The numerous security breaches that took place at password manager giant LastPass in 2022 have caused serious concern among millions of customers and raised important questions about the wisdom of storing important information within web2 password managers.
LastPass dropped a bombshell in November when it announced that cybercriminals had stolen customers’ encrypted password vaults in a data breach.
The firm, which stores private data and sells itself on top-tier security measures, says hackers entered the company’s systems and looted users’ information including passwords and usernames, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.
After an investigation, LastPass later admitted that an attacker was able to access and decrypt some storage volumes after accessing a cloud-based storage environment. An article by security researcher Wladimir Palant criticises the company for lack of transparency. He points out the company has long-ignored calls to encrypt data such as URLs, making it difficult to trust the firm going forward.
There are numerous security issues with cloud-based password managers such as LastPass. One of the most significant issues is where users’ encryption keys are stored and how well the firm secures this environment. With centralised storage, these decisions are out of the users’ hands. At ShareRing, we want to put people back in control of their data by removing centralised storage from the equation. See: centralised KYC honeypot problem.
Do I need a password manager
Yes. The number of passwords we need to utilise and call upon is constantly increasing. At the same time, the number of threat actors trying to hack into your accounts is also growing. In other words, “123456” and “password” (the two most common passwords on the internet) do not cut it anymore.
Password managers help store your passwords securely, so you do not need to remember them. It also means you can maintain extremely strong and unique passwords for every login you need to authenticate. This is convenient and makes your online presence far less vulnerable to attacks. The problem is choosing a password manager that you can trust.
ShareRing Password Manager, a new feature inside Vault
ShareRing has an upcoming new feature in the ShareRing Vault that lets you store your usernames and passwords without risk. See: the three verification levels inside the ShareRing Vault.
Our new Password Manager works across web2 and web3 applications while leveraging decentralised storage to keep your information secure. Unlike web2 solutions like LastPass where data is stored in the cloud, the ShareRing Password Manager cannot be compromised by cybercriminals. Your data is encrypted against your ShareRing Vault private key. Never stored in the cloud. You are the only person who can ever access it.
To use ShareRing Password Manager, click on the web extension while using a web browser. The extension will activate and display a QR code. Scan the code to extract the password and username from your Vault, and authenticate your login. See: seven things that make self-sovereign identity different.
ShareRing Password Manager is now in alpha release. Visit our beta test website, scan the QR code and sign up to explore other ShareRing products in development.
Where we sit.
ShareRing has been building this technology since 2018. The encrypted Vault and self-sovereign ID model we put in the original whitepaper are the same architecture under everything we deploy today.
If you want to discuss privacy KYC at country scale, the door is open at sharering.network/contact.
By Tim Bos of ShareRing.
#PrivacyKYC #DigitalIdentity #PasswordManagement #DataBreach #ReusableKYC #Private #Secure #Verified