Having unique, complicated passwords for each of your accounts is an essential element of online security. However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you. These companies, however, are tempting targets for identity thieves. In January of 2023, I told you about a data breach at the password manager company LastPass that suffered a data breach in which 33 million people had much personal information stolen that could lead to identity theft.
Now we have learned that a phony app calling itself “LassPass Password Manager” (notice the slight misspelling of the first word) has been found in the Apple App Store in an obvious attempt to lure people looking for LastPass into downloading it and providing their various passwords putting them in serious danger of identity theft. The first rule in avoiding malware infected apps is to only get your apps from the Google and Apple official app stores. Both of these do their best to weed out malicious apps. However, as proven by the bogus LastPass Password Manager app being available in the Apple App Store, you can’t expect the app stores to be 100% safe. Last year Apple reported that it rejected 1.7 million app submissions and Google indicated that it banned 173,000 developer accounts from Google Play. However, catching malicious apps is like a game of whack-a-mole. As soon as you stop one malicious app, another pops up. In the past clever scammers would submit apps without malware that they then would update with malware later after the app had already been vetted by Apple or Google.
In 2018 researchers at Aalto University and the University of Helsinki discovered security flaws affecting the technology used by all of the password managers. The researchers disclosed their findings to the affected companies which took steps to remedy the problem, but the bottom line is that while using a password manager is helpful, it will always be a target of hackers and you may be more comfortable using unique, complex passwords for each account that you can readily remember without using a password manager. This is not as difficult as it sounds as you will read below.
TIPS
Along with only getting your apps from the official App Store and Google Play, you should also carefully read reviews of the apps, but even there you need to be a bit skeptical because scammers often will submit phony positive reviews.. In the case of LassPass Password Manger, a close reading of the app’s description contained telltale misspellings and only had one rating.
If you are interested in using a password manager, here is a link to an article from PC magazine that compares many of the legitimate password managers available to you. https://www.pcmag.com/picks/the-best-password-managers
If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. You also should use dual factor authentication so that even if someone were to gain access to your password manager master password, your password manager account could not be accessed.
However, if you would like to use the helping hand you find at the end of your own arm and generate unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords that has capital letters, small letters and a symbol, add a few symbols at the end so it may read IDon’tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”
#passwordmanager #lasspasspasswordmanager #lastpass