Popular password management service LastPass revealed in a December 23 statement that it had been on the receiving end of a major hack last August. As a result, miscreants were able to make their way into several encrypted passwords, which could potentially be cracked through a technique called ‘brute force guessing,’ giving them access to sensitive consumer data.
When the incident initially came to light, a representative for LastPass tried to brush off the matter, stating that the attacker could only obtain peripheral technical information and not any private customer data. However, after a lengthy investigation into the matter, it was discovered that the hacker had used the info to gain access to an employee’s device, which then provided the individual(s) access to a plethora of customer data stored in a cloud storage system.
Due to this, unencrypted client metadata was revealed to the attacker, including employer names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses of customers who had accessed LastPass. Some customers’ encrypted vaults containing website passwords were also stolen.
Enter Web3
The exploitation of password managers such as LastPass has triggered a longstanding claim among Web3 developers that the traditional username and password login systems are not entirely secure and, therefore, should be replaced by blockchain-based data privacy systems.
To elaborate, advocates for Web3 security systems have repeatedly noted that traditional password-based login systems are vulnerable since they rely on hashed passcodes stored on cloud servers. If these hashes are breached, they can be decoded, and a single stolen password can compromise all accounts that use the same password.
In this regard, Web3 applications like ShareRing offer an alternative solution allowing users to access a decentralized platform that changes how individuals’ data — such as passwords — is shared across various online applications. The offering allows users to come up with their personal decentralized identities (DID), giving them complete control over their data.
To elaborate, ShareRing’s upcoming new feature within its popular ShareRing Vault module allows people to store usernames and passwords without any risk. In fact, all of the data stored in this ‘Password Manager’ is directly encrypted to the user’s ShareRing Vault private key instead of being stored on the cloud. As a result, it is accessible only to the ShareRing ID holder. Providing his thoughts on the LastPass hack, ShareRing CEO Tim Bos opined:
“The company has tried convincing customers that their login information is safe. Security experts disagree. An article by security researcher Wladimir Palant criticizes the company for lack of transparency. He points out the company has long-ignored calls to encrypt data such as URLs, meaning it is now difficult to trust the firm going forward. There are numerous security issues with cloud-based password managers such as LastPass. One of the most significant issues is where users’ encryption keys are stored and how well the firm secures this environment.”
Looking Ahead
While it is easy to criticize projects like LastPass, the fact of the matter remains that password managers have become extremely important in today’s day and age. This is because they allow users to remember extremely strong and unique passwords for every login detail that they may have.
However, with issues of password theft and other similar data breaches on the rise, it is important to harness the power of newer Web3 solutions that are able to keep consumer information absolutely safe thanks to their non-local design/operational frameworks. To this point, ShareRing’s password manager works across web2 and web3 applications while leveraging decentralized storage to keep its users’ information 100% secure.
Therefore, as we head into a future driven by Web3 technologies, it is of utmost importance that individuals across the globe continue to educate themselves about the downsides of storing their sensitive data on centralized servers, thus allowing them to harness the potential of the blockchain ecosystem truly.