Hispanolistic via Getty Images Business administrators that entrusted LastPass with their organization’s login credentials have some work to do to regain a defensive posture. A monthslong cyberattack compromised most of the highly sensitive customer account data held by the password manager, with the exception of users’ master passwords, which LastPass said it doesn’t store or maintain. The exposure is broad and potentially ruinous for organizations that don’t take additional steps to protect against unauthorized enterprise account access. Access now➔ Business administrators need to assess their organization’s risk across multiple components and heed the recommendations LastPass said it shared last week in a security bulletin with about 100,000 business customers. Here’s the most high-level actions LastPass shared with its business customers in a top-down order to prioritize response (advice for individual customers can be viewed here ): Master Passwords Usernames and master passwords, which create a unique encryption key, should be at least 12 characters long, according to LastPass. The longer the master password the better, particularly when all available character sets are used. “Remember that length wins over complexity,” LastPass said. Administrators should set policies that require: A minimum character length Minimum character sets A change when reuse is […]
Click here to view original web page at www.cybersecuritydive.com
