The recent OneLogin breach is very serious. When a password manager gets hacked, it's not as though you only have your user login and password to worry about. Password managers store more than just basic password information. They include login information, identity, credit card, health information and more. Cloud service providers use these password managers. So, with the OneLogin breach, it's not just their passwords that are on the line, it is all of their clients information. (Including yours if you have a service provider that uses them)
It seems like there is no one immune to a hack. It's just a matter of time.
How much trust should we place in password managers to store this information?
What companies can we trust out there?
Here's what you can do to protect yourself:
- Use a password manager, but only one that offers two-factor authentication AND encrypts data locally (e.g. Lastpass)
- Select Cloud Service Providers and Managed IT Support with a Cybersecurity plan that uses two-factor authentication AND encrypts data locally
- Ensure that your IT partners have Cybersecurity and Data breach insurance
Password managers are a great tool to protect yourself and your company. It is technology that protects your purpose. Remember, there is no way to be 100% secure online. If you store information online, it may become public someday.