and advanced users. These features include: Comprehensive database encryption: Both tools use authenticated encryption to prevent tampering and ensure the integrity of your data. Both tools use authenticated encryption to prevent tampering and ensure the integrity of your data. Advanced key derivation functions: Argon2 and similar methods protect against brute-force attacks, enhancing the resilience of your master password. Argon2 and similar methods protect against brute-force attacks, enhancing the resilience of your master password. Memory encryption: This feature safeguards your data from keyloggers and cold boot attacks, adding an extra layer of protection. This feature safeguards your data from keyloggers and cold boot attacks, adding an extra layer of protection. Hardware security key integration: Support for hardware keys provides enhanced security for accessing your password database. Support for hardware keys provides enhanced security for accessing your password database. Two-factor authentication (2FA): An additional layer of security ensures that even if your master password is compromised, your data remains protected. An additional layer of security ensures that even if your master password is compromised, your data remains protected. Cross-platform compatibility: KeePass and KeePassXC work seamlessly across various operating systems, making sure secure access to your passwords on different devices. KeePass and KeePassXC work seamlessly across various operating systems, making sure secure access to your passwords on different devices. User-friendly interfaces: Both tools offer intuitive designs that cater to users of all experience levels, making them accessible without compromising functionality. Privacy and Control: The Core Advantage One of the most significant advantages of KeePass and KeePassXC is their commitment to privacy. Unlike many cloud-based alternatives, these tools do not include telemetry, data mining, or forced registration. This ensures that your data remains entirely under your control, free from external interference or surveillance. Additionally, local password managers provide protection against legal demands and regulatory overreach. Since your data is stored offline, it is far less susceptible to external access or compliance with third-party requests. This autonomy allows you to maintain full control over your digital security, making sure that your sensitive information remains private and secure. Balancing Security with Practical Convenience Modern local password managers have evolved to offer convenience without compromising security. For example, you can synchronize your password database across devices using self-hosted solutions, encrypted file transfers, or secure USB drives. Features such as browser extensions, mobile apps, and biometric authentication further enhance usability, making these tools practical for everyday use. For those who need flexibility, portable versions of KeePass and KeePassXC allow you to access your passwords securely on public or work computers. This ensures that you are never locked out of your accounts, even in situations where you cannot use your primary device. Best Practices for Strengthening Password Management To maximize the security of your digital life, consider implementing the following best practices: Create a strong master password: Use a unique password with at least 15 characters, combining letters, numbers, and symbols for added complexity. Use a unique password with at least 15 characters, combining letters, numbers, and symbols for added complexity. Choose a local, open source password manager: Opt for tools like KeePass, KeePassXC, or Pass to ensure greater security and control over your data. Opt for tools like KeePass, KeePassXC, or Pass to ensure greater security and control over your data. Maintain local backups: Store encrypted backups of your password database in multiple secure locations to prevent data loss. Store encrypted backups of your password database in multiple secure locations to prevent data loss. Enable two-factor authentication: Use 2FA wherever possible, and consider hardware security keys for an additional layer of protection. Empowering Your Digital Security While cloud-based password managers may offer convenience, their vulnerabilities and privacy concerns make them a less reliable option for safeguarding sensitive information. Local open source solutions like KeePass and KeePassXC provide unparalleled security, transparency, and control, making them the ideal choice for individuals serious about protecting their digital assets. By adopting these tools and following best practices, you can take charge of your password management, making sure your data remains secure and private in an increasingly connected world. Media Credit: Sam Bent Filed Under: Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
CBS News
13-05-2025
- CBS News
How can you safely remember your passwords?
From emails to bank accounts to streaming services, it seems like everything requires a password nowadays. It can be hard to keep track of them, especially after making a new one. Here are some smart and secure steps you should take to remember your password. Having just two passwords is a low and risky amount, yet understandable given the annoyance that comes with keeping track of several of them. Has this happened to you: You make a new password, but then you forget it. So, you reset it. But soon you forget that password as well, starting painful loop of repeatedly making new passwords that you struggle to remember. "It's the number one reason that people end up creating weak passwords or reusing passwords," said Mark Sommerfeld. He's a managing partner at RYMARK IT Navigation. How can we safely remember our passwords? For Sommerfeld, the answer is simple. "The number one recommendation I would have is using a password manager app," he said. Password manager apps encrypt your passwords so that only you can access them. They also create unique passwords for all your accounts. BitWarden, Dashlane, and LastPass are the apps Sommerfeld's company recommends. Sommerfeld disagrees with the idea of using passwords that are familiar to you. "When you're trying to memorize the password, now you begin making them easier, shorter. You maybe put your birthday, your pets name, something like that," he said. By making a password easy to remember, you then make it easy to hack. Other mistakes include writing them down on a piece of paper. The paper could be lost or seen by someone else. Another bad idea is creating a digital document listing all your passwords, then storing it on your phone or computer. How can you make a strong password? Best practices include: Make it long, like 12-15 characters Use numbers, symbols, and upper/lower case letters Avoid using anything familiar in your life (pet names, sports teams, birthdates) "If somebody can look at your Facebook page and get details about you, don't use any of those details that they would be able to find about you," Sommerfeld said. Lastly, use two-factor authentication when possible, and specifically use app-based authentication. "In the case where you password gets breached, hacked, or found there is a second layer protecting that account for you," said Sommerfeld.
