We used it in the days when computers entered every home. with 123456789 And with QWERTY The reason why we ditch our passwords and switch to new passwords that are quite complicated in comparison is cybersecurity They had concerns. Every day more and more website and app Since it became available, the number of passwords we have to remember increases.

That’s why most of us use the same/similar password everywhere or have to keep many different passwords in our minds. However, when some applications ask us to change the password periodically, everything can turn upside down. For this reason and because the number of passwords is increasing, many people use it password manager He is unsure whether to use it or not.

The most basic question: what is this password manager?

Password managers; They are digital safes in which you can store information such as address, telephone number and bank card in addition to your password. Your password and address details are stored in this safe, which contains your passwords, if you want to log in somewhere. automatically It makes filling out easier.

Whenever you want to make a purchase, you use your wallet. take out your card You can transfer your card details without having to enter the numbers. While this all sounds good, we have to enter one of these applications where we enter our data. cyber attackers Imagine achieving it. Can’t these people, who only have access to one application, easily get all our passwords?

Without getting confused, let’s explain why this is extremely difficult.

Avoid these password managers because they are so common. LastPass Let’s take it as a basis. To save your passwords here, first create a LastPass account and create a password for this account. Master password You decide. This is of course different from the password you use for, for example, the Webtekno membership.

When you create your account plugin or app As a password manager, it asks for permission to store your user information on the sites you visit. This way your data will be placed in your private vault. Then google automatic form filling LastPass can take over the function.

Because LastPass itself is a cloud-based service, your LastPass Vault contains your passwords On LastPass servers hide. How is safety guaranteed here?

To access your password vault, first create a key to open it. To do this, first enter your master password. After the verification step, your master password and email address will be sent to you with the latest updates. from 600,000 combinations pass one safe key It creates.

After this, all you need to do is access our vault on the server. For this, the password is formed by combining our email address and password 600,000 times, entered again in 600,000 combinations with our master password and sent to the vault on the server. without seeing our master password He realizes that we are the ones trying to gain access to the vault.

This gives us one verification and one safe key. verification key to the vault on the server Although the safe key gives us access, it also allows us to open it. To ensure the security of both keys, your master password must be strong.

In other words, while a key you create opens a key that leads to the safe, the other key you create alongside it helps you open that safe.

And you must first enter the password required to create this key. LastPass You don’t forward it to password managers like. Therefore, even if a copy of your vault is compromised, as we will discuss shortly, it is virtually impossible to open it. “AlmostThe ‘part is important at this point.

“So can we trust them now?” While the question comes down to a personal decision, we would like to address the unfortunate events that LastPass has recently experienced.

LastPass at different times last year exposed to cyber attacks. As a result, information such as the names of the websites where the passwords were registered, billing addresses, telephone numbers and IP addresses fell into the hands of the attackers. In addition, secure backups of users were also seized. These include both unencrypted website addresses and username and passwords It contained coded information such as.

But we said that LastPass doesn’t know our master password and vaults can only be opened this way. The company also included this in its statement. However, the attackers are still using these safes. with brute force and phishing methods The company stated that they can try to open it and advised people, especially those with a weak master password, to change their saved passwords.

LastPass’s parent company launched last January Go tounder the umbrella of the company, of the attacks in question Other services are also affected explained. However, this time it was announced that some usernames, encrypted passwords and two-step verification settings had also been leaked, albeit not completely. While this in itself does not mean that the accounts have been completely leaked, it does mean that the phone numbers, addresses and emails are in the hands of the attackers.

This means they can more easily reach people whose information has been seized.

Regarding this issue, which continues to have an impact, we recently learned that several people’s crypto wallets have been emptied.

Affected by LastPass data breach, data based on October 25 25 people cryptocurrency wallet was infiltrated and in total $4.4 million theft has been committed. According to Metamask and ZachXBT, a total of 80 cryptocurrency wallets were affected by the attack. As a result, more or less $35 million money was stolen.

But how did the company that provides us with so much safety come under so much fire?

During the first attack on August 12 software developer Inconsistent movements were observed on an employee’s device. Developer Resources When it was realized that the accessing computer had been compromised, access to the resources was cut off. The attacker, who gained access to the development environment by hiding his location with a VPN, obtained that employee’s domain information and two-factor authentication. Only source codes were seized in this attack.

The second attack, which involved data backups from the cloud environment, was a follow-up to the first. The attacker, who wants to gain access to the information he has obtained, needs one of the 4 developers who have the necessary key. He installed a keylogger on his PC at home.. This way, when the developer entered the password, the attacker also learned the password. This is how the leak situation broke out, the consequences of which we are still seeing today.

Should we trust them or not?

How these cloud-based applications work LastPass We have explained it to you using an example. Even if such an incident had not occurred, we recommend that you do not entrust your most valuable passwords to different places, and we can still say that this makes more sense. As soon as the vulnerabilities in question arise, developers close that gap. But that doesn’t change the fact that password managers are still fundamentally more secure.

As a result, even if your account has been accessed, the combination of the password you provided must be known in order to view the passwords. Therefore, it is our duty to leave the final decision to you after providing information on this matter.