Heartbleed Havoc: 10 Passwords You Need To Change Right Now

Printer-friendly versionEmail this CRN article


The back-end servers supporting the LastPass password management service were impacted by the vulnerability, but the company said the encryption key that enables users to gain access to their password database is stored locally, meaning that the master password is not on its servers. Sensitive data is never transmitted over SSL unencrypted because it is already encrypted locally, the firm said. 

"Because other websites may not be encrypting data the way LastPass does, we recommend that LastPass users generate new passwords for their most critical sites (such as email, banking, and social networks)," the company said in an extensive blog post on the Heartbleed threat

Printer-friendly versionEmail this CRN article

Get a roundup of CRN's security coverage right to your inbox with the Security Advisor newsletter.