Tech

Tsis ntev los no LastPass Hack Showcases Web2's Security Limitations… Ntawm no yog Qhov Yuav Tsum Tau Hloov

02/22/2023
Cov Xov Xwm Bitcoin Ethereum

The Recent LastPass hack showcases Web2’s security limitations… Here’s what needs to change

advertisement


 

 

Nrov password tswj kev pabcuam LastPass tau tshaj tawm hauv lub Kaum Ob Hlis 23 daim ntawv qhia tias nws tau nyob rau ntawm qhov kawg ntawm qhov kev hack loj kawg lub Yim Hli. Raws li qhov tshwm sim, cov neeg tsis ncaj ncees tuaj yeem ua rau lawv txoj hauv kev mus rau ntau tus lej zais zais, uas tuaj yeem cuam tshuam los ntawm cov txheej txheem hu ua 'brute force guessing,' muab lawv nkag mus rau cov ntaub ntawv rhiab rau cov neeg siv khoom.

duab

Thaum qhov xwm txheej pib tshwm sim, tus neeg sawv cev rau LastPass tau sim tshem tawm qhov teeb meem, hais tias tus neeg tawm tsam tsuas tuaj yeem tau txais cov ntaub ntawv qhia txog kev siv hluav taws xob thiab tsis muaj cov ntaub ntawv ntiag tug ntawm cov neeg siv khoom. Txawm li cas los xij, tom qab kev tshawb fawb ntev txog qhov teeb meem, nws tau pom tias tus neeg nyiag khoom tau siv cov ntaub ntawv kom nkag mus rau tus neeg ua haujlwm lub cuab yeej, uas tom qab ntawd muab tus neeg siv nkag mus rau ntau ntau ntawm cov neeg siv khoom cov ntaub ntawv khaws cia hauv huab cia.

Vim li no, cov neeg siv tsis tau encrypted metadata tau tshwm sim rau tus neeg tawm tsam, suav nrog cov npe chaw ua haujlwm, cov npe neeg siv kawg, chaw them nqi, email chaw nyob, xov tooj, thiab IP chaw nyob ntawm cov neeg siv khoom uas tau nkag mus LastPass. Qee cov neeg siv khoom encrypted vaults uas muaj lub vev xaib passwords kuj raug nyiag lawm.

Nkag mus rau Web3

Kev siv tus neeg saib xyuas tus password xws li LastPass tau ua rau muaj kev thov ntev ntev ntawm Web3 cov neeg tsim tawm tias cov npe siv ib txwm siv thiab tus password nkag mus tsis muaj kev nyab xeeb kiag li thiab, yog li ntawd, yuav tsum tau hloov los ntawm blockchain-raws li cov ntaub ntawv ntiag tug.

Txhawm rau nthuav dav, cov neeg tawm tswv yim rau Web3 kev ruaj ntseg tshuab tau rov hais dua tias cov txheej txheem kev siv tus password-raws li kev nkag mus tau yooj yim vim lawv vam khom cov passcodes khaws cia ntawm huab servers. Yog tias cov hashs no raug ua txhaum cai, lawv tuaj yeem txiav txim siab, thiab ib tus password raug nyiag tuaj yeem cuam tshuam tag nrho cov nyiaj uas siv tib lo lus zais.

advertisement


 

 

Hauv qhov no, Web3 daim ntawv thov nyiam ShareRing muab lwm txoj kev daws teeb meem uas tso cai rau cov neeg siv nkag mus rau lub platform decentralized uas hloov pauv cov ntaub ntawv tib neeg li cas - xws li lo lus zais - tau muab faib rau ntau yam kev siv online. Qhov kev muab tso cai rau cov neeg siv tuaj nrog lawv tus kheej decentralized tus kheej (DID), muab kev tswj kom tiav lawv cov ntaub ntawv.

Txhawm rau nthuav dav, ShareRing qhov tshiab yuav los tom ntej hauv nws qhov nrov ShareRing Vault module tso cai rau tib neeg khaws cov npe siv thiab passwords yam tsis muaj kev pheej hmoo. Qhov tseeb, tag nrho cov ntaub ntawv khaws cia hauv qhov 'Password Manager' yog ncaj qha nkag mus rau tus neeg siv ShareRing Vault tus yuam sij ntiag tug es tsis txhob muab khaws cia rau hauv huab. Yog li ntawd, nws tsuas yog siv tau rau tus tuav ShareRing ID. Muab nws txoj kev xav ntawm LastPass hack, ShareRing CEO Tim Bos opined:

"Lub tuam txhab tau sim ntxias cov neeg siv khoom tias lawv cov ntaub ntawv nkag mus tau zoo. Cov kws paub txog kev ruaj ntseg tsis pom zoo. Ib tsab xov xwm los ntawm tus kws tshawb fawb txog kev ruaj ntseg Wladimir Palant thuam lub tuam txhab rau qhov tsis muaj qhov pom tseeb. Nws taw qhia tias lub tuam txhab tau ntev-tsis quav ntsej hu rau encrypt cov ntaub ntawv xws li URLs, txhais tau hais tias tam sim no nws nyuaj rau ntseeg lub tuam txhab mus tom ntej. Muaj ntau yam teeb meem kev nyab xeeb nrog huab-raws li tus password tswj xws li LastPass. Ib qho teeb meem tseem ceeb tshaj plaws yog qhov uas cov neeg siv cov yuam sij encryption khaws cia thiab qhov chaw ruaj ntseg zoo li cas rau ib puag ncig no. "

Nrhiav ntej

Txawm hais tias nws yooj yim rau kev thuam cov haujlwm xws li LastPass, qhov tseeb ntawm qhov teeb meem tseem yog tus tswj hwm tus password tau dhau los ua qhov tseem ceeb hauv hnub no thiab hnub nyoog. Qhov no yog vim lawv tso cai rau cov neeg siv nco ntsoov cov passwords muaj zog heev thiab tshwj xeeb rau txhua qhov kev nkag mus kom paub meej tias lawv yuav muaj.

Txawm li cas los xij, nrog cov teeb meem ntawm kev nyiag tus password thiab lwm cov ntaub ntawv zoo sib xws ntawm kev nce siab, nws yog ib qho tseem ceeb kom siv lub zog ntawm cov kev daws teeb meem tshiab Web3 uas muaj peev xwm khaws cov ntaub ntawv rau cov neeg siv khoom muaj kev nyab xeeb ua tsaug rau lawv cov qauv tsim / kev ua haujlwm tsis yog hauv zos. Txog rau qhov no, ShareRing tus password tus thawj tswj ua haujlwm thoob plaws web2 thiab web3 daim ntawv thov thaum leveraging decentralized cia kom nws cov neeg siv cov ntaub ntawv 100% ruaj ntseg. 

Yog li ntawd, thaum peb mus rau yav tom ntej uas tau tsav los ntawm Web3 thev naus laus zis, nws yog qhov tseem ceeb tshaj plaws uas cov tib neeg thoob plaws ntiaj teb txuas ntxiv qhia lawv tus kheej txog qhov tsis zoo ntawm kev khaws lawv cov ntaub ntawv rhiab ntawm cov servers hauv nruab nrab, yog li tso cai rau lawv siv lub peev xwm ntawm blockchain ecosystem. tiag tiag.

Tau qhov twg los: https://zycrypto.com/the-recent-lastpass-hack-showcases-web2s-security-limitations-heres-what-needs-to-change/