Eric Butterfield
Writer, Editor, Copywriter
Another Broken Promise in the Digital Age
The LastPass hack shows, yet again, that convenience and online security are incompatible
By Eric Butterfield
January 11, 2023
The Digital Age makes a lot of promises. But even at the dawn of the year 2023, too much of our online information falls victim to hackers. When so much of our commerce, communication and socializing is performed on internet-connected devices, our personal information is just out there, flapping in the wind.
The latest compromise is a good case in point. This time, the victim was LastPass, the universal password protection service. On December 22, 2022, the company announced that a hacker had accessed its cloud-based storage and thus could possibly gain access to the encrypted password vaults. On a good note, actually getting the passwords in the vault still requires the master password (which isn't stored by LastPass). So, the hacker would have to dupe a LastPass customer into handing over their master password.
Still, if a hacker fools someone into thinking they are communicating with a legitimate business and thus hands over a password or financial information, it wouldn't be the first time. Yesterday I received just such a phishing attempt in a text message of the same vein—purportedly from the US Postal Service. The text referred to a package delivery (of which there was none that particular day).
I've also been the target of an online blackmail attempt. The email included one of my passwords, proving my information had been compromised somewhere. The email threatened to use its hack to wreak further havoc on my life. If that password could be compromised, why not the supposedly secure password vault stored by LastPass? This all just proves how vulnerable any password really is—much less any information stored online. Who can you trust with your passwords?
I fail to understand the level of trust many people have placed in companies that store their personal data—much less all of their passwords. Perhaps I'm just biased by bad experience: In just a handful of years, I was notified of four data breaches containing my information. Three of those data hacks were of a health care company—the most personal of personal information. I received a free year of credit monitoring service for each of those data base breaches. The fourth hack was of my mortgage company. What gives? In the aftermath of that series of failures, when I looked at LastPass, I gave the idea of a single point of failure, well, a big pass.
When I described my basic distrust in the protection or ethical use of my personal data by companies that collect and store it, a friend quipped with a chuckle, "Paranoid much?"
But given the track record, I don't consider myself paranoid. Cautious, yes. Trust in the Age of Big Tech is more complex than just choosing to look through rose-tinted glasses or a grimy pair of dystopian shades. I believe in the power of technology to solve problems and make life easier and possibly more engaging or exciting. Possibly. But when it doesn't, when that promise is broken, we're idiots if we don't adjust our expectations.
When considering the purported convenience of LastPass, I weighed two simple things: The inconvenience of manually entering passwords against the risk of having all my passwords stored in a single theft-prone repository. I mean, talk about a big, fat target to make hackers salivate—all the passwords! I decided that the annoyance of entering passwords wasn't so bad. Yes, the task is frustratingly outside the power of my memory, but at least I give it a shot. I like to think of it as my free bonus New York Times Wordle or spelling bee. Besides, is the convenience of shedding a memory task really worth handing the key to your digital kingdom to an unskilled doorman who might be prone to taking a nap on the job?
After this big hack of LastPass (the gatekeeper of all the gates' keys), I feel even better about my efforts to keep my information offline—and not paranoid at all. I gladly embrace my choice to manually enter every password I own. After all, you can't truly own what you've already given away.